2 # Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
11 logger
= logging
.getLogger()
18 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
19 from test_ap_eap
import check_eap_capa
, check_hlr_auc_gw_support
20 from test_erp
import check_erp_capa
30 EAP_TYPE_NOTIFICATION
= 2
41 EAP_TYPE_MSCHAPV2
= 26
49 EAP_TYPE_AKA_PRIME
= 50
53 EAP_TYPE_EXPANDED
= 254
55 # Type field in EAP-Initiate and EAP-Finish messages
56 EAP_ERP_TYPE_REAUTH_START
= 1
57 EAP_ERP_TYPE_REAUTH
= 2
59 EAP_ERP_TLV_KEYNAME_NAI
= 1
60 EAP_ERP_TV_RRK_LIFETIME
= 2
61 EAP_ERP_TV_RMSK_LIFETIME
= 3
62 EAP_ERP_TLV_DOMAIN_NAME
= 4
63 EAP_ERP_TLV_CRYPTOSUITES
= 5
64 EAP_ERP_TLV_AUTHORIZATION_INDICATION
= 6
65 EAP_ERP_TLV_CALLED_STATION_ID
= 128
66 EAP_ERP_TLV_CALLING_STATION_ID
= 129
67 EAP_ERP_TLV_NAS_IDENTIFIER
= 130
68 EAP_ERP_TLV_NAS_IP_ADDRESS
= 131
69 EAP_ERP_TLV_NAS_IPV6_ADDRESS
= 132
71 def run_pyrad_server(srv
, t_stop
, eap_handler
):
72 srv
.RunWithStop(t_stop
, eap_handler
)
74 def start_radius_server(eap_handler
):
78 import pyrad
.dictionary
80 raise HwsimSkip("No pyrad modules available")
82 class TestServer(pyrad
.server
.Server
):
83 def _HandleAuthPacket(self
, pkt
):
84 pyrad
.server
.Server
._HandleAuthPacket
(self
, pkt
)
88 eap_req
= self
.eap_handler(self
.ctx
, eap
)
89 reply
= self
.CreateReplyPacket(pkt
)
92 if len(eap_req
) > 253:
93 reply
.AddAttribute("EAP-Message", eap_req
[0:253])
94 eap_req
= eap_req
[253:]
96 reply
.AddAttribute("EAP-Message", eap_req
)
99 logger
.info("No EAP request available")
100 reply
.code
= pyrad
.packet
.AccessChallenge
102 hmac_obj
= hmac
.new(reply
.secret
)
103 hmac_obj
.update(struct
.pack("B", reply
.code
))
104 hmac_obj
.update(struct
.pack("B", reply
.id))
107 reply
.AddAttribute("Message-Authenticator",
108 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
109 attrs
= reply
._PktEncodeAttributes
()
112 flen
= 4 + 16 + len(attrs
)
113 hmac_obj
.update(struct
.pack(">H", flen
))
114 hmac_obj
.update(pkt
.authenticator
)
115 hmac_obj
.update(attrs
)
117 reply
.AddAttribute("Message-Authenticator", hmac_obj
.digest())
119 self
.SendReplyPacket(pkt
.fd
, reply
)
121 def RunWithStop(self
, t_stop
, eap_handler
):
122 self
._poll
= select
.poll()
124 self
._PrepareSockets
()
126 self
.eap_handler
= eap_handler
129 while not t_stop
.is_set():
130 for (fd
, event
) in self
._poll
.poll(200):
131 if event
== select
.POLLIN
:
133 fdo
= self
._fdmap
[fd
]
134 self
._ProcessInput
(fdo
)
135 except pyrad
.server
.ServerPacketError
as err
:
136 logger
.info("pyrad server dropping packet: " + str(err
))
137 except pyrad
.packet
.PacketError
as err
:
138 logger
.info("pyrad server received invalid packet: " + str(err
))
140 logger
.error("Unexpected event in pyrad server main loop")
142 srv
= TestServer(dict=pyrad
.dictionary
.Dictionary("dictionary.radius"),
143 authport
=18138, acctport
=18139)
144 srv
.hosts
["127.0.0.1"] = pyrad
.server
.RemoteHost("127.0.0.1",
147 srv
.BindToAddress("")
148 t_stop
= threading
.Event()
149 t
= threading
.Thread(target
=run_pyrad_server
, args
=(srv
, t_stop
, eap_handler
))
152 return { 'srv': srv
, 'stop': t_stop
, 'thread': t
}
154 def stop_radius_server(srv
):
158 def start_ap(ifname
):
159 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
160 params
['auth_server_port'] = "18138"
161 hapd
= hostapd
.add_ap(ifname
, params
)
164 def test_eap_proto(dev
, apdev
):
165 """EAP protocol tests"""
166 check_eap_capa(dev
[0], "MD5")
167 def eap_handler(ctx
, req
):
168 logger
.info("eap_handler - RX " + req
.encode("hex"))
171 ctx
['num'] = ctx
['num'] + 1
174 ctx
['id'] = (ctx
['id'] + 1) % 256
178 if ctx
['num'] == idx
:
179 logger
.info("Test: MD5 challenge")
180 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
185 if ctx
['num'] == idx
:
186 logger
.info("Test: EAP-Success - id off by 2")
187 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'] + 1, 4)
190 if ctx
['num'] == idx
:
191 logger
.info("Test: MD5 challenge")
192 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
197 if ctx
['num'] == idx
:
198 logger
.info("Test: EAP-Success - id off by 3")
199 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'] + 2, 4)
202 if ctx
['num'] == idx
:
203 logger
.info("Test: MD5 challenge")
204 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
209 if ctx
['num'] == idx
:
210 logger
.info("Test: EAP-Notification/Request")
211 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
213 EAP_TYPE_NOTIFICATION
,
216 if ctx
['num'] == idx
:
217 logger
.info("Test: EAP-Success")
218 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'] - 1, 4)
221 if ctx
['num'] == idx
:
222 logger
.info("Test: EAP-Notification/Request")
223 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
225 EAP_TYPE_NOTIFICATION
,
228 if ctx
['num'] == idx
:
229 logger
.info("Test: MD5 challenge")
230 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
235 if ctx
['num'] == idx
:
236 logger
.info("Test: EAP-Success")
237 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'] - 1, 4)
240 if ctx
['num'] == idx
:
241 logger
.info("Test: EAP-Notification/Request")
242 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
244 EAP_TYPE_NOTIFICATION
,
247 if ctx
['num'] == idx
:
248 logger
.info("Test: MD5 challenge")
249 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
254 if ctx
['num'] == idx
:
255 logger
.info("Test: EAP-Notification/Request")
256 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
258 EAP_TYPE_NOTIFICATION
,
261 if ctx
['num'] == idx
:
262 logger
.info("Test: EAP-Success")
263 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'] - 1, 4)
266 if ctx
['num'] == idx
:
267 logger
.info("Test: EAP-Notification/Request")
268 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
270 EAP_TYPE_NOTIFICATION
,
273 if ctx
['num'] == idx
:
274 logger
.info("Test: EAP-Notification/Request (same id)")
275 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'] - 1,
277 EAP_TYPE_NOTIFICATION
,
280 if ctx
['num'] == idx
:
281 logger
.info("Test: Unexpected EAP-Success")
282 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'] - 2, 4)
286 srv
= start_radius_server(eap_handler
)
289 hapd
= start_ap(apdev
[0]['ifname'])
291 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
292 eap
="MD5", identity
="user", password
="password",
294 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
296 raise Exception("Timeout on EAP start")
297 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=15)
299 raise Exception("Timeout on EAP success")
300 dev
[0].request("REMOVE_NETWORK all")
302 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
303 eap
="MD5", identity
="user", password
="password",
305 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
307 raise Exception("Timeout on EAP start")
308 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=1)
310 raise Exception("Unexpected EAP success")
311 dev
[0].request("REMOVE_NETWORK all")
313 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
314 eap
="MD5", identity
="user", password
="password",
316 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
318 raise Exception("Timeout on EAP start")
319 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout
=10)
321 raise Exception("Timeout on EAP notification")
322 if ev
!= "<3>CTRL-EVENT-EAP-NOTIFICATION A":
323 raise Exception("Unexpected notification contents: " + ev
)
324 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=15)
326 raise Exception("Timeout on EAP success")
327 dev
[0].request("REMOVE_NETWORK all")
329 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
330 eap
="MD5", identity
="user", password
="password",
332 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout
=10)
334 raise Exception("Timeout on EAP notification")
335 if ev
!= "<3>CTRL-EVENT-EAP-NOTIFICATION B":
336 raise Exception("Unexpected notification contents: " + ev
)
337 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
339 raise Exception("Timeout on EAP start")
340 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=15)
342 raise Exception("Timeout on EAP success")
343 dev
[0].request("REMOVE_NETWORK all")
345 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
346 eap
="MD5", identity
="user", password
="password",
348 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout
=10)
350 raise Exception("Timeout on EAP notification")
351 if ev
!= "<3>CTRL-EVENT-EAP-NOTIFICATION C":
352 raise Exception("Unexpected notification contents: " + ev
)
353 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
355 raise Exception("Timeout on EAP start")
356 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout
=10)
358 raise Exception("Timeout on EAP notification")
359 if ev
!= "<3>CTRL-EVENT-EAP-NOTIFICATION D":
360 raise Exception("Unexpected notification contents: " + ev
)
361 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=15)
363 raise Exception("Timeout on EAP success")
364 dev
[0].request("REMOVE_NETWORK all")
366 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
367 eap
="MD5", identity
="user", password
="password",
369 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout
=10)
371 raise Exception("Timeout on EAP notification")
372 if ev
!= "<3>CTRL-EVENT-EAP-NOTIFICATION E":
373 raise Exception("Unexpected notification contents: " + ev
)
374 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout
=10)
376 raise Exception("Timeout on EAP notification")
377 if ev
!= "<3>CTRL-EVENT-EAP-NOTIFICATION F":
378 raise Exception("Unexpected notification contents: " + ev
)
379 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=15)
381 raise Exception("Timeout on EAP failure")
382 dev
[0].request("REMOVE_NETWORK all")
384 stop_radius_server(srv
)
388 EAP_SAKE_SUBTYPE_CHALLENGE
= 1
389 EAP_SAKE_SUBTYPE_CONFIRM
= 2
390 EAP_SAKE_SUBTYPE_AUTH_REJECT
= 3
391 EAP_SAKE_SUBTYPE_IDENTITY
= 4
393 EAP_SAKE_AT_RAND_S
= 1
394 EAP_SAKE_AT_RAND_P
= 2
395 EAP_SAKE_AT_MIC_S
= 3
396 EAP_SAKE_AT_MIC_P
= 4
397 EAP_SAKE_AT_SERVERID
= 5
398 EAP_SAKE_AT_PEERID
= 6
399 EAP_SAKE_AT_SPI_S
= 7
400 EAP_SAKE_AT_SPI_P
= 8
401 EAP_SAKE_AT_ANY_ID_REQ
= 9
402 EAP_SAKE_AT_PERM_ID_REQ
= 10
403 EAP_SAKE_AT_ENCR_DATA
= 128
405 EAP_SAKE_AT_PADDING
= 130
406 EAP_SAKE_AT_NEXT_TMPID
= 131
407 EAP_SAKE_AT_MSK_LIFE
= 132
409 def test_eap_proto_sake(dev
, apdev
):
410 """EAP-SAKE protocol tests"""
411 global eap_proto_sake_test_done
412 eap_proto_sake_test_done
= False
414 def sake_challenge(ctx
):
415 logger
.info("Test: Challenge subtype")
416 return struct
.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST
, ctx
['id'],
419 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CHALLENGE
,
420 EAP_SAKE_AT_RAND_S
, 18, 0, 0, 0, 0)
422 def sake_handler(ctx
, req
):
423 logger
.info("sake_handler - RX " + req
.encode("hex"))
429 ctx
['id'] = (ctx
['id'] + 1) % 256
433 if ctx
['num'] == idx
:
434 logger
.info("Test: Missing payload")
435 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'], 4 + 1,
439 if ctx
['num'] == idx
:
440 logger
.info("Test: Identity subtype without any attributes")
441 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
444 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_IDENTITY
)
447 if ctx
['num'] == idx
:
448 logger
.info("Test: Identity subtype")
449 return struct
.pack(">BBHBBBBBBH", EAP_CODE_REQUEST
, ctx
['id'],
452 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_IDENTITY
,
453 EAP_SAKE_AT_ANY_ID_REQ
, 4, 0)
455 if ctx
['num'] == idx
:
456 logger
.info("Test: Identity subtype (different session id)")
457 return struct
.pack(">BBHBBBBBBH", EAP_CODE_REQUEST
, ctx
['id'],
460 EAP_SAKE_VERSION
, 1, EAP_SAKE_SUBTYPE_IDENTITY
,
461 EAP_SAKE_AT_PERM_ID_REQ
, 4, 0)
464 if ctx
['num'] == idx
:
465 logger
.info("Test: Identity subtype with too short attribute")
466 return struct
.pack(">BBHBBBBBB", EAP_CODE_REQUEST
, ctx
['id'],
469 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_IDENTITY
,
470 EAP_SAKE_AT_ANY_ID_REQ
, 2)
473 if ctx
['num'] == idx
:
474 logger
.info("Test: Identity subtype with truncated attribute")
475 return struct
.pack(">BBHBBBBBB", EAP_CODE_REQUEST
, ctx
['id'],
478 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_IDENTITY
,
479 EAP_SAKE_AT_ANY_ID_REQ
, 4)
482 if ctx
['num'] == idx
:
483 logger
.info("Test: Identity subtype with too short attribute header")
484 payload
= struct
.pack("B", EAP_SAKE_AT_ANY_ID_REQ
)
485 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
486 4 + 1 + 3 + len(payload
),
487 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
488 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
491 if ctx
['num'] == idx
:
492 logger
.info("Test: Identity subtype with AT_IV but not AT_ENCR_DATA")
493 payload
= struct
.pack("BB", EAP_SAKE_AT_IV
, 2)
494 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
495 4 + 1 + 3 + len(payload
),
496 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
497 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
500 if ctx
['num'] == idx
:
501 logger
.info("Test: Identity subtype with skippable and non-skippable unknown attribute")
502 payload
= struct
.pack("BBBB", 255, 2, 127, 2)
503 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
504 4 + 1 + 3 + len(payload
),
505 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
506 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
509 if ctx
['num'] == idx
:
510 logger
.info("Test: Identity subtype: AT_RAND_P with invalid payload length")
511 payload
= struct
.pack("BB", EAP_SAKE_AT_RAND_P
, 2)
512 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
513 4 + 1 + 3 + len(payload
),
514 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
515 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
518 if ctx
['num'] == idx
:
519 logger
.info("Test: Identity subtype: AT_MIC_P with invalid payload length")
520 payload
= struct
.pack("BB", EAP_SAKE_AT_MIC_P
, 2)
521 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
522 4 + 1 + 3 + len(payload
),
523 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
524 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
527 if ctx
['num'] == idx
:
528 logger
.info("Test: Identity subtype: AT_PERM_ID_REQ with invalid payload length")
529 payload
= struct
.pack("BBBBBBBBBBBBBB",
530 EAP_SAKE_AT_SPI_S
, 2,
531 EAP_SAKE_AT_SPI_P
, 2,
532 EAP_SAKE_AT_ENCR_DATA
, 2,
533 EAP_SAKE_AT_NEXT_TMPID
, 2,
534 EAP_SAKE_AT_PERM_ID_REQ
, 4, 0, 0,
535 EAP_SAKE_AT_PERM_ID_REQ
, 2)
536 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
537 4 + 1 + 3 + len(payload
),
538 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
539 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
542 if ctx
['num'] == idx
:
543 logger
.info("Test: Identity subtype: AT_PADDING")
544 payload
= struct
.pack("BBBBBB",
545 EAP_SAKE_AT_PADDING
, 3, 0,
546 EAP_SAKE_AT_PADDING
, 3, 1)
547 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
548 4 + 1 + 3 + len(payload
),
549 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
550 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
553 if ctx
['num'] == idx
:
554 logger
.info("Test: Identity subtype: AT_MSK_LIFE")
555 payload
= struct
.pack(">BBLBBH",
556 EAP_SAKE_AT_MSK_LIFE
, 6, 0,
557 EAP_SAKE_AT_MSK_LIFE
, 4, 0)
558 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
559 4 + 1 + 3 + len(payload
),
560 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
561 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
564 if ctx
['num'] == idx
:
565 logger
.info("Test: Identity subtype with invalid attribute length")
566 payload
= struct
.pack("BB", EAP_SAKE_AT_ANY_ID_REQ
, 0)
567 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
568 4 + 1 + 3 + len(payload
),
569 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
570 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
573 if ctx
['num'] == idx
:
574 logger
.info("Test: Unknown subtype")
575 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
578 EAP_SAKE_VERSION
, 0, 123)
581 if ctx
['num'] == idx
:
582 logger
.info("Test: Challenge subtype without any attributes")
583 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
586 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CHALLENGE
)
589 if ctx
['num'] == idx
:
590 logger
.info("Test: Challenge subtype with too short AT_RAND_S")
591 return struct
.pack(">BBHBBBBBB", EAP_CODE_REQUEST
, ctx
['id'],
594 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CHALLENGE
,
595 EAP_SAKE_AT_RAND_S
, 2)
598 if ctx
['num'] == idx
:
599 return sake_challenge(ctx
)
601 if ctx
['num'] == idx
:
602 logger
.info("Test: Unexpected Identity subtype")
603 return struct
.pack(">BBHBBBBBBH", EAP_CODE_REQUEST
, ctx
['id'],
606 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_IDENTITY
,
607 EAP_SAKE_AT_ANY_ID_REQ
, 4, 0)
610 if ctx
['num'] == idx
:
611 return sake_challenge(ctx
)
613 if ctx
['num'] == idx
:
614 logger
.info("Test: Unexpected Challenge subtype")
615 return struct
.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST
, ctx
['id'],
618 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CHALLENGE
,
619 EAP_SAKE_AT_RAND_S
, 18, 0, 0, 0, 0)
622 if ctx
['num'] == idx
:
623 return sake_challenge(ctx
)
625 if ctx
['num'] == idx
:
626 logger
.info("Test: Confirm subtype without any attributes")
627 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
630 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CONFIRM
)
633 if ctx
['num'] == idx
:
634 return sake_challenge(ctx
)
636 if ctx
['num'] == idx
:
637 logger
.info("Test: Confirm subtype with too short AT_MIC_S")
638 return struct
.pack(">BBHBBBBBB", EAP_CODE_REQUEST
, ctx
['id'],
641 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CONFIRM
,
642 EAP_SAKE_AT_MIC_S
, 2)
645 if ctx
['num'] == idx
:
646 logger
.info("Test: Unexpected Confirm subtype")
647 return struct
.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST
, ctx
['id'],
650 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CONFIRM
,
651 EAP_SAKE_AT_MIC_S
, 18, 0, 0, 0, 0)
654 if ctx
['num'] == idx
:
655 return sake_challenge(ctx
)
657 if ctx
['num'] == idx
:
658 logger
.info("Test: Confirm subtype with incorrect AT_MIC_S")
659 return struct
.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST
, ctx
['id'],
662 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CONFIRM
,
663 EAP_SAKE_AT_MIC_S
, 18, 0, 0, 0, 0)
665 global eap_proto_sake_test_done
666 if eap_proto_sake_test_done
:
667 return sake_challenge(ctx
)
669 logger
.info("No more test responses available - test case completed")
670 eap_proto_sake_test_done
= True
671 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
673 srv
= start_radius_server(sake_handler
)
676 hapd
= start_ap(apdev
[0]['ifname'])
678 while not eap_proto_sake_test_done
:
679 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
680 eap
="SAKE", identity
="sake user",
681 password_hex
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
683 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
685 raise Exception("Timeout on EAP start")
687 dev
[0].request("REMOVE_NETWORK all")
689 logger
.info("Too short password")
690 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
691 eap
="SAKE", identity
="sake user",
692 password_hex
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcd",
694 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
696 raise Exception("Timeout on EAP start")
699 stop_radius_server(srv
)
701 def test_eap_proto_sake_errors(dev
, apdev
):
702 """EAP-SAKE local error cases"""
703 check_eap_capa(dev
[0], "SAKE")
704 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
705 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
707 for i
in range(1, 3):
708 with
alloc_fail(dev
[0], i
, "eap_sake_init"):
709 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
710 eap
="SAKE", identity
="sake user",
711 password_hex
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
713 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
716 raise Exception("Timeout on EAP start")
717 dev
[0].request("REMOVE_NETWORK all")
718 dev
[0].wait_disconnected()
720 tests
= [ ( 1, "eap_msg_alloc;eap_sake_build_msg;eap_sake_process_challenge" ),
721 ( 1, "=eap_sake_process_challenge" ),
722 ( 1, "eap_sake_compute_mic;eap_sake_process_challenge" ),
723 ( 1, "eap_sake_build_msg;eap_sake_process_confirm" ),
724 ( 2, "eap_sake_compute_mic;eap_sake_process_confirm" ),
725 ( 1, "eap_sake_getKey" ),
726 ( 1, "eap_sake_get_emsk" ),
727 ( 1, "eap_sake_get_session_id" ) ]
728 for count
, func
in tests
:
729 with
alloc_fail(dev
[0], count
, func
):
730 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
731 eap
="SAKE", identity
="sake user",
732 password_hex
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
735 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
738 raise Exception("Timeout on EAP start")
739 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
740 dev
[0].request("REMOVE_NETWORK all")
741 dev
[0].wait_disconnected()
743 with
fail_test(dev
[0], 1, "os_get_random;eap_sake_process_challenge"):
744 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
745 eap
="SAKE", identity
="sake user",
746 password_hex
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
748 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
750 raise Exception("Timeout on EAP start")
751 wait_fail_trigger(dev
[0], "GET_FAIL")
752 dev
[0].request("REMOVE_NETWORK all")
753 dev
[0].wait_disconnected()
755 def test_eap_proto_sake_errors2(dev
, apdev
):
756 """EAP-SAKE protocol tests (2)"""
757 def sake_handler(ctx
, req
):
758 logger
.info("sake_handler - RX " + req
.encode("hex"))
764 ctx
['id'] = (ctx
['id'] + 1) % 256
768 if ctx
['num'] == idx
:
769 logger
.info("Test: Identity subtype")
770 return struct
.pack(">BBHBBBBBBH", EAP_CODE_REQUEST
, ctx
['id'],
773 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_IDENTITY
,
774 EAP_SAKE_AT_ANY_ID_REQ
, 4, 0)
776 srv
= start_radius_server(sake_handler
)
779 hapd
= start_ap(apdev
[0]['ifname'])
781 with
alloc_fail(dev
[0], 1, "eap_msg_alloc;eap_sake_build_msg;eap_sake_process_identity"):
782 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
783 eap
="SAKE", identity
="sake user",
784 password_hex
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
786 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
789 raise Exception("Timeout on EAP start")
790 dev
[0].request("REMOVE_NETWORK all")
791 dev
[0].wait_disconnected()
794 stop_radius_server(srv
)
796 def test_eap_proto_leap(dev
, apdev
):
797 """EAP-LEAP protocol tests"""
798 check_eap_capa(dev
[0], "LEAP")
799 def leap_handler(ctx
, req
):
800 logger
.info("leap_handler - RX " + req
.encode("hex"))
803 ctx
['num'] = ctx
['num'] + 1
806 ctx
['id'] = (ctx
['id'] + 1) % 256
809 logger
.info("Test: Missing payload")
810 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
815 logger
.info("Test: Unexpected version")
816 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
822 logger
.info("Test: Invalid challenge length")
823 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
829 logger
.info("Test: Truncated challenge")
830 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
836 logger
.info("Test: Valid challenge")
837 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
842 logger
.info("Test: Missing payload in Response")
843 return struct
.pack(">BBHB", EAP_CODE_RESPONSE
, ctx
['id'],
848 logger
.info("Test: Valid challenge")
849 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
854 logger
.info("Test: Unexpected version in Response")
855 return struct
.pack(">BBHBBBB", EAP_CODE_RESPONSE
, ctx
['id'],
861 logger
.info("Test: Valid challenge")
862 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
867 logger
.info("Test: Invalid challenge length in Response")
868 return struct
.pack(">BBHBBBB", EAP_CODE_RESPONSE
, ctx
['id'],
874 logger
.info("Test: Valid challenge")
875 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
880 logger
.info("Test: Truncated challenge in Response")
881 return struct
.pack(">BBHBBBB", EAP_CODE_RESPONSE
, ctx
['id'],
887 logger
.info("Test: Valid challenge")
888 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
893 logger
.info("Test: Invalid challange value in Response")
894 return struct
.pack(">BBHBBBB6L", EAP_CODE_RESPONSE
, ctx
['id'],
901 logger
.info("Test: Valid challenge")
902 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
907 logger
.info("Test: Valid challange value in Response")
908 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
912 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
913 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
914 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
917 logger
.info("Test: Valid challenge")
918 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
923 logger
.info("Test: Success")
924 return struct
.pack(">BBHB", EAP_CODE_SUCCESS
, ctx
['id'],
927 # hostapd will drop the next frame in the sequence
930 logger
.info("Test: Valid challenge")
931 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
936 logger
.info("Test: Failure")
937 return struct
.pack(">BBHB", EAP_CODE_FAILURE
, ctx
['id'],
943 srv
= start_radius_server(leap_handler
)
946 hapd
= start_ap(apdev
[0]['ifname'])
948 for i
in range(0, 12):
949 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
950 eap
="LEAP", identity
="user", password
="password",
952 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
954 raise Exception("Timeout on EAP start")
957 logger
.info("Wait for additional roundtrip")
959 dev
[0].request("REMOVE_NETWORK all")
961 stop_radius_server(srv
)
963 def test_eap_proto_leap_errors(dev
, apdev
):
964 """EAP-LEAP protocol tests (error paths)"""
965 check_eap_capa(dev
[0], "LEAP")
967 def leap_handler2(ctx
, req
):
968 logger
.info("leap_handler2 - RX " + req
.encode("hex"))
971 ctx
['num'] = ctx
['num'] + 1
974 ctx
['id'] = (ctx
['id'] + 1) % 256
978 if ctx
['num'] == idx
:
979 logger
.info("Test: Valid challenge")
980 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
985 if ctx
['num'] == idx
:
986 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
989 if ctx
['num'] == idx
:
990 logger
.info("Test: Valid challenge")
991 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
997 if ctx
['num'] == idx
:
998 logger
.info("Test: Valid challenge")
999 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1004 if ctx
['num'] == idx
:
1005 logger
.info("Test: Success")
1006 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'], 4)
1009 if ctx
['num'] == idx
:
1010 logger
.info("Test: Valid challenge")
1011 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1016 if ctx
['num'] == idx
:
1017 logger
.info("Test: Success")
1018 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'], 4)
1021 if ctx
['num'] == idx
:
1022 logger
.info("Test: Valid challenge")
1023 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1028 if ctx
['num'] == idx
:
1029 logger
.info("Test: Valid challange value in Response")
1030 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
1034 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
1035 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
1036 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
1039 if ctx
['num'] == idx
:
1040 logger
.info("Test: Valid challenge")
1041 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1046 if ctx
['num'] == idx
:
1047 logger
.info("Test: Valid challange value in Response")
1048 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
1052 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
1053 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
1054 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
1057 if ctx
['num'] == idx
:
1058 logger
.info("Test: Valid challenge")
1059 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1064 if ctx
['num'] == idx
:
1065 logger
.info("Test: Valid challange value in Response")
1066 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
1070 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
1071 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
1072 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
1075 if ctx
['num'] == idx
:
1076 logger
.info("Test: Valid challenge")
1077 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1082 if ctx
['num'] == idx
:
1083 logger
.info("Test: Valid challange value in Response")
1084 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
1088 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
1089 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
1090 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
1093 if ctx
['num'] == idx
:
1094 logger
.info("Test: Valid challenge")
1095 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1100 if ctx
['num'] == idx
:
1101 logger
.info("Test: Valid challange value in Response")
1102 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
1106 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
1107 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
1108 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
1111 if ctx
['num'] == idx
:
1112 logger
.info("Test: Valid challenge")
1113 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1118 if ctx
['num'] == idx
:
1119 logger
.info("Test: Valid challange value in Response")
1120 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
1124 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
1125 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
1126 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
1129 if ctx
['num'] == idx
:
1130 logger
.info("Test: Valid challenge")
1131 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1136 if ctx
['num'] == idx
:
1137 logger
.info("Test: Valid challange value in Response")
1138 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
1142 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
1143 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
1144 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
1146 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
1148 srv
= start_radius_server(leap_handler2
)
1151 hapd
= start_ap(apdev
[0]['ifname'])
1153 with
alloc_fail(dev
[0], 1, "eap_leap_init"):
1154 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1155 eap
="LEAP", identity
="user", password
="password",
1157 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
1158 dev
[0].request("REMOVE_NETWORK all")
1159 dev
[0].wait_disconnected()
1161 with
alloc_fail(dev
[0], 1, "eap_msg_alloc;eap_leap_process_request"):
1162 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1163 eap
="LEAP", identity
="user",
1164 password_hex
="hash:8846f7eaee8fb117ad06bdd830b7586c",
1166 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
1167 dev
[0].request("REMOVE_NETWORK all")
1168 dev
[0].wait_disconnected()
1170 with
alloc_fail(dev
[0], 1, "eap_leap_process_success"):
1171 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1172 eap
="LEAP", identity
="user", password
="password",
1174 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
1175 dev
[0].request("REMOVE_NETWORK all")
1176 dev
[0].wait_disconnected()
1178 with
fail_test(dev
[0], 1, "os_get_random;eap_leap_process_success"):
1179 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1180 eap
="LEAP", identity
="user", password
="password",
1182 wait_fail_trigger(dev
[0], "GET_FAIL")
1183 dev
[0].request("REMOVE_NETWORK all")
1184 dev
[0].wait_disconnected()
1186 with
fail_test(dev
[0], 1, "eap_leap_process_response"):
1187 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1188 eap
="LEAP", identity
="user",
1189 password_hex
="hash:8846f7eaee8fb117ad06bdd830b7586c",
1191 wait_fail_trigger(dev
[0], "GET_FAIL")
1192 dev
[0].request("REMOVE_NETWORK all")
1193 dev
[0].wait_disconnected()
1195 with
fail_test(dev
[0], 1, "nt_password_hash;eap_leap_process_response"):
1196 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1197 eap
="LEAP", identity
="user", password
="password",
1199 wait_fail_trigger(dev
[0], "GET_FAIL")
1200 dev
[0].request("REMOVE_NETWORK all")
1201 dev
[0].wait_disconnected()
1203 with
fail_test(dev
[0], 1, "hash_nt_password_hash;eap_leap_process_response"):
1204 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1205 eap
="LEAP", identity
="user", password
="password",
1207 wait_fail_trigger(dev
[0], "GET_FAIL")
1208 dev
[0].request("REMOVE_NETWORK all")
1209 dev
[0].wait_disconnected()
1211 with
alloc_fail(dev
[0], 1, "eap_leap_getKey"):
1212 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1213 eap
="LEAP", identity
="user",
1214 password_hex
="hash:8846f7eaee8fb117ad06bdd830b7586c",
1216 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
1217 dev
[0].request("REMOVE_NETWORK all")
1218 dev
[0].wait_disconnected()
1220 with
fail_test(dev
[0], 1, "eap_leap_getKey"):
1221 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1222 eap
="LEAP", identity
="user",
1223 password_hex
="hash:8846f7eaee8fb117ad06bdd830b7586c",
1225 wait_fail_trigger(dev
[0], "GET_FAIL")
1226 dev
[0].request("REMOVE_NETWORK all")
1227 dev
[0].wait_disconnected()
1229 with
fail_test(dev
[0], 1, "nt_password_hash;eap_leap_getKey"):
1230 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1231 eap
="LEAP", identity
="user", password
="password",
1233 wait_fail_trigger(dev
[0], "GET_FAIL")
1234 dev
[0].request("REMOVE_NETWORK all")
1235 dev
[0].wait_disconnected()
1237 with
fail_test(dev
[0], 1, "hash_nt_password_hash;eap_leap_getKey"):
1238 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1239 eap
="LEAP", identity
="user", password
="password",
1241 wait_fail_trigger(dev
[0], "GET_FAIL")
1242 dev
[0].request("REMOVE_NETWORK all")
1243 dev
[0].wait_disconnected()
1245 stop_radius_server(srv
)
1247 def test_eap_proto_md5(dev
, apdev
):
1248 """EAP-MD5 protocol tests"""
1249 check_eap_capa(dev
[0], "MD5")
1251 def md5_handler(ctx
, req
):
1252 logger
.info("md5_handler - RX " + req
.encode("hex"))
1253 if 'num' not in ctx
:
1255 ctx
['num'] = ctx
['num'] + 1
1258 ctx
['id'] = (ctx
['id'] + 1) % 256
1261 logger
.info("Test: Missing payload")
1262 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
1267 logger
.info("Test: Zero-length challenge")
1268 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1274 logger
.info("Test: Truncated challenge")
1275 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1281 logger
.info("Test: Shortest possible challenge and name")
1282 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
1289 srv
= start_radius_server(md5_handler
)
1292 hapd
= start_ap(apdev
[0]['ifname'])
1294 for i
in range(0, 4):
1295 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1296 eap
="MD5", identity
="user", password
="password",
1298 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
1300 raise Exception("Timeout on EAP start")
1302 dev
[0].request("REMOVE_NETWORK all")
1304 stop_radius_server(srv
)
1306 def test_eap_proto_md5_errors(dev
, apdev
):
1307 """EAP-MD5 local error cases"""
1308 check_eap_capa(dev
[0], "MD5")
1309 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
1310 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1312 with
fail_test(dev
[0], 1, "chap_md5"):
1313 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1314 eap
="MD5", identity
="phase1-user", password
="password",
1316 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout
=15)
1318 raise Exception("Timeout on EAP start")
1319 dev
[0].request("REMOVE_NETWORK all")
1320 dev
[0].wait_disconnected()
1322 with
alloc_fail(dev
[0], 1, "eap_msg_alloc;eap_md5_process"):
1323 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1324 eap
="MD5", identity
="phase1-user", password
="password",
1326 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout
=15)
1328 raise Exception("Timeout on EAP start")
1330 dev
[0].request("REMOVE_NETWORK all")
1332 def test_eap_proto_otp(dev
, apdev
):
1333 """EAP-OTP protocol tests"""
1334 def otp_handler(ctx
, req
):
1335 logger
.info("otp_handler - RX " + req
.encode("hex"))
1336 if 'num' not in ctx
:
1338 ctx
['num'] = ctx
['num'] + 1
1341 ctx
['id'] = (ctx
['id'] + 1) % 256
1344 logger
.info("Test: Empty payload")
1345 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
1349 logger
.info("Test: Success")
1350 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'],
1354 logger
.info("Test: Challenge included")
1355 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1360 logger
.info("Test: Success")
1361 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'],
1366 srv
= start_radius_server(otp_handler
)
1369 hapd
= start_ap(apdev
[0]['ifname'])
1371 for i
in range(0, 1):
1372 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1373 eap
="OTP", identity
="user", password
="password",
1375 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
1378 raise Exception("Timeout on EAP start")
1380 dev
[0].request("REMOVE_NETWORK all")
1382 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1383 eap
="OTP", identity
="user", wait_connect
=False)
1384 ev
= dev
[0].wait_event(["CTRL-REQ-OTP"])
1386 raise Exception("Request for password timed out")
1387 id = ev
.split(':')[0].split('-')[-1]
1388 dev
[0].request("CTRL-RSP-OTP-" + id + ":password")
1389 ev
= dev
[0].wait_event("CTRL-EVENT-EAP-SUCCESS")
1391 raise Exception("Success not reported")
1393 stop_radius_server(srv
)
1395 EAP_GPSK_OPCODE_GPSK_1
= 1
1396 EAP_GPSK_OPCODE_GPSK_2
= 2
1397 EAP_GPSK_OPCODE_GPSK_3
= 3
1398 EAP_GPSK_OPCODE_GPSK_4
= 4
1399 EAP_GPSK_OPCODE_FAIL
= 5
1400 EAP_GPSK_OPCODE_PROTECTED_FAIL
= 6
1402 def test_eap_proto_gpsk(dev
, apdev
):
1403 """EAP-GPSK protocol tests"""
1404 def gpsk_handler(ctx
, req
):
1405 logger
.info("gpsk_handler - RX " + req
.encode("hex"))
1406 if 'num' not in ctx
:
1408 ctx
['num'] = ctx
['num'] + 1
1411 ctx
['id'] = (ctx
['id'] + 1) % 256
1416 if ctx
['num'] == idx
:
1417 logger
.info("Test: Missing payload")
1418 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
1423 if ctx
['num'] == idx
:
1424 logger
.info("Test: Unknown opcode")
1425 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1431 if ctx
['num'] == idx
:
1432 logger
.info("Test: Unexpected GPSK-3")
1433 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1436 EAP_GPSK_OPCODE_GPSK_3
)
1439 if ctx
['num'] == idx
:
1440 logger
.info("Test: GPSK-1 Too short GPSK-1")
1441 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1444 EAP_GPSK_OPCODE_GPSK_1
)
1447 if ctx
['num'] == idx
:
1448 logger
.info("Test: GPSK-1 Truncated ID_Server")
1449 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
1452 EAP_GPSK_OPCODE_GPSK_1
, 1)
1455 if ctx
['num'] == idx
:
1456 logger
.info("Test: GPSK-1 Missing RAND_Server")
1457 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
1460 EAP_GPSK_OPCODE_GPSK_1
, 0)
1463 if ctx
['num'] == idx
:
1464 logger
.info("Test: GPSK-1 Missing CSuite_List")
1465 return struct
.pack(">BBHBBH8L", EAP_CODE_REQUEST
, ctx
['id'],
1468 EAP_GPSK_OPCODE_GPSK_1
, 0,
1469 0, 0, 0, 0, 0, 0, 0, 0)
1472 if ctx
['num'] == idx
:
1473 logger
.info("Test: GPSK-1 Truncated CSuite_List")
1474 return struct
.pack(">BBHBBH8LH", EAP_CODE_REQUEST
, ctx
['id'],
1475 4 + 1 + 1 + 2 + 32 + 2,
1477 EAP_GPSK_OPCODE_GPSK_1
, 0,
1478 0, 0, 0, 0, 0, 0, 0, 0,
1482 if ctx
['num'] == idx
:
1483 logger
.info("Test: GPSK-1 Empty CSuite_List")
1484 return struct
.pack(">BBHBBH8LH", EAP_CODE_REQUEST
, ctx
['id'],
1485 4 + 1 + 1 + 2 + 32 + 2,
1487 EAP_GPSK_OPCODE_GPSK_1
, 0,
1488 0, 0, 0, 0, 0, 0, 0, 0,
1492 if ctx
['num'] == idx
:
1493 logger
.info("Test: GPSK-1 Invalid CSuite_List")
1494 return struct
.pack(">BBHBBH8LHB", EAP_CODE_REQUEST
, ctx
['id'],
1495 4 + 1 + 1 + 2 + 32 + 2 + 1,
1497 EAP_GPSK_OPCODE_GPSK_1
, 0,
1498 0, 0, 0, 0, 0, 0, 0, 0,
1502 if ctx
['num'] == idx
:
1503 logger
.info("Test: GPSK-1 No supported CSuite")
1504 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1505 4 + 1 + 1 + 2 + 32 + 2 + 6,
1507 EAP_GPSK_OPCODE_GPSK_1
, 0,
1508 0, 0, 0, 0, 0, 0, 0, 0,
1512 if ctx
['num'] == idx
:
1513 logger
.info("Test: GPSK-1 Supported CSuite")
1514 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1515 4 + 1 + 1 + 2 + 32 + 2 + 6,
1517 EAP_GPSK_OPCODE_GPSK_1
, 0,
1518 0, 0, 0, 0, 0, 0, 0, 0,
1521 if ctx
['num'] == idx
:
1522 logger
.info("Test: Unexpected GPSK-1")
1523 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1524 4 + 1 + 1 + 2 + 32 + 2 + 6,
1526 EAP_GPSK_OPCODE_GPSK_1
, 0,
1527 0, 0, 0, 0, 0, 0, 0, 0,
1531 if ctx
['num'] == idx
:
1532 logger
.info("Test: GPSK-1 Supported CSuite but too short key")
1533 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1534 4 + 1 + 1 + 2 + 32 + 2 + 6,
1536 EAP_GPSK_OPCODE_GPSK_1
, 0,
1537 0, 0, 0, 0, 0, 0, 0, 0,
1541 if ctx
['num'] == idx
:
1542 logger
.info("Test: GPSK-1 Supported CSuite")
1543 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1544 4 + 1 + 1 + 2 + 32 + 2 + 6,
1546 EAP_GPSK_OPCODE_GPSK_1
, 0,
1547 0, 0, 0, 0, 0, 0, 0, 0,
1550 if ctx
['num'] == idx
:
1551 logger
.info("Test: Too short GPSK-3")
1552 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1555 EAP_GPSK_OPCODE_GPSK_3
)
1558 if ctx
['num'] == idx
:
1559 logger
.info("Test: GPSK-1 Supported CSuite")
1560 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1561 4 + 1 + 1 + 2 + 32 + 2 + 6,
1563 EAP_GPSK_OPCODE_GPSK_1
, 0,
1564 0, 0, 0, 0, 0, 0, 0, 0,
1567 if ctx
['num'] == idx
:
1568 logger
.info("Test: GPSK-3 Mismatch in RAND_Peer")
1569 return struct
.pack(">BBHBB8L", EAP_CODE_REQUEST
, ctx
['id'],
1572 EAP_GPSK_OPCODE_GPSK_3
,
1573 0, 0, 0, 0, 0, 0, 0, 0)
1576 if ctx
['num'] == idx
:
1577 logger
.info("Test: GPSK-1 Supported CSuite")
1578 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1579 4 + 1 + 1 + 2 + 32 + 2 + 6,
1581 EAP_GPSK_OPCODE_GPSK_1
, 0,
1582 0, 0, 0, 0, 0, 0, 0, 0,
1585 if ctx
['num'] == idx
:
1586 logger
.info("Test: GPSK-3 Missing RAND_Server")
1587 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1590 EAP_GPSK_OPCODE_GPSK_3
)
1595 if ctx
['num'] == idx
:
1596 logger
.info("Test: GPSK-1 Supported CSuite")
1597 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1598 4 + 1 + 1 + 2 + 32 + 2 + 6,
1600 EAP_GPSK_OPCODE_GPSK_1
, 0,
1601 0, 0, 0, 0, 0, 0, 0, 0,
1604 if ctx
['num'] == idx
:
1605 logger
.info("Test: GPSK-3 Mismatch in RAND_Server")
1606 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1607 4 + 1 + 1 + 32 + 32,
1609 EAP_GPSK_OPCODE_GPSK_3
)
1611 msg
+= struct
.pack(">8L", 1, 1, 1, 1, 1, 1, 1, 1)
1615 if ctx
['num'] == idx
:
1616 logger
.info("Test: GPSK-1 Supported CSuite")
1617 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1618 4 + 1 + 1 + 2 + 32 + 2 + 6,
1620 EAP_GPSK_OPCODE_GPSK_1
, 0,
1621 0, 0, 0, 0, 0, 0, 0, 0,
1624 if ctx
['num'] == idx
:
1625 logger
.info("Test: GPSK-3 Missing ID_Server")
1626 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1627 4 + 1 + 1 + 32 + 32,
1629 EAP_GPSK_OPCODE_GPSK_3
)
1631 msg
+= struct
.pack(">8L", 0, 0, 0, 0, 0, 0, 0, 0)
1635 if ctx
['num'] == idx
:
1636 logger
.info("Test: GPSK-1 Supported CSuite")
1637 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1638 4 + 1 + 1 + 2 + 32 + 2 + 6,
1640 EAP_GPSK_OPCODE_GPSK_1
, 0,
1641 0, 0, 0, 0, 0, 0, 0, 0,
1644 if ctx
['num'] == idx
:
1645 logger
.info("Test: GPSK-3 Truncated ID_Server")
1646 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1647 4 + 1 + 1 + 32 + 32 + 2,
1649 EAP_GPSK_OPCODE_GPSK_3
)
1651 msg
+= struct
.pack(">8LH", 0, 0, 0, 0, 0, 0, 0, 0, 1)
1655 if ctx
['num'] == idx
:
1656 logger
.info("Test: GPSK-1 Supported CSuite")
1657 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1658 4 + 1 + 1 + 2 + 32 + 2 + 6,
1660 EAP_GPSK_OPCODE_GPSK_1
, 0,
1661 0, 0, 0, 0, 0, 0, 0, 0,
1664 if ctx
['num'] == idx
:
1665 logger
.info("Test: GPSK-3 Mismatch in ID_Server")
1666 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1667 4 + 1 + 1 + 32 + 32 + 3,
1669 EAP_GPSK_OPCODE_GPSK_3
)
1671 msg
+= struct
.pack(">8LHB", 0, 0, 0, 0, 0, 0, 0, 0, 1, ord('B'))
1675 if ctx
['num'] == idx
:
1676 logger
.info("Test: GPSK-1 Supported CSuite")
1677 return struct
.pack(">BBHBBHB8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1678 4 + 1 + 1 + 3 + 32 + 2 + 6,
1680 EAP_GPSK_OPCODE_GPSK_1
, 1, ord('A'),
1681 0, 0, 0, 0, 0, 0, 0, 0,
1684 if ctx
['num'] == idx
:
1685 logger
.info("Test: GPSK-3 Mismatch in ID_Server (same length)")
1686 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1687 4 + 1 + 1 + 32 + 32 + 3,
1689 EAP_GPSK_OPCODE_GPSK_3
)
1691 msg
+= struct
.pack(">8LHB", 0, 0, 0, 0, 0, 0, 0, 0, 1, ord('B'))
1695 if ctx
['num'] == idx
:
1696 logger
.info("Test: GPSK-1 Supported CSuite")
1697 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1698 4 + 1 + 1 + 2 + 32 + 2 + 6,
1700 EAP_GPSK_OPCODE_GPSK_1
, 0,
1701 0, 0, 0, 0, 0, 0, 0, 0,
1704 if ctx
['num'] == idx
:
1705 logger
.info("Test: GPSK-3 Missing CSuite_Sel")
1706 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1707 4 + 1 + 1 + 32 + 32 + 2,
1709 EAP_GPSK_OPCODE_GPSK_3
)
1711 msg
+= struct
.pack(">8LH", 0, 0, 0, 0, 0, 0, 0, 0, 0)
1715 if ctx
['num'] == idx
:
1716 logger
.info("Test: GPSK-1 Supported CSuite")
1717 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1718 4 + 1 + 1 + 2 + 32 + 2 + 6,
1720 EAP_GPSK_OPCODE_GPSK_1
, 0,
1721 0, 0, 0, 0, 0, 0, 0, 0,
1724 if ctx
['num'] == idx
:
1725 logger
.info("Test: GPSK-3 Mismatch in CSuite_Sel")
1726 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1727 4 + 1 + 1 + 32 + 32 + 2 + 6,
1729 EAP_GPSK_OPCODE_GPSK_3
)
1731 msg
+= struct
.pack(">8LHLH", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2)
1735 if ctx
['num'] == idx
:
1736 logger
.info("Test: GPSK-1 Supported CSuite")
1737 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1738 4 + 1 + 1 + 2 + 32 + 2 + 6,
1740 EAP_GPSK_OPCODE_GPSK_1
, 0,
1741 0, 0, 0, 0, 0, 0, 0, 0,
1744 if ctx
['num'] == idx
:
1745 logger
.info("Test: GPSK-3 Missing len(PD_Payload_Block)")
1746 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1747 4 + 1 + 1 + 32 + 32 + 2 + 6,
1749 EAP_GPSK_OPCODE_GPSK_3
)
1751 msg
+= struct
.pack(">8LHLH", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1)
1755 if ctx
['num'] == idx
:
1756 logger
.info("Test: GPSK-1 Supported CSuite")
1757 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1758 4 + 1 + 1 + 2 + 32 + 2 + 6,
1760 EAP_GPSK_OPCODE_GPSK_1
, 0,
1761 0, 0, 0, 0, 0, 0, 0, 0,
1764 if ctx
['num'] == idx
:
1765 logger
.info("Test: GPSK-3 Truncated PD_Payload_Block")
1766 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1767 4 + 1 + 1 + 32 + 32 + 2 + 6 + 2,
1769 EAP_GPSK_OPCODE_GPSK_3
)
1771 msg
+= struct
.pack(">8LHLHH", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1)
1775 if ctx
['num'] == idx
:
1776 logger
.info("Test: GPSK-1 Supported CSuite")
1777 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1778 4 + 1 + 1 + 2 + 32 + 2 + 6,
1780 EAP_GPSK_OPCODE_GPSK_1
, 0,
1781 0, 0, 0, 0, 0, 0, 0, 0,
1784 if ctx
['num'] == idx
:
1785 logger
.info("Test: GPSK-3 Missing MAC")
1786 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1787 4 + 1 + 1 + 32 + 32 + 2 + 6 + 3,
1789 EAP_GPSK_OPCODE_GPSK_3
)
1791 msg
+= struct
.pack(">8LHLHHB",
1792 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 123)
1796 if ctx
['num'] == idx
:
1797 logger
.info("Test: GPSK-1 Supported CSuite")
1798 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1799 4 + 1 + 1 + 2 + 32 + 2 + 6,
1801 EAP_GPSK_OPCODE_GPSK_1
, 0,
1802 0, 0, 0, 0, 0, 0, 0, 0,
1805 if ctx
['num'] == idx
:
1806 logger
.info("Test: GPSK-3 Incorrect MAC")
1807 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1808 4 + 1 + 1 + 32 + 32 + 2 + 6 + 3 + 16,
1810 EAP_GPSK_OPCODE_GPSK_3
)
1812 msg
+= struct
.pack(">8LHLHHB4L",
1813 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 123,
1819 srv
= start_radius_server(gpsk_handler
)
1822 hapd
= start_ap(apdev
[0]['ifname'])
1824 for i
in range(0, 27):
1828 pw
= "abcdefghijklmnop0123456789abcdef"
1829 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1830 eap
="GPSK", identity
="user", password
=pw
,
1832 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
1835 raise Exception("Timeout on EAP start")
1837 dev
[0].request("REMOVE_NETWORK all")
1839 stop_radius_server(srv
)
1846 def test_eap_proto_eke(dev
, apdev
):
1847 """EAP-EKE protocol tests"""
1848 def eke_handler(ctx
, req
):
1849 logger
.info("eke_handler - RX " + req
.encode("hex"))
1850 if 'num' not in ctx
:
1852 ctx
['num'] = ctx
['num'] + 1
1855 ctx
['id'] = (ctx
['id'] + 1) % 256
1860 if ctx
['num'] == idx
:
1861 logger
.info("Test: Missing payload")
1862 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
1867 if ctx
['num'] == idx
:
1868 logger
.info("Test: Unknown exchange")
1869 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1875 if ctx
['num'] == idx
:
1876 logger
.info("Test: No NumProposals in EAP-EKE-ID/Request")
1877 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1882 if ctx
['num'] == idx
:
1883 logger
.info("Test: EAP-Failure")
1884 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
1887 if ctx
['num'] == idx
:
1888 logger
.info("Test: NumProposals=0 in EAP-EKE-ID/Request")
1889 return struct
.pack(">BBHBBB", EAP_CODE_REQUEST
, ctx
['id'],
1895 if ctx
['num'] == idx
:
1896 logger
.info("Test: EAP-Failure")
1897 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
1900 if ctx
['num'] == idx
:
1901 logger
.info("Test: Truncated Proposals list in EAP-EKE-ID/Request")
1902 return struct
.pack(">BBHBBBB4B", EAP_CODE_REQUEST
, ctx
['id'],
1908 if ctx
['num'] == idx
:
1909 logger
.info("Test: EAP-Failure")
1910 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
1913 if ctx
['num'] == idx
:
1914 logger
.info("Test: Unsupported proposals in EAP-EKE-ID/Request")
1915 return struct
.pack(">BBHBBBB4B4B4B4B", EAP_CODE_REQUEST
, ctx
['id'],
1916 4 + 1 + 1 + 2 + 4 * 4,
1925 if ctx
['num'] == idx
:
1926 logger
.info("Test: EAP-Failure")
1927 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
1930 if ctx
['num'] == idx
:
1931 logger
.info("Test: Missing IDType/Identity in EAP-EKE-ID/Request")
1932 return struct
.pack(">BBHBBBB4B4B4B4B4B",
1933 EAP_CODE_REQUEST
, ctx
['id'],
1934 4 + 1 + 1 + 2 + 5 * 4,
1944 if ctx
['num'] == idx
:
1945 logger
.info("Test: EAP-Failure")
1946 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
1949 if ctx
['num'] == idx
:
1950 logger
.info("Test: Valid EAP-EKE-ID/Request")
1951 return struct
.pack(">BBHBBBB4BB",
1952 EAP_CODE_REQUEST
, ctx
['id'],
1953 4 + 1 + 1 + 2 + 4 + 1,
1960 if ctx
['num'] == idx
:
1961 logger
.info("Test: Unexpected EAP-EKE-ID/Request")
1962 return struct
.pack(">BBHBBBB4BB",
1963 EAP_CODE_REQUEST
, ctx
['id'],
1964 4 + 1 + 1 + 2 + 4 + 1,
1971 if ctx
['num'] == idx
:
1972 logger
.info("Test: EAP-Failure")
1973 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
1976 if ctx
['num'] == idx
:
1977 logger
.info("Test: Valid EAP-EKE-ID/Request")
1978 return struct
.pack(">BBHBBBB4BB",
1979 EAP_CODE_REQUEST
, ctx
['id'],
1980 4 + 1 + 1 + 2 + 4 + 1,
1987 if ctx
['num'] == idx
:
1988 logger
.info("Test: Unexpected EAP-EKE-Confirm/Request")
1989 return struct
.pack(">BBHBB",
1990 EAP_CODE_REQUEST
, ctx
['id'],
1995 if ctx
['num'] == idx
:
1996 logger
.info("Test: EAP-Failure")
1997 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2000 if ctx
['num'] == idx
:
2001 logger
.info("Test: Too short EAP-EKE-Failure/Request")
2002 return struct
.pack(">BBHBB",
2003 EAP_CODE_REQUEST
, ctx
['id'],
2008 if ctx
['num'] == idx
:
2009 logger
.info("Test: EAP-Failure")
2010 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2013 if ctx
['num'] == idx
:
2014 logger
.info("Test: Unexpected EAP-EKE-Commit/Request")
2015 return struct
.pack(">BBHBB",
2016 EAP_CODE_REQUEST
, ctx
['id'],
2021 if ctx
['num'] == idx
:
2022 logger
.info("Test: EAP-Failure")
2023 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2026 if ctx
['num'] == idx
:
2027 logger
.info("Test: Valid EAP-EKE-ID/Request")
2028 return struct
.pack(">BBHBBBB4BB",
2029 EAP_CODE_REQUEST
, ctx
['id'],
2030 4 + 1 + 1 + 2 + 4 + 1,
2037 if ctx
['num'] == idx
:
2038 logger
.info("Test: Too short EAP-EKE-Commit/Request")
2039 return struct
.pack(">BBHBB",
2040 EAP_CODE_REQUEST
, ctx
['id'],
2045 if ctx
['num'] == idx
:
2046 logger
.info("Test: EAP-Failure")
2047 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2050 if ctx
['num'] == idx
:
2051 logger
.info("Test: Valid EAP-EKE-ID/Request")
2052 return struct
.pack(">BBHBBBB4BB",
2053 EAP_CODE_REQUEST
, ctx
['id'],
2054 4 + 1 + 1 + 2 + 4 + 1,
2061 if ctx
['num'] == idx
:
2062 logger
.info("Test: All zeroes DHComponent_S and empty CBvalue in EAP-EKE-Commit/Request")
2063 return struct
.pack(">BBHBB4L32L",
2064 EAP_CODE_REQUEST
, ctx
['id'],
2065 4 + 1 + 1 + 16 + 128,
2069 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2070 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)
2072 if ctx
['num'] == idx
:
2073 logger
.info("Test: Too short EAP-EKE-Confirm/Request")
2074 return struct
.pack(">BBHBB",
2075 EAP_CODE_REQUEST
, ctx
['id'],
2080 if ctx
['num'] == idx
:
2081 logger
.info("Test: EAP-Failure")
2082 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2085 if ctx
['num'] == idx
:
2086 logger
.info("Test: Valid EAP-EKE-ID/Request")
2087 return struct
.pack(">BBHBBBB4BB",
2088 EAP_CODE_REQUEST
, ctx
['id'],
2089 4 + 1 + 1 + 2 + 4 + 1,
2096 if ctx
['num'] == idx
:
2097 logger
.info("Test: All zeroes DHComponent_S and empty CBvalue in EAP-EKE-Commit/Request")
2098 return struct
.pack(">BBHBB4L32L",
2099 EAP_CODE_REQUEST
, ctx
['id'],
2100 4 + 1 + 1 + 16 + 128,
2104 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2105 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)
2107 if ctx
['num'] == idx
:
2108 logger
.info("Test: Invalid PNonce_PS and Auth_S values in EAP-EKE-Confirm/Request")
2109 return struct
.pack(">BBHBB4L8L5L5L",
2110 EAP_CODE_REQUEST
, ctx
['id'],
2111 4 + 1 + 1 + 16 + 2 * 16 + 20 + 20,
2115 0, 0, 0, 0, 0, 0, 0, 0,
2119 if ctx
['num'] == idx
:
2120 logger
.info("Test: EAP-Failure")
2121 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2125 srv
= start_radius_server(eke_handler
)
2128 hapd
= start_ap(apdev
[0]['ifname'])
2130 for i
in range(0, 14):
2131 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2132 eap
="EKE", identity
="user", password
="password",
2134 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
2137 raise Exception("Timeout on EAP start")
2138 if i
in [ 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 ]:
2139 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
2142 raise Exception("Timeout on EAP failure")
2145 dev
[0].request("REMOVE_NETWORK all")
2146 dev
[0].dump_monitor()
2148 stop_radius_server(srv
)
2150 def eap_eke_test_fail(dev
, phase1
=None, success
=False):
2151 dev
.connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2152 eap
="EKE", identity
="eke user", password
="hello",
2153 phase1
=phase1
, erp
="1", wait_connect
=False)
2154 ev
= dev
.wait_event([ "CTRL-EVENT-EAP-FAILURE",
2155 "CTRL-EVENT-EAP-SUCCESS" ], timeout
=5)
2157 raise Exception("Timeout on EAP failure")
2158 if not success
and "CTRL-EVENT-EAP-FAILURE" not in ev
:
2159 raise Exception("EAP did not fail during failure test")
2160 dev
.request("REMOVE_NETWORK all")
2161 dev
.wait_disconnected()
2163 def test_eap_proto_eke_errors(dev
, apdev
):
2164 """EAP-EKE local error cases"""
2165 check_eap_capa(dev
[0], "EKE")
2166 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
2167 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
2169 for i
in range(1, 3):
2170 with
alloc_fail(dev
[0], i
, "eap_eke_init"):
2171 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2172 eap
="EKE", identity
="eke user", password
="hello",
2174 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
2177 raise Exception("Timeout on EAP start")
2178 dev
[0].request("REMOVE_NETWORK all")
2179 dev
[0].wait_disconnected()
2181 tests
= [ (1, "eap_eke_dh_init", None),
2182 (1, "eap_eke_prf_hmac_sha1", "dhgroup=3 encr=1 prf=1 mac=1"),
2183 (1, "eap_eke_prf_hmac_sha256", "dhgroup=5 encr=1 prf=2 mac=2"),
2184 (1, "eap_eke_prf", None),
2185 (1, "os_get_random;eap_eke_dhcomp", None),
2186 (1, "aes_128_cbc_encrypt;eap_eke_dhcomp", None),
2187 (1, "aes_128_cbc_decrypt;eap_eke_shared_secret", None),
2188 (1, "eap_eke_prf;eap_eke_shared_secret", None),
2189 (1, "eap_eke_prfplus;eap_eke_derive_ke_ki", None),
2190 (1, "eap_eke_prfplus;eap_eke_derive_ka", None),
2191 (1, "eap_eke_prfplus;eap_eke_derive_msk", None),
2192 (1, "os_get_random;eap_eke_prot", None),
2193 (1, "aes_128_cbc_decrypt;eap_eke_decrypt_prot", None),
2194 (1, "eap_eke_derive_key;eap_eke_process_commit", None),
2195 (1, "eap_eke_dh_init;eap_eke_process_commit", None),
2196 (1, "eap_eke_shared_secret;eap_eke_process_commit", None),
2197 (1, "eap_eke_derive_ke_ki;eap_eke_process_commit", None),
2198 (1, "eap_eke_dhcomp;eap_eke_process_commit", None),
2199 (1, "os_get_random;eap_eke_process_commit", None),
2200 (1, "os_get_random;=eap_eke_process_commit", None),
2201 (1, "eap_eke_prot;eap_eke_process_commit", None),
2202 (1, "eap_eke_decrypt_prot;eap_eke_process_confirm", None),
2203 (1, "eap_eke_derive_ka;eap_eke_process_confirm", None),
2204 (1, "eap_eke_auth;eap_eke_process_confirm", None),
2205 (2, "eap_eke_auth;eap_eke_process_confirm", None),
2206 (1, "eap_eke_prot;eap_eke_process_confirm", None),
2207 (1, "eap_eke_derive_msk;eap_eke_process_confirm", None) ]
2208 for count
, func
, phase1
in tests
:
2209 with
fail_test(dev
[0], count
, func
):
2210 eap_eke_test_fail(dev
[0], phase1
)
2212 tests
= [ (1, "=eap_eke_derive_ke_ki", None),
2213 (1, "=eap_eke_derive_ka", None),
2214 (1, "=eap_eke_derive_msk", None),
2215 (1, "eap_eke_build_msg;eap_eke_process_id", None),
2216 (1, "wpabuf_alloc;eap_eke_process_id", None),
2217 (1, "=eap_eke_process_id", None),
2218 (1, "wpabuf_alloc;=eap_eke_process_id", None),
2219 (1, "wpabuf_alloc;eap_eke_process_id", None),
2220 (1, "eap_eke_build_msg;eap_eke_process_commit", None),
2221 (1, "wpabuf_resize;eap_eke_process_commit", None),
2222 (1, "eap_eke_build_msg;eap_eke_process_confirm", None) ]
2223 for count
, func
, phase1
in tests
:
2224 with
alloc_fail(dev
[0], count
, func
):
2225 eap_eke_test_fail(dev
[0], phase1
)
2227 tests
= [ (1, "eap_eke_getKey", None),
2228 (1, "eap_eke_get_emsk", None),
2229 (1, "eap_eke_get_session_id", None) ]
2230 for count
, func
, phase1
in tests
:
2231 with
alloc_fail(dev
[0], count
, func
):
2232 eap_eke_test_fail(dev
[0], phase1
, success
=True)
2234 EAP_PAX_OP_STD_1
= 0x01
2235 EAP_PAX_OP_STD_2
= 0x02
2236 EAP_PAX_OP_STD_3
= 0x03
2237 EAP_PAX_OP_SEC_1
= 0x11
2238 EAP_PAX_OP_SEC_2
= 0x12
2239 EAP_PAX_OP_SEC_3
= 0x13
2240 EAP_PAX_OP_SEC_4
= 0x14
2241 EAP_PAX_OP_SEC_5
= 0x15
2242 EAP_PAX_OP_ACK
= 0x21
2244 EAP_PAX_FLAGS_MF
= 0x01
2245 EAP_PAX_FLAGS_CE
= 0x02
2246 EAP_PAX_FLAGS_AI
= 0x04
2248 EAP_PAX_MAC_HMAC_SHA1_128
= 0x01
2249 EAP_PAX_HMAC_SHA256_128
= 0x02
2251 EAP_PAX_DH_GROUP_NONE
= 0x00
2252 EAP_PAX_DH_GROUP_2048_MODP
= 0x01
2253 EAP_PAX_DH_GROUP_3072_MODP
= 0x02
2254 EAP_PAX_DH_GROUP_NIST_ECC_P_256
= 0x03
2256 EAP_PAX_PUBLIC_KEY_NONE
= 0x00
2257 EAP_PAX_PUBLIC_KEY_RSAES_OAEP
= 0x01
2258 EAP_PAX_PUBLIC_KEY_RSA_PKCS1_V1_5
= 0x02
2259 EAP_PAX_PUBLIC_KEY_EL_GAMAL_NIST_ECC
= 0x03
2261 EAP_PAX_ADE_VENDOR_SPECIFIC
= 0x01
2262 EAP_PAX_ADE_CLIENT_CHANNEL_BINDING
= 0x02
2263 EAP_PAX_ADE_SERVER_CHANNEL_BINDING
= 0x03
2265 def test_eap_proto_pax(dev
, apdev
):
2266 """EAP-PAX protocol tests"""
2268 logger
.info("Test: STD-1")
2270 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2271 4 + 1 + 5 + 2 + 32 + 16,
2273 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2274 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2275 32, 0, 0, 0, 0, 0, 0, 0, 0,
2276 0x16, 0xc9, 0x08, 0x9d, 0x98, 0xa5, 0x6e, 0x1f,
2277 0xf0, 0xac, 0xcf, 0xc4, 0x66, 0xcd, 0x2d, 0xbf)
2279 def pax_handler(ctx
, req
):
2280 logger
.info("pax_handler - RX " + req
.encode("hex"))
2281 if 'num' not in ctx
:
2283 ctx
['num'] = ctx
['num'] + 1
2286 ctx
['id'] = (ctx
['id'] + 1) % 256
2291 if ctx
['num'] == idx
:
2292 logger
.info("Test: Missing payload")
2293 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
2298 if ctx
['num'] == idx
:
2299 logger
.info("Test: Minimum length payload")
2300 return struct
.pack(">BBHB4L", EAP_CODE_REQUEST
, ctx
['id'],
2306 if ctx
['num'] == idx
:
2307 logger
.info("Test: Unsupported MAC ID")
2308 return struct
.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2311 EAP_PAX_OP_STD_1
, 0, 255, EAP_PAX_DH_GROUP_NONE
,
2312 EAP_PAX_PUBLIC_KEY_NONE
,
2316 if ctx
['num'] == idx
:
2317 logger
.info("Test: Unsupported DH Group ID")
2318 return struct
.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2321 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2322 255, EAP_PAX_PUBLIC_KEY_NONE
,
2326 if ctx
['num'] == idx
:
2327 logger
.info("Test: Unsupported Public Key ID")
2328 return struct
.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2331 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2332 EAP_PAX_DH_GROUP_NONE
, 255,
2336 if ctx
['num'] == idx
:
2337 logger
.info("Test: More fragments")
2338 return struct
.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2341 EAP_PAX_OP_STD_1
, EAP_PAX_FLAGS_MF
,
2342 EAP_PAX_MAC_HMAC_SHA1_128
,
2343 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2347 if ctx
['num'] == idx
:
2348 logger
.info("Test: Invalid ICV")
2349 return struct
.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2352 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2353 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2357 if ctx
['num'] == idx
:
2358 logger
.info("Test: Invalid ICV in short frame")
2359 return struct
.pack(">BBHBBBBBB3L", EAP_CODE_REQUEST
, ctx
['id'],
2362 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2363 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2367 if ctx
['num'] == idx
:
2368 logger
.info("Test: Correct ICV - unsupported op_code")
2370 return struct
.pack(">BBHBBBBBB16B", EAP_CODE_REQUEST
, ctx
['id'],
2373 255, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2374 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2375 0x90, 0x78, 0x97, 0x38, 0x29, 0x94, 0x32, 0xd4,
2376 0x81, 0x27, 0xe0, 0xf6, 0x3b, 0x0d, 0xb2, 0xb2)
2379 if ctx
['num'] == idx
:
2380 logger
.info("Test: Correct ICV - CE flag in STD-1")
2382 return struct
.pack(">BBHBBBBBB16B", EAP_CODE_REQUEST
, ctx
['id'],
2385 EAP_PAX_OP_STD_1
, EAP_PAX_FLAGS_CE
,
2386 EAP_PAX_MAC_HMAC_SHA1_128
,
2387 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2388 0x9c, 0x98, 0xb4, 0x0b, 0x94, 0x90, 0xde, 0x88,
2389 0xb7, 0x72, 0x63, 0x44, 0x1d, 0xe3, 0x7c, 0x5c)
2392 if ctx
['num'] == idx
:
2393 logger
.info("Test: Correct ICV - too short STD-1 payload")
2395 return struct
.pack(">BBHBBBBBB16B", EAP_CODE_REQUEST
, ctx
['id'],
2398 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2399 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2400 0xda, 0xab, 0x2c, 0xe7, 0x84, 0x41, 0xb5, 0x5c,
2401 0xee, 0xcf, 0x62, 0x03, 0xc5, 0x69, 0xcb, 0xf4)
2404 if ctx
['num'] == idx
:
2405 logger
.info("Test: Correct ICV - incorrect A length in STD-1")
2407 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2408 4 + 1 + 5 + 2 + 32 + 16,
2410 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2411 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2412 0, 0, 0, 0, 0, 0, 0, 0, 0,
2413 0xc4, 0xb0, 0x81, 0xe4, 0x6c, 0x8c, 0x20, 0x23,
2414 0x60, 0x46, 0x89, 0xea, 0x94, 0x60, 0xf3, 0x2a)
2417 if ctx
['num'] == idx
:
2418 logger
.info("Test: Correct ICV - extra data in STD-1")
2420 return struct
.pack(">BBHBBBBBBH8LB16B", EAP_CODE_REQUEST
, ctx
['id'],
2421 4 + 1 + 5 + 2 + 32 + 1 + 16,
2423 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2424 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2425 32, 0, 0, 0, 0, 0, 0, 0, 0,
2427 0x61, 0x49, 0x65, 0x37, 0x21, 0xe8, 0xd8, 0xbf,
2428 0xf3, 0x02, 0x01, 0xe5, 0x42, 0x51, 0xd3, 0x34)
2430 if ctx
['num'] == idx
:
2431 logger
.info("Test: Unexpected STD-1")
2432 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2433 4 + 1 + 5 + 2 + 32 + 16,
2435 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2436 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2437 32, 0, 0, 0, 0, 0, 0, 0, 0,
2438 0xe5, 0x1d, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
2439 0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
2442 if ctx
['num'] == idx
:
2443 return pax_std_1(ctx
)
2445 if ctx
['num'] == idx
:
2446 logger
.info("Test: MAC ID changed during session")
2447 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2448 4 + 1 + 5 + 2 + 32 + 16,
2450 EAP_PAX_OP_STD_1
, 0, EAP_PAX_HMAC_SHA256_128
,
2451 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2452 32, 0, 0, 0, 0, 0, 0, 0, 0,
2453 0xee, 0x00, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
2454 0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
2457 if ctx
['num'] == idx
:
2458 return pax_std_1(ctx
)
2460 if ctx
['num'] == idx
:
2461 logger
.info("Test: DH Group ID changed during session")
2462 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2463 4 + 1 + 5 + 2 + 32 + 16,
2465 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2466 EAP_PAX_DH_GROUP_2048_MODP
,
2467 EAP_PAX_PUBLIC_KEY_NONE
,
2468 32, 0, 0, 0, 0, 0, 0, 0, 0,
2469 0xee, 0x01, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
2470 0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
2473 if ctx
['num'] == idx
:
2474 return pax_std_1(ctx
)
2476 if ctx
['num'] == idx
:
2477 logger
.info("Test: Public Key ID changed during session")
2478 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2479 4 + 1 + 5 + 2 + 32 + 16,
2481 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2482 EAP_PAX_DH_GROUP_NONE
,
2483 EAP_PAX_PUBLIC_KEY_RSAES_OAEP
,
2484 32, 0, 0, 0, 0, 0, 0, 0, 0,
2485 0xee, 0x02, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
2486 0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
2489 if ctx
['num'] == idx
:
2490 logger
.info("Test: Unexpected STD-3")
2492 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2493 4 + 1 + 5 + 2 + 32 + 16,
2495 EAP_PAX_OP_STD_3
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2496 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2497 32, 0, 0, 0, 0, 0, 0, 0, 0,
2498 0x47, 0xbb, 0xc0, 0xf9, 0xb9, 0x69, 0xf5, 0xcb,
2499 0x3a, 0xe8, 0xe7, 0xd6, 0x80, 0x28, 0xf2, 0x59)
2502 if ctx
['num'] == idx
:
2503 return pax_std_1(ctx
)
2505 if ctx
['num'] == idx
:
2506 # TODO: MAC calculation; for now, this gets dropped due to incorrect
2508 logger
.info("Test: STD-3 with CE flag")
2509 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2510 4 + 1 + 5 + 2 + 32 + 16,
2512 EAP_PAX_OP_STD_3
, EAP_PAX_FLAGS_CE
,
2513 EAP_PAX_MAC_HMAC_SHA1_128
,
2514 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2515 32, 0, 0, 0, 0, 0, 0, 0, 0,
2516 0x8a, 0xc2, 0xf9, 0xf4, 0x8b, 0x75, 0x72, 0xa2,
2517 0x4d, 0xd3, 0x1e, 0x54, 0x77, 0x04, 0x05, 0xe2)
2520 if ctx
['num'] & 0x1 == idx
& 0x1:
2521 logger
.info("Test: Default request")
2522 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
2526 logger
.info("Test: Default EAP-Failure")
2527 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2529 srv
= start_radius_server(pax_handler
)
2532 hapd
= start_ap(apdev
[0]['ifname'])
2534 for i
in range(0, 18):
2535 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2536 eap
="PAX", identity
="user",
2537 password_hex
="0123456789abcdef0123456789abcdef",
2539 logger
.info("Waiting for EAP method to start")
2540 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
2543 raise Exception("Timeout on EAP start")
2545 dev
[0].request("REMOVE_NETWORK all")
2546 dev
[0].dump_monitor()
2548 logger
.info("Too short password")
2549 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2550 eap
="PAX", identity
="user",
2551 password_hex
="0123456789abcdef0123456789abcd",
2553 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
2555 raise Exception("Timeout on EAP start")
2557 dev
[0].request("REMOVE_NETWORK all")
2558 dev
[0].dump_monitor()
2560 logger
.info("No password")
2561 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2562 eap
="PAX", identity
="user",
2564 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
2566 raise Exception("Timeout on EAP start")
2568 dev
[0].request("REMOVE_NETWORK all")
2569 dev
[0].dump_monitor()
2571 stop_radius_server(srv
)
2573 def test_eap_proto_psk(dev
, apdev
):
2574 """EAP-PSK protocol tests"""
2575 def psk_handler(ctx
, req
):
2576 logger
.info("psk_handler - RX " + req
.encode("hex"))
2577 if 'num' not in ctx
:
2579 ctx
['num'] = ctx
['num'] + 1
2582 ctx
['id'] = (ctx
['id'] + 1) % 256
2587 if ctx
['num'] == idx
:
2588 logger
.info("Test: Missing payload")
2589 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
2594 if ctx
['num'] == idx
:
2595 logger
.info("Test: Non-zero T in first message")
2596 return struct
.pack(">BBHBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2598 EAP_TYPE_PSK
, 0xc0, 0, 0, 0, 0)
2601 if ctx
['num'] == idx
:
2602 logger
.info("Test: Valid first message")
2603 return struct
.pack(">BBHBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2605 EAP_TYPE_PSK
, 0, 0, 0, 0, 0)
2607 if ctx
['num'] == idx
:
2608 logger
.info("Test: Too short third message")
2609 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
2614 if ctx
['num'] == idx
:
2615 logger
.info("Test: Valid first message")
2616 return struct
.pack(">BBHBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2618 EAP_TYPE_PSK
, 0, 0, 0, 0, 0)
2620 if ctx
['num'] == idx
:
2621 logger
.info("Test: Incorrect T in third message")
2622 return struct
.pack(">BBHBB4L4L", EAP_CODE_REQUEST
, ctx
['id'],
2623 4 + 1 + 1 + 16 + 16,
2624 EAP_TYPE_PSK
, 0, 0, 0, 0, 0, 0, 0, 0, 0)
2627 if ctx
['num'] == idx
:
2628 logger
.info("Test: Valid first message")
2629 return struct
.pack(">BBHBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2631 EAP_TYPE_PSK
, 0, 0, 0, 0, 0)
2633 if ctx
['num'] == idx
:
2634 logger
.info("Test: Missing PCHANNEL in third message")
2635 return struct
.pack(">BBHBB4L4L", EAP_CODE_REQUEST
, ctx
['id'],
2636 4 + 1 + 1 + 16 + 16,
2637 EAP_TYPE_PSK
, 0x80, 0, 0, 0, 0, 0, 0, 0, 0)
2640 if ctx
['num'] == idx
:
2641 logger
.info("Test: Valid first message")
2642 return struct
.pack(">BBHBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2644 EAP_TYPE_PSK
, 0, 0, 0, 0, 0)
2646 if ctx
['num'] == idx
:
2647 logger
.info("Test: Invalic MAC_S in third message")
2648 return struct
.pack(">BBHBB4L4L5LB", EAP_CODE_REQUEST
, ctx
['id'],
2649 4 + 1 + 1 + 16 + 16 + 21,
2650 EAP_TYPE_PSK
, 0x80, 0, 0, 0, 0, 0, 0, 0, 0,
2654 if ctx
['num'] == idx
:
2655 logger
.info("Test: Valid first message")
2656 return struct
.pack(">BBHBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2658 EAP_TYPE_PSK
, 0, 0, 0, 0, 0)
2660 if ctx
['num'] == idx
:
2661 logger
.info("Test: EAP-Failure")
2662 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2666 srv
= start_radius_server(psk_handler
)
2669 hapd
= start_ap(apdev
[0]['ifname'])
2671 for i
in range(0, 6):
2672 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2673 eap
="PSK", identity
="user",
2674 password_hex
="0123456789abcdef0123456789abcdef",
2676 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
2679 raise Exception("Timeout on EAP start")
2681 dev
[0].request("REMOVE_NETWORK all")
2683 logger
.info("Test: Invalid PSK length")
2684 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2685 eap
="PSK", identity
="user",
2686 password_hex
="0123456789abcdef0123456789abcd",
2688 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
2691 raise Exception("Timeout on EAP start")
2693 dev
[0].request("REMOVE_NETWORK all")
2695 stop_radius_server(srv
)
2697 def test_eap_proto_psk_errors(dev
, apdev
):
2698 """EAP-PSK local error cases"""
2699 check_eap_capa(dev
[0], "PSK")
2700 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
2701 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
2703 for i
in range(1, 6):
2704 with
alloc_fail(dev
[0], i
, "eap_psk_init"):
2705 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2706 eap
="PSK", identity
="psk.user@example.com",
2707 password_hex
="0123456789abcdef0123456789abcdef",
2709 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
2712 raise Exception("Timeout on EAP start")
2713 dev
[0].request("REMOVE_NETWORK all")
2714 dev
[0].wait_disconnected()
2716 tests
= [ (1, "=eap_psk_process_1"),
2717 (2, "=eap_psk_process_1"),
2718 (1, "eap_msg_alloc;eap_psk_process_1"),
2719 (1, "=eap_psk_process_3"),
2720 (2, "=eap_psk_process_3"),
2721 (1, "eap_msg_alloc;eap_psk_process_3"),
2722 (1, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2723 (2, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2724 (3, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2725 (4, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2726 (5, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2727 (6, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2728 (7, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2729 (8, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2730 (9, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2731 (10, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2732 (1, "aes_128_ctr_encrypt;aes_128_eax_decrypt;eap_psk_process_3"),
2733 (1, "aes_128_ctr_encrypt;aes_128_eax_encrypt;eap_psk_process_3"),
2734 (1, "eap_psk_getKey"),
2735 (1, "eap_psk_get_session_id"),
2736 (1, "eap_psk_get_emsk") ]
2737 for count
, func
in tests
:
2738 with
alloc_fail(dev
[0], count
, func
):
2739 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2740 eap
="PSK", identity
="psk.user@example.com",
2741 password_hex
="0123456789abcdef0123456789abcdef",
2742 erp
="1", wait_connect
=False)
2743 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
2746 raise Exception("Timeout on EAP start")
2749 state
= dev
[0].request('GET_ALLOC_FAIL')
2750 if state
.startswith('0:'):
2755 raise Exception("No allocation failure seen for %d:%s" % (count
, func
))
2756 dev
[0].request("REMOVE_NETWORK all")
2757 dev
[0].wait_disconnected()
2759 tests
= [ (1, "os_get_random;eap_psk_process_1"),
2760 (1, "omac1_aes_128;eap_psk_process_3"),
2761 (1, "aes_128_eax_decrypt;eap_psk_process_3"),
2762 (2, "aes_128_eax_decrypt;eap_psk_process_3"),
2763 (3, "aes_128_eax_decrypt;eap_psk_process_3"),
2764 (1, "aes_128_eax_encrypt;eap_psk_process_3"),
2765 (2, "aes_128_eax_encrypt;eap_psk_process_3"),
2766 (3, "aes_128_eax_encrypt;eap_psk_process_3") ]
2767 for count
, func
in tests
:
2768 with
fail_test(dev
[0], count
, func
):
2769 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2770 eap
="PSK", identity
="psk.user@example.com",
2771 password_hex
="0123456789abcdef0123456789abcdef",
2773 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
2776 raise Exception("Timeout on EAP start")
2779 state
= dev
[0].request('GET_FAIL')
2780 if state
.startswith('0:'):
2785 raise Exception("No failure seen for %d:%s" % (count
, func
))
2786 dev
[0].request("REMOVE_NETWORK all")
2787 dev
[0].wait_disconnected()
2789 EAP_SIM_SUBTYPE_START
= 10
2790 EAP_SIM_SUBTYPE_CHALLENGE
= 11
2791 EAP_SIM_SUBTYPE_NOTIFICATION
= 12
2792 EAP_SIM_SUBTYPE_REAUTHENTICATION
= 13
2793 EAP_SIM_SUBTYPE_CLIENT_ERROR
= 14
2795 EAP_AKA_SUBTYPE_CHALLENGE
= 1
2796 EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT
= 2
2797 EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE
= 4
2798 EAP_AKA_SUBTYPE_IDENTITY
= 5
2799 EAP_AKA_SUBTYPE_NOTIFICATION
= 12
2800 EAP_AKA_SUBTYPE_REAUTHENTICATION
= 13
2801 EAP_AKA_SUBTYPE_CLIENT_ERROR
= 14
2807 EAP_SIM_AT_PADDING
= 6
2808 EAP_SIM_AT_NONCE_MT
= 7
2809 EAP_SIM_AT_PERMANENT_ID_REQ
= 10
2811 EAP_SIM_AT_NOTIFICATION
= 12
2812 EAP_SIM_AT_ANY_ID_REQ
= 13
2813 EAP_SIM_AT_IDENTITY
= 14
2814 EAP_SIM_AT_VERSION_LIST
= 15
2815 EAP_SIM_AT_SELECTED_VERSION
= 16
2816 EAP_SIM_AT_FULLAUTH_ID_REQ
= 17
2817 EAP_SIM_AT_COUNTER
= 19
2818 EAP_SIM_AT_COUNTER_TOO_SMALL
= 20
2819 EAP_SIM_AT_NONCE_S
= 21
2820 EAP_SIM_AT_CLIENT_ERROR_CODE
= 22
2821 EAP_SIM_AT_KDF_INPUT
= 23
2824 EAP_SIM_AT_ENCR_DATA
= 130
2825 EAP_SIM_AT_NEXT_PSEUDONYM
= 132
2826 EAP_SIM_AT_NEXT_REAUTH_ID
= 133
2827 EAP_SIM_AT_CHECKCODE
= 134
2828 EAP_SIM_AT_RESULT_IND
= 135
2829 EAP_SIM_AT_BIDDING
= 136
2831 def test_eap_proto_aka(dev
, apdev
):
2832 """EAP-AKA protocol tests"""
2833 def aka_handler(ctx
, req
):
2834 logger
.info("aka_handler - RX " + req
.encode("hex"))
2835 if 'num' not in ctx
:
2837 ctx
['num'] = ctx
['num'] + 1
2840 ctx
['id'] = (ctx
['id'] + 1) % 256
2845 if ctx
['num'] == idx
:
2846 logger
.info("Test: Missing payload")
2847 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
2852 if ctx
['num'] == idx
:
2853 logger
.info("Test: Unknown subtype")
2854 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2856 EAP_TYPE_AKA
, 255, 0)
2858 if ctx
['num'] == idx
:
2859 logger
.info("Test: EAP-Failure")
2860 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2863 if ctx
['num'] == idx
:
2864 logger
.info("Test: Client Error")
2865 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2867 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_CLIENT_ERROR
, 0)
2869 if ctx
['num'] == idx
:
2870 logger
.info("Test: EAP-Failure")
2871 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2874 if ctx
['num'] == idx
:
2875 logger
.info("Test: Too short attribute header")
2876 return struct
.pack(">BBHBBHB", EAP_CODE_REQUEST
, ctx
['id'],
2878 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0, 255)
2880 if ctx
['num'] == idx
:
2881 logger
.info("Test: EAP-Failure")
2882 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2885 if ctx
['num'] == idx
:
2886 logger
.info("Test: Truncated attribute")
2887 return struct
.pack(">BBHBBHBB", EAP_CODE_REQUEST
, ctx
['id'],
2889 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0, 255,
2892 if ctx
['num'] == idx
:
2893 logger
.info("Test: EAP-Failure")
2894 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2897 if ctx
['num'] == idx
:
2898 logger
.info("Test: Too short attribute data")
2899 return struct
.pack(">BBHBBHBB", EAP_CODE_REQUEST
, ctx
['id'],
2901 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0, 255,
2904 if ctx
['num'] == idx
:
2905 logger
.info("Test: EAP-Failure")
2906 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2909 if ctx
['num'] == idx
:
2910 logger
.info("Test: Skippable/non-skippable unrecognzized attribute")
2911 return struct
.pack(">BBHBBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2913 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2914 255, 1, 0, 127, 1, 0)
2916 if ctx
['num'] == idx
:
2917 logger
.info("Test: EAP-Failure")
2918 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2921 if ctx
['num'] == idx
:
2922 logger
.info("Test: Identity request without ID type")
2923 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2925 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0)
2927 if ctx
['num'] == idx
:
2928 logger
.info("Test: Identity request ANY_ID")
2929 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2931 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2932 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
2934 if ctx
['num'] == idx
:
2935 logger
.info("Test: Identity request ANY_ID (duplicate)")
2936 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2938 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2939 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
2941 if ctx
['num'] == idx
:
2942 logger
.info("Test: EAP-Failure")
2943 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2946 if ctx
['num'] == idx
:
2947 logger
.info("Test: Identity request ANY_ID")
2948 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2950 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2951 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
2953 if ctx
['num'] == idx
:
2954 logger
.info("Test: Identity request FULLAUTH_ID")
2955 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2957 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2958 EAP_SIM_AT_FULLAUTH_ID_REQ
, 1, 0)
2960 if ctx
['num'] == idx
:
2961 logger
.info("Test: Identity request FULLAUTH_ID (duplicate)")
2962 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2964 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2965 EAP_SIM_AT_FULLAUTH_ID_REQ
, 1, 0)
2967 if ctx
['num'] == idx
:
2968 logger
.info("Test: EAP-Failure")
2969 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2972 if ctx
['num'] == idx
:
2973 logger
.info("Test: Identity request ANY_ID")
2974 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2976 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2977 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
2979 if ctx
['num'] == idx
:
2980 logger
.info("Test: Identity request FULLAUTH_ID")
2981 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2983 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2984 EAP_SIM_AT_FULLAUTH_ID_REQ
, 1, 0)
2986 if ctx
['num'] == idx
:
2987 logger
.info("Test: Identity request PERMANENT_ID")
2988 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2990 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2991 EAP_SIM_AT_PERMANENT_ID_REQ
, 1, 0)
2993 if ctx
['num'] == idx
:
2994 logger
.info("Test: Identity request PERMANENT_ID (duplicate)")
2995 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2997 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2998 EAP_SIM_AT_PERMANENT_ID_REQ
, 1, 0)
3000 if ctx
['num'] == idx
:
3001 logger
.info("Test: EAP-Failure")
3002 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3005 if ctx
['num'] == idx
:
3006 logger
.info("Test: Challenge with no attributes")
3007 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3009 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_CHALLENGE
, 0)
3011 if ctx
['num'] == idx
:
3012 logger
.info("Test: EAP-Failure")
3013 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3016 if ctx
['num'] == idx
:
3017 logger
.info("Test: AKA Challenge with BIDDING")
3018 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3020 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3021 EAP_SIM_AT_BIDDING
, 1, 0x8000)
3023 if ctx
['num'] == idx
:
3024 logger
.info("Test: EAP-Failure")
3025 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3028 if ctx
['num'] == idx
:
3029 logger
.info("Test: Notification with no attributes")
3030 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3032 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0)
3034 if ctx
['num'] == idx
:
3035 logger
.info("Test: EAP-Failure")
3036 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3039 if ctx
['num'] == idx
:
3040 logger
.info("Test: Notification indicating success, but no MAC")
3041 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3043 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0,
3044 EAP_SIM_AT_NOTIFICATION
, 1, 32768)
3046 if ctx
['num'] == idx
:
3047 logger
.info("Test: EAP-Failure")
3048 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3051 if ctx
['num'] == idx
:
3052 logger
.info("Test: Notification indicating success, but invalid MAC value")
3053 return struct
.pack(">BBHBBHBBHBBH4L", EAP_CODE_REQUEST
, ctx
['id'],
3055 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0,
3056 EAP_SIM_AT_NOTIFICATION
, 1, 32768,
3057 EAP_SIM_AT_MAC
, 5, 0, 0, 0, 0, 0)
3059 if ctx
['num'] == idx
:
3060 logger
.info("Test: EAP-Failure")
3061 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3064 if ctx
['num'] == idx
:
3065 logger
.info("Test: Notification indicating success with zero-key MAC")
3066 return struct
.pack(">BBHBBHBBHBBH16B", EAP_CODE_REQUEST
,
3069 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0,
3070 EAP_SIM_AT_NOTIFICATION
, 1, 32768,
3071 EAP_SIM_AT_MAC
, 5, 0,
3072 0xbe, 0x2e, 0xbb, 0xa9, 0xfa, 0x2e, 0x82, 0x36,
3073 0x37, 0x8c, 0x32, 0x41, 0xb7, 0xc7, 0x58, 0xa3)
3075 if ctx
['num'] == idx
:
3076 logger
.info("Test: EAP-Success")
3077 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'], 4)
3080 if ctx
['num'] == idx
:
3081 logger
.info("Test: Notification before auth")
3082 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3084 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0,
3085 EAP_SIM_AT_NOTIFICATION
, 1, 16384)
3087 if ctx
['num'] == idx
:
3088 logger
.info("Test: EAP-Failure")
3089 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3092 if ctx
['num'] == idx
:
3093 logger
.info("Test: Notification before auth")
3094 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3096 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0,
3097 EAP_SIM_AT_NOTIFICATION
, 1, 16385)
3099 if ctx
['num'] == idx
:
3100 logger
.info("Test: EAP-Failure")
3101 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3104 if ctx
['num'] == idx
:
3105 logger
.info("Test: Notification with unrecognized non-failure")
3106 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3108 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0,
3109 EAP_SIM_AT_NOTIFICATION
, 1, 0xc000)
3111 if ctx
['num'] == idx
:
3112 logger
.info("Test: Notification before auth (duplicate)")
3113 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3115 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0,
3116 EAP_SIM_AT_NOTIFICATION
, 1, 0xc000)
3118 if ctx
['num'] == idx
:
3119 logger
.info("Test: EAP-Failure")
3120 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3123 if ctx
['num'] == idx
:
3124 logger
.info("Test: Re-authentication (unexpected) with no attributes")
3125 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3127 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_REAUTHENTICATION
,
3130 if ctx
['num'] == idx
:
3131 logger
.info("Test: EAP-Failure")
3132 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3135 if ctx
['num'] == idx
:
3136 logger
.info("Test: AKA Challenge with Checkcode claiming identity round was used")
3137 return struct
.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST
, ctx
['id'],
3139 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3140 EAP_SIM_AT_CHECKCODE
, 6, 0, 0, 0, 0, 0, 0)
3142 if ctx
['num'] == idx
:
3143 logger
.info("Test: EAP-Failure")
3144 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3147 if ctx
['num'] == idx
:
3148 logger
.info("Test: Identity request ANY_ID")
3149 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3151 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3152 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
3154 if ctx
['num'] == idx
:
3155 logger
.info("Test: AKA Challenge with Checkcode claiming no identity round was used")
3156 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3158 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3159 EAP_SIM_AT_CHECKCODE
, 1, 0)
3161 if ctx
['num'] == idx
:
3162 logger
.info("Test: EAP-Failure")
3163 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3166 if ctx
['num'] == idx
:
3167 logger
.info("Test: Identity request ANY_ID")
3168 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3170 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3171 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
3173 if ctx
['num'] == idx
:
3174 logger
.info("Test: AKA Challenge with mismatching Checkcode value")
3175 return struct
.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST
, ctx
['id'],
3177 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3178 EAP_SIM_AT_CHECKCODE
, 6, 0, 0, 0, 0, 0, 0)
3180 if ctx
['num'] == idx
:
3181 logger
.info("Test: EAP-Failure")
3182 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3185 if ctx
['num'] == idx
:
3186 logger
.info("Test: Re-authentication (unexpected) with Checkcode claimin identity round was used")
3187 return struct
.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST
, ctx
['id'],
3189 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_REAUTHENTICATION
,
3191 EAP_SIM_AT_CHECKCODE
, 6, 0, 0, 0, 0, 0, 0)
3193 if ctx
['num'] == idx
:
3194 logger
.info("Test: EAP-Failure")
3195 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3198 if ctx
['num'] == idx
:
3199 logger
.info("Test: Invalid AT_RAND length")
3200 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3202 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3203 EAP_SIM_AT_RAND
, 1, 0)
3205 if ctx
['num'] == idx
:
3206 logger
.info("Test: EAP-Failure")
3207 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3210 if ctx
['num'] == idx
:
3211 logger
.info("Test: Invalid AT_AUTN length")
3212 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3214 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3215 EAP_SIM_AT_AUTN
, 1, 0)
3217 if ctx
['num'] == idx
:
3218 logger
.info("Test: EAP-Failure")
3219 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3222 if ctx
['num'] == idx
:
3223 logger
.info("Test: Unencrypted AT_PADDING")
3224 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3226 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3227 EAP_SIM_AT_PADDING
, 1, 0)
3229 if ctx
['num'] == idx
:
3230 logger
.info("Test: EAP-Failure")
3231 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3234 if ctx
['num'] == idx
:
3235 logger
.info("Test: Invalid AT_NONCE_MT length")
3236 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3238 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3239 EAP_SIM_AT_NONCE_MT
, 1, 0)
3241 if ctx
['num'] == idx
:
3242 logger
.info("Test: EAP-Failure")
3243 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3246 if ctx
['num'] == idx
:
3247 logger
.info("Test: Invalid AT_MAC length")
3248 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3250 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3251 EAP_SIM_AT_MAC
, 1, 0)
3253 if ctx
['num'] == idx
:
3254 logger
.info("Test: EAP-Failure")
3255 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3258 if ctx
['num'] == idx
:
3259 logger
.info("Test: Invalid AT_NOTIFICATION length")
3260 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3262 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3263 EAP_SIM_AT_NOTIFICATION
, 2, 0, 0)
3265 if ctx
['num'] == idx
:
3266 logger
.info("Test: EAP-Failure")
3267 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3270 if ctx
['num'] == idx
:
3271 logger
.info("Test: AT_IDENTITY overflow")
3272 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3274 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3275 EAP_SIM_AT_IDENTITY
, 1, 0xffff)
3277 if ctx
['num'] == idx
:
3278 logger
.info("Test: EAP-Failure")
3279 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3282 if ctx
['num'] == idx
:
3283 logger
.info("Test: Unexpected AT_VERSION_LIST")
3284 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3286 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3287 EAP_SIM_AT_VERSION_LIST
, 1, 0)
3289 if ctx
['num'] == idx
:
3290 logger
.info("Test: EAP-Failure")
3291 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3294 if ctx
['num'] == idx
:
3295 logger
.info("Test: Invalid AT_SELECTED_VERSION length")
3296 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3298 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3299 EAP_SIM_AT_SELECTED_VERSION
, 2, 0, 0)
3301 if ctx
['num'] == idx
:
3302 logger
.info("Test: EAP-Failure")
3303 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3306 if ctx
['num'] == idx
:
3307 logger
.info("Test: Unencrypted AT_COUNTER")
3308 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3310 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3311 EAP_SIM_AT_COUNTER
, 1, 0)
3313 if ctx
['num'] == idx
:
3314 logger
.info("Test: EAP-Failure")
3315 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3318 if ctx
['num'] == idx
:
3319 logger
.info("Test: Unencrypted AT_COUNTER_TOO_SMALL")
3320 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3322 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3323 EAP_SIM_AT_COUNTER_TOO_SMALL
, 1, 0)
3325 if ctx
['num'] == idx
:
3326 logger
.info("Test: EAP-Failure")
3327 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3330 if ctx
['num'] == idx
:
3331 logger
.info("Test: Unencrypted AT_NONCE_S")
3332 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3334 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3335 EAP_SIM_AT_NONCE_S
, 1, 0)
3337 if ctx
['num'] == idx
:
3338 logger
.info("Test: EAP-Failure")
3339 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3342 if ctx
['num'] == idx
:
3343 logger
.info("Test: Invalid AT_CLIENT_ERROR_CODE length")
3344 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3346 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3347 EAP_SIM_AT_CLIENT_ERROR_CODE
, 2, 0, 0)
3349 if ctx
['num'] == idx
:
3350 logger
.info("Test: EAP-Failure")
3351 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3354 if ctx
['num'] == idx
:
3355 logger
.info("Test: Invalid AT_IV length")
3356 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3358 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3359 EAP_SIM_AT_IV
, 1, 0)
3361 if ctx
['num'] == idx
:
3362 logger
.info("Test: EAP-Failure")
3363 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3366 if ctx
['num'] == idx
:
3367 logger
.info("Test: Invalid AT_ENCR_DATA length")
3368 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3370 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3371 EAP_SIM_AT_ENCR_DATA
, 2, 0, 0)
3373 if ctx
['num'] == idx
:
3374 logger
.info("Test: EAP-Failure")
3375 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3378 if ctx
['num'] == idx
:
3379 logger
.info("Test: Unencrypted AT_NEXT_PSEUDONYM")
3380 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3382 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3383 EAP_SIM_AT_NEXT_PSEUDONYM
, 1, 0)
3385 if ctx
['num'] == idx
:
3386 logger
.info("Test: EAP-Failure")
3387 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3390 if ctx
['num'] == idx
:
3391 logger
.info("Test: Unencrypted AT_NEXT_REAUTH_ID")
3392 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3394 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3395 EAP_SIM_AT_NEXT_REAUTH_ID
, 1, 0)
3397 if ctx
['num'] == idx
:
3398 logger
.info("Test: EAP-Failure")
3399 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3402 if ctx
['num'] == idx
:
3403 logger
.info("Test: Invalid AT_RES length")
3404 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3406 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3407 EAP_SIM_AT_RES
, 1, 0)
3409 if ctx
['num'] == idx
:
3410 logger
.info("Test: EAP-Failure")
3411 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3414 if ctx
['num'] == idx
:
3415 logger
.info("Test: Invalid AT_RES length")
3416 return struct
.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST
, ctx
['id'],
3418 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3419 EAP_SIM_AT_RES
, 6, 0xffff, 0, 0, 0, 0, 0)
3421 if ctx
['num'] == idx
:
3422 logger
.info("Test: EAP-Failure")
3423 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3426 if ctx
['num'] == idx
:
3427 logger
.info("Test: Invalid AT_AUTS length")
3428 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3430 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3431 EAP_SIM_AT_AUTS
, 2, 0, 0)
3433 if ctx
['num'] == idx
:
3434 logger
.info("Test: EAP-Failure")
3435 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3438 if ctx
['num'] == idx
:
3439 logger
.info("Test: Invalid AT_CHECKCODE length")
3440 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3442 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3443 EAP_SIM_AT_CHECKCODE
, 2, 0, 0)
3445 if ctx
['num'] == idx
:
3446 logger
.info("Test: EAP-Failure")
3447 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3450 if ctx
['num'] == idx
:
3451 logger
.info("Test: Invalid AT_RESULT_IND length")
3452 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3454 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3455 EAP_SIM_AT_RESULT_IND
, 2, 0, 0)
3457 if ctx
['num'] == idx
:
3458 logger
.info("Test: EAP-Failure")
3459 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3462 if ctx
['num'] == idx
:
3463 logger
.info("Test: Unexpected AT_KDF_INPUT")
3464 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3466 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3467 EAP_SIM_AT_KDF_INPUT
, 2, 0, 0)
3469 if ctx
['num'] == idx
:
3470 logger
.info("Test: EAP-Failure")
3471 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3474 if ctx
['num'] == idx
:
3475 logger
.info("Test: Unexpected AT_KDF")
3476 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3478 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3479 EAP_SIM_AT_KDF
, 2, 0, 0)
3481 if ctx
['num'] == idx
:
3482 logger
.info("Test: EAP-Failure")
3483 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3486 if ctx
['num'] == idx
:
3487 logger
.info("Test: Invalid AT_BIDDING length")
3488 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3490 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3491 EAP_SIM_AT_BIDDING
, 2, 0, 0)
3493 if ctx
['num'] == idx
:
3494 logger
.info("Test: EAP-Failure")
3495 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3499 srv
= start_radius_server(aka_handler
)
3502 hapd
= start_ap(apdev
[0]['ifname'])
3504 for i
in range(0, 49):
3505 eap
= "AKA AKA'" if i
== 11 else "AKA"
3506 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
3507 eap
=eap
, identity
="0232010000000000",
3508 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
3510 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
3513 raise Exception("Timeout on EAP start")
3517 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
3520 raise Exception("Timeout on EAP failure")
3521 dev
[0].request("REMOVE_NETWORK all")
3522 dev
[0].dump_monitor()
3524 stop_radius_server(srv
)
3526 def test_eap_proto_aka_prime(dev
, apdev
):
3527 """EAP-AKA' protocol tests"""
3528 def aka_prime_handler(ctx
, req
):
3529 logger
.info("aka_prime_handler - RX " + req
.encode("hex"))
3530 if 'num' not in ctx
:
3532 ctx
['num'] = ctx
['num'] + 1
3535 ctx
['id'] = (ctx
['id'] + 1) % 256
3540 if ctx
['num'] == idx
:
3541 logger
.info("Test: Missing payload")
3542 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
3547 if ctx
['num'] == idx
:
3548 logger
.info("Test: Challenge with no attributes")
3549 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3551 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0)
3553 if ctx
['num'] == idx
:
3554 logger
.info("Test: EAP-Failure")
3555 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3558 if ctx
['num'] == idx
:
3559 logger
.info("Test: Challenge with empty AT_KDF_INPUT")
3560 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3562 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3563 EAP_SIM_AT_KDF_INPUT
, 1, 0)
3565 if ctx
['num'] == idx
:
3566 logger
.info("Test: EAP-Failure")
3567 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3570 if ctx
['num'] == idx
:
3571 logger
.info("Test: Challenge with AT_KDF_INPUT")
3572 return struct
.pack(">BBHBBHBBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
3574 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3575 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3578 if ctx
['num'] == idx
:
3579 logger
.info("Test: EAP-Failure")
3580 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3583 if ctx
['num'] == idx
:
3584 logger
.info("Test: Challenge with duplicated KDF")
3585 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBH",
3586 EAP_CODE_REQUEST
, ctx
['id'],
3587 4 + 1 + 3 + 8 + 3 * 4,
3588 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3589 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3591 EAP_SIM_AT_KDF
, 1, 1,
3592 EAP_SIM_AT_KDF
, 1, 2,
3593 EAP_SIM_AT_KDF
, 1, 1)
3595 if ctx
['num'] == idx
:
3596 logger
.info("Test: EAP-Failure")
3597 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3600 if ctx
['num'] == idx
:
3601 logger
.info("Test: Challenge with multiple KDF proposals")
3602 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBH",
3603 EAP_CODE_REQUEST
, ctx
['id'],
3604 4 + 1 + 3 + 8 + 3 * 4,
3605 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3606 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3608 EAP_SIM_AT_KDF
, 1, 255,
3609 EAP_SIM_AT_KDF
, 1, 254,
3610 EAP_SIM_AT_KDF
, 1, 1)
3612 if ctx
['num'] == idx
:
3613 logger
.info("Test: Challenge with incorrect KDF selected")
3614 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBHBBH",
3615 EAP_CODE_REQUEST
, ctx
['id'],
3616 4 + 1 + 3 + 8 + 4 * 4,
3617 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3618 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3620 EAP_SIM_AT_KDF
, 1, 255,
3621 EAP_SIM_AT_KDF
, 1, 255,
3622 EAP_SIM_AT_KDF
, 1, 254,
3623 EAP_SIM_AT_KDF
, 1, 1)
3625 if ctx
['num'] == idx
:
3626 logger
.info("Test: EAP-Failure")
3627 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3630 if ctx
['num'] == idx
:
3631 logger
.info("Test: Challenge with multiple KDF proposals")
3632 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBH",
3633 EAP_CODE_REQUEST
, ctx
['id'],
3634 4 + 1 + 3 + 8 + 3 * 4,
3635 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3636 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3638 EAP_SIM_AT_KDF
, 1, 255,
3639 EAP_SIM_AT_KDF
, 1, 254,
3640 EAP_SIM_AT_KDF
, 1, 1)
3642 if ctx
['num'] == idx
:
3643 logger
.info("Test: Challenge with selected KDF not duplicated")
3644 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBH",
3645 EAP_CODE_REQUEST
, ctx
['id'],
3646 4 + 1 + 3 + 8 + 3 * 4,
3647 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3648 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3650 EAP_SIM_AT_KDF
, 1, 1,
3651 EAP_SIM_AT_KDF
, 1, 255,
3652 EAP_SIM_AT_KDF
, 1, 254)
3654 if ctx
['num'] == idx
:
3655 logger
.info("Test: EAP-Failure")
3656 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3659 if ctx
['num'] == idx
:
3660 logger
.info("Test: Challenge with multiple KDF proposals")
3661 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBH",
3662 EAP_CODE_REQUEST
, ctx
['id'],
3663 4 + 1 + 3 + 8 + 3 * 4,
3664 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3665 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3667 EAP_SIM_AT_KDF
, 1, 255,
3668 EAP_SIM_AT_KDF
, 1, 254,
3669 EAP_SIM_AT_KDF
, 1, 1)
3671 if ctx
['num'] == idx
:
3672 logger
.info("Test: Challenge with selected KDF duplicated (missing MAC, RAND, AUTN)")
3673 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBHBBH",
3674 EAP_CODE_REQUEST
, ctx
['id'],
3675 4 + 1 + 3 + 8 + 4 * 4,
3676 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3677 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3679 EAP_SIM_AT_KDF
, 1, 1,
3680 EAP_SIM_AT_KDF
, 1, 255,
3681 EAP_SIM_AT_KDF
, 1, 254,
3682 EAP_SIM_AT_KDF
, 1, 1)
3684 if ctx
['num'] == idx
:
3685 logger
.info("Test: EAP-Failure")
3686 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3689 if ctx
['num'] == idx
:
3690 logger
.info("Test: Challenge with multiple unsupported KDF proposals")
3691 return struct
.pack(">BBHBBHBBHBBBBBBHBBH",
3692 EAP_CODE_REQUEST
, ctx
['id'],
3693 4 + 1 + 3 + 8 + 2 * 4,
3694 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3695 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3697 EAP_SIM_AT_KDF
, 1, 255,
3698 EAP_SIM_AT_KDF
, 1, 254)
3700 if ctx
['num'] == idx
:
3701 logger
.info("Test: EAP-Failure")
3702 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3705 if ctx
['num'] == idx
:
3706 logger
.info("Test: Challenge with multiple KDF proposals")
3707 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBH",
3708 EAP_CODE_REQUEST
, ctx
['id'],
3709 4 + 1 + 3 + 8 + 3 * 4,
3710 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3711 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3713 EAP_SIM_AT_KDF
, 1, 255,
3714 EAP_SIM_AT_KDF
, 1, 254,
3715 EAP_SIM_AT_KDF
, 1, 1)
3717 if ctx
['num'] == idx
:
3718 logger
.info("Test: Challenge with invalid MAC, RAND, AUTN values)")
3719 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBHBBHBBH4LBBH4LBBH4L",
3720 EAP_CODE_REQUEST
, ctx
['id'],
3721 4 + 1 + 3 + 8 + 4 * 4 + 20 + 20 + 20,
3722 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3723 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3725 EAP_SIM_AT_KDF
, 1, 1,
3726 EAP_SIM_AT_KDF
, 1, 255,
3727 EAP_SIM_AT_KDF
, 1, 254,
3728 EAP_SIM_AT_KDF
, 1, 1,
3729 EAP_SIM_AT_MAC
, 5, 0, 0, 0, 0, 0,
3730 EAP_SIM_AT_RAND
, 5, 0, 0, 0, 0, 0,
3731 EAP_SIM_AT_AUTN
, 5, 0, 0, 0, 0, 0)
3733 if ctx
['num'] == idx
:
3734 logger
.info("Test: EAP-Failure")
3735 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3738 if ctx
['num'] == idx
:
3739 logger
.info("Test: Challenge - AMF separation bit not set)")
3740 return struct
.pack(">BBHBBHBBHBBBBBBHBBH4LBBH4LBBH4L",
3741 EAP_CODE_REQUEST
, ctx
['id'],
3742 4 + 1 + 3 + 8 + 4 + 20 + 20 + 20,
3743 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3744 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3746 EAP_SIM_AT_KDF
, 1, 1,
3747 EAP_SIM_AT_MAC
, 5, 0, 1, 2, 3, 4,
3748 EAP_SIM_AT_RAND
, 5, 0, 5, 6, 7, 8,
3749 EAP_SIM_AT_AUTN
, 5, 0, 9, 10,
3750 0x2fda8ef7, 0xbba518cc)
3752 if ctx
['num'] == idx
:
3753 logger
.info("Test: EAP-Failure")
3754 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3757 if ctx
['num'] == idx
:
3758 logger
.info("Test: Challenge - Invalid MAC")
3759 return struct
.pack(">BBHBBHBBHBBBBBBHBBH4LBBH4LBBH4L",
3760 EAP_CODE_REQUEST
, ctx
['id'],
3761 4 + 1 + 3 + 8 + 4 + 20 + 20 + 20,
3762 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3763 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3765 EAP_SIM_AT_KDF
, 1, 1,
3766 EAP_SIM_AT_MAC
, 5, 0, 1, 2, 3, 4,
3767 EAP_SIM_AT_RAND
, 5, 0, 5, 6, 7, 8,
3768 EAP_SIM_AT_AUTN
, 5, 0, 0xffffffff, 0xffffffff,
3769 0xd1f90322, 0x40514cb4)
3771 if ctx
['num'] == idx
:
3772 logger
.info("Test: EAP-Failure")
3773 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3776 if ctx
['num'] == idx
:
3777 logger
.info("Test: Challenge - Valid MAC")
3778 return struct
.pack(">BBHBBHBBHBBBBBBHBBH4LBBH4LBBH4L",
3779 EAP_CODE_REQUEST
, ctx
['id'],
3780 4 + 1 + 3 + 8 + 4 + 20 + 20 + 20,
3781 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3782 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3784 EAP_SIM_AT_KDF
, 1, 1,
3785 EAP_SIM_AT_MAC
, 5, 0,
3786 0xf4a3c1d3, 0x7c901401, 0x34bd8b01, 0x6f7fa32f,
3787 EAP_SIM_AT_RAND
, 5, 0, 5, 6, 7, 8,
3788 EAP_SIM_AT_AUTN
, 5, 0, 0xffffffff, 0xffffffff,
3789 0xd1f90322, 0x40514cb4)
3791 if ctx
['num'] == idx
:
3792 logger
.info("Test: EAP-Failure")
3793 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3796 if ctx
['num'] == idx
:
3797 logger
.info("Test: Invalid AT_KDF_INPUT length")
3798 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3800 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3801 EAP_SIM_AT_KDF_INPUT
, 2, 0xffff, 0)
3803 if ctx
['num'] == idx
:
3804 logger
.info("Test: EAP-Failure")
3805 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3808 if ctx
['num'] == idx
:
3809 logger
.info("Test: Invalid AT_KDF length")
3810 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3812 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3813 EAP_SIM_AT_KDF
, 2, 0, 0)
3815 if ctx
['num'] == idx
:
3816 logger
.info("Test: EAP-Failure")
3817 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3820 if ctx
['num'] == idx
:
3821 logger
.info("Test: Challenge with large number of KDF proposals")
3822 return struct
.pack(">BBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBH",
3823 EAP_CODE_REQUEST
, ctx
['id'],
3825 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3826 EAP_SIM_AT_KDF
, 1, 255,
3827 EAP_SIM_AT_KDF
, 1, 254,
3828 EAP_SIM_AT_KDF
, 1, 253,
3829 EAP_SIM_AT_KDF
, 1, 252,
3830 EAP_SIM_AT_KDF
, 1, 251,
3831 EAP_SIM_AT_KDF
, 1, 250,
3832 EAP_SIM_AT_KDF
, 1, 249,
3833 EAP_SIM_AT_KDF
, 1, 248,
3834 EAP_SIM_AT_KDF
, 1, 247,
3835 EAP_SIM_AT_KDF
, 1, 246,
3836 EAP_SIM_AT_KDF
, 1, 245,
3837 EAP_SIM_AT_KDF
, 1, 244)
3839 if ctx
['num'] == idx
:
3840 logger
.info("Test: EAP-Failure")
3841 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3845 srv
= start_radius_server(aka_prime_handler
)
3848 hapd
= start_ap(apdev
[0]['ifname'])
3850 for i
in range(0, 16):
3851 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
3852 eap
="AKA'", identity
="6555444333222111",
3853 password
="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
3855 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
3858 raise Exception("Timeout on EAP start")
3862 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
3865 raise Exception("Timeout on EAP failure")
3866 dev
[0].request("REMOVE_NETWORK all")
3867 dev
[0].dump_monitor()
3869 stop_radius_server(srv
)
3871 def test_eap_proto_sim(dev
, apdev
):
3872 """EAP-SIM protocol tests"""
3873 def sim_handler(ctx
, req
):
3874 logger
.info("sim_handler - RX " + req
.encode("hex"))
3875 if 'num' not in ctx
:
3877 ctx
['num'] = ctx
['num'] + 1
3880 ctx
['id'] = (ctx
['id'] + 1) % 256
3885 if ctx
['num'] == idx
:
3886 logger
.info("Test: Missing payload")
3887 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
3892 if ctx
['num'] == idx
:
3893 logger
.info("Test: Unexpected AT_AUTN")
3894 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3896 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3897 EAP_SIM_AT_AUTN
, 2, 0, 0)
3899 if ctx
['num'] == idx
:
3900 logger
.info("Test: EAP-Failure")
3901 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3904 if ctx
['num'] == idx
:
3905 logger
.info("Test: Too short AT_VERSION_LIST")
3906 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3908 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3909 EAP_SIM_AT_VERSION_LIST
, 1, 0)
3911 if ctx
['num'] == idx
:
3912 logger
.info("Test: EAP-Failure")
3913 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3916 if ctx
['num'] == idx
:
3917 logger
.info("Test: AT_VERSION_LIST overflow")
3918 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3920 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3921 EAP_SIM_AT_VERSION_LIST
, 1, 0xffff)
3923 if ctx
['num'] == idx
:
3924 logger
.info("Test: EAP-Failure")
3925 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3928 if ctx
['num'] == idx
:
3929 logger
.info("Test: Unexpected AT_AUTS")
3930 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3932 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3933 EAP_SIM_AT_AUTS
, 2, 0, 0)
3935 if ctx
['num'] == idx
:
3936 logger
.info("Test: EAP-Failure")
3937 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3940 if ctx
['num'] == idx
:
3941 logger
.info("Test: Unexpected AT_CHECKCODE")
3942 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3944 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3945 EAP_SIM_AT_CHECKCODE
, 2, 0, 0)
3947 if ctx
['num'] == idx
:
3948 logger
.info("Test: EAP-Failure")
3949 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3952 if ctx
['num'] == idx
:
3953 logger
.info("Test: No AT_VERSION_LIST in Start")
3954 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3956 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0)
3958 if ctx
['num'] == idx
:
3959 logger
.info("Test: EAP-Failure")
3960 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3963 if ctx
['num'] == idx
:
3964 logger
.info("Test: No support version in AT_VERSION_LIST")
3965 return struct
.pack(">BBHBBHBBH4B", EAP_CODE_REQUEST
, ctx
['id'],
3967 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3968 EAP_SIM_AT_VERSION_LIST
, 2, 3, 2, 3, 4, 5)
3970 if ctx
['num'] == idx
:
3971 logger
.info("Test: EAP-Failure")
3972 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3976 if ctx
['num'] == idx
:
3977 logger
.info("Test: Identity request without ID type")
3978 return struct
.pack(">BBHBBHBBH2H", EAP_CODE_REQUEST
, ctx
['id'],
3980 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3981 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0)
3983 if ctx
['num'] == idx
:
3984 logger
.info("Test: Identity request ANY_ID")
3985 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
3987 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3988 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
3989 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
3991 if ctx
['num'] == idx
:
3992 logger
.info("Test: Identity request ANY_ID (duplicate)")
3993 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
3995 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3996 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
3997 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
3999 if ctx
['num'] == idx
:
4000 logger
.info("Test: EAP-Failure")
4001 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4004 if ctx
['num'] == idx
:
4005 logger
.info("Test: Identity request ANY_ID")
4006 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
4008 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
4009 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
4010 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
4012 if ctx
['num'] == idx
:
4013 logger
.info("Test: Identity request FULLAUTH_ID")
4014 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
4016 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
4017 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
4018 EAP_SIM_AT_FULLAUTH_ID_REQ
, 1, 0)
4020 if ctx
['num'] == idx
:
4021 logger
.info("Test: Identity request FULLAUTH_ID (duplicate)")
4022 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
4024 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
4025 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
4026 EAP_SIM_AT_FULLAUTH_ID_REQ
, 1, 0)
4028 if ctx
['num'] == idx
:
4029 logger
.info("Test: EAP-Failure")
4030 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4033 if ctx
['num'] == idx
:
4034 logger
.info("Test: Identity request ANY_ID")
4035 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
4037 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
4038 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
4039 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
4041 if ctx
['num'] == idx
:
4042 logger
.info("Test: Identity request FULLAUTH_ID")
4043 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
4045 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
4046 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
4047 EAP_SIM_AT_FULLAUTH_ID_REQ
, 1, 0)
4049 if ctx
['num'] == idx
:
4050 logger
.info("Test: Identity request PERMANENT_ID")
4051 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
4053 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
4054 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
4055 EAP_SIM_AT_PERMANENT_ID_REQ
, 1, 0)
4057 if ctx
['num'] == idx
:
4058 logger
.info("Test: Identity request PERMANENT_ID (duplicate)")
4059 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
4061 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
4062 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
4063 EAP_SIM_AT_PERMANENT_ID_REQ
, 1, 0)
4065 if ctx
['num'] == idx
:
4066 logger
.info("Test: EAP-Failure")
4067 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4070 if ctx
['num'] == idx
:
4071 logger
.info("Test: No AT_MAC and AT_RAND in Challenge")
4072 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4074 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_CHALLENGE
, 0)
4076 if ctx
['num'] == idx
:
4077 logger
.info("Test: EAP-Failure")
4078 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4081 if ctx
['num'] == idx
:
4082 logger
.info("Test: No AT_RAND in Challenge")
4083 return struct
.pack(">BBHBBHBBH4L", EAP_CODE_REQUEST
, ctx
['id'],
4085 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_CHALLENGE
, 0,
4086 EAP_SIM_AT_MAC
, 5, 0, 0, 0, 0, 0)
4088 if ctx
['num'] == idx
:
4089 logger
.info("Test: EAP-Failure")
4090 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4093 if ctx
['num'] == idx
:
4094 logger
.info("Test: Insufficient number of challenges in Challenge")
4095 return struct
.pack(">BBHBBHBBH4LBBH4L", EAP_CODE_REQUEST
, ctx
['id'],
4096 4 + 1 + 3 + 20 + 20,
4097 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_CHALLENGE
, 0,
4098 EAP_SIM_AT_RAND
, 5, 0, 0, 0, 0, 0,
4099 EAP_SIM_AT_MAC
, 5, 0, 0, 0, 0, 0)
4101 if ctx
['num'] == idx
:
4102 logger
.info("Test: EAP-Failure")
4103 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4106 if ctx
['num'] == idx
:
4107 logger
.info("Test: Too many challenges in Challenge")
4108 return struct
.pack(">BBHBBHBBH4L4L4L4LBBH4L", EAP_CODE_REQUEST
,
4110 4 + 1 + 3 + 4 + 4 * 16 + 20,
4111 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_CHALLENGE
, 0,
4112 EAP_SIM_AT_RAND
, 17, 0, 0, 0, 0, 0, 0, 0, 0, 0,
4113 0, 0, 0, 0, 0, 0, 0, 0,
4114 EAP_SIM_AT_MAC
, 5, 0, 0, 0, 0, 0)
4116 if ctx
['num'] == idx
:
4117 logger
.info("Test: EAP-Failure")
4118 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4121 if ctx
['num'] == idx
:
4122 logger
.info("Test: Same RAND multiple times in Challenge")
4123 return struct
.pack(">BBHBBHBBH4L4L4LBBH4L", EAP_CODE_REQUEST
,
4125 4 + 1 + 3 + 4 + 3 * 16 + 20,
4126 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_CHALLENGE
, 0,
4127 EAP_SIM_AT_RAND
, 13, 0, 0, 0, 0, 0, 0, 0, 0, 1,
4129 EAP_SIM_AT_MAC
, 5, 0, 0, 0, 0, 0)
4131 if ctx
['num'] == idx
:
4132 logger
.info("Test: EAP-Failure")
4133 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4136 if ctx
['num'] == idx
:
4137 logger
.info("Test: Notification with no attributes")
4138 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4140 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_NOTIFICATION
, 0)
4142 if ctx
['num'] == idx
:
4143 logger
.info("Test: EAP-Failure")
4144 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4147 if ctx
['num'] == idx
:
4148 logger
.info("Test: Notification indicating success, but no MAC")
4149 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4151 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_NOTIFICATION
, 0,
4152 EAP_SIM_AT_NOTIFICATION
, 1, 32768)
4154 if ctx
['num'] == idx
:
4155 logger
.info("Test: EAP-Failure")
4156 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4159 if ctx
['num'] == idx
:
4160 logger
.info("Test: Notification indicating success, but invalid MAC value")
4161 return struct
.pack(">BBHBBHBBHBBH4L", EAP_CODE_REQUEST
, ctx
['id'],
4163 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_NOTIFICATION
, 0,
4164 EAP_SIM_AT_NOTIFICATION
, 1, 32768,
4165 EAP_SIM_AT_MAC
, 5, 0, 0, 0, 0, 0)
4167 if ctx
['num'] == idx
:
4168 logger
.info("Test: EAP-Failure")
4169 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4172 if ctx
['num'] == idx
:
4173 logger
.info("Test: Notification before auth")
4174 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4176 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_NOTIFICATION
, 0,
4177 EAP_SIM_AT_NOTIFICATION
, 1, 16384)
4179 if ctx
['num'] == idx
:
4180 logger
.info("Test: EAP-Failure")
4181 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4184 if ctx
['num'] == idx
:
4185 logger
.info("Test: Notification before auth")
4186 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4188 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_NOTIFICATION
, 0,
4189 EAP_SIM_AT_NOTIFICATION
, 1, 16385)
4191 if ctx
['num'] == idx
:
4192 logger
.info("Test: EAP-Failure")
4193 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4196 if ctx
['num'] == idx
:
4197 logger
.info("Test: Notification with unrecognized non-failure")
4198 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4200 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_NOTIFICATION
, 0,
4201 EAP_SIM_AT_NOTIFICATION
, 1, 0xc000)
4203 if ctx
['num'] == idx
:
4204 logger
.info("Test: Notification before auth (duplicate)")
4205 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4207 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_NOTIFICATION
, 0,
4208 EAP_SIM_AT_NOTIFICATION
, 1, 0xc000)
4210 if ctx
['num'] == idx
:
4211 logger
.info("Test: EAP-Failure")
4212 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4215 if ctx
['num'] == idx
:
4216 logger
.info("Test: Re-authentication (unexpected) with no attributes")
4217 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4219 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_REAUTHENTICATION
,
4222 if ctx
['num'] == idx
:
4223 logger
.info("Test: EAP-Failure")
4224 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4227 if ctx
['num'] == idx
:
4228 logger
.info("Test: Client Error")
4229 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4231 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_CLIENT_ERROR
, 0)
4233 if ctx
['num'] == idx
:
4234 logger
.info("Test: EAP-Failure")
4235 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4238 if ctx
['num'] == idx
:
4239 logger
.info("Test: Unknown subtype")
4240 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4242 EAP_TYPE_SIM
, 255, 0)
4244 if ctx
['num'] == idx
:
4245 logger
.info("Test: EAP-Failure")
4246 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4250 srv
= start_radius_server(sim_handler
)
4253 hapd
= start_ap(apdev
[0]['ifname'])
4255 for i
in range(0, 25):
4256 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4257 eap
="SIM", identity
="1232010000000000",
4258 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
4260 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
4263 raise Exception("Timeout on EAP start")
4267 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
4270 raise Exception("Timeout on EAP failure")
4271 dev
[0].request("REMOVE_NETWORK all")
4272 dev
[0].dump_monitor()
4274 stop_radius_server(srv
)
4276 def test_eap_proto_sim_errors(dev
, apdev
):
4277 """EAP-SIM protocol tests (error paths)"""
4278 check_hlr_auc_gw_support()
4279 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
4280 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
4282 with
alloc_fail(dev
[0], 1, "eap_sim_init"):
4283 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4284 eap
="SIM", identity
="1232010000000000",
4285 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
4287 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
4290 raise Exception("Timeout on EAP start")
4291 dev
[0].request("REMOVE_NETWORK all")
4292 dev
[0].wait_disconnected()
4294 with
fail_test(dev
[0], 1, "os_get_random;eap_sim_init"):
4295 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4296 eap
="SIM", identity
="1232010000000000",
4297 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
4299 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
4302 raise Exception("Timeout on EAP start")
4303 dev
[0].request("REMOVE_NETWORK all")
4304 dev
[0].wait_disconnected()
4306 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4307 eap
="SIM", identity
="1232010000000000",
4308 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
4310 with
fail_test(dev
[0], 1, "aes_128_cbc_encrypt;eap_sim_response_reauth"):
4311 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
4312 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
4314 raise Exception("EAP re-authentication did not start")
4315 wait_fail_trigger(dev
[0], "GET_FAIL")
4316 dev
[0].request("REMOVE_NETWORK all")
4317 dev
[0].dump_monitor()
4319 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4320 eap
="SIM", identity
="1232010000000000",
4321 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
4323 with
fail_test(dev
[0], 1, "os_get_random;eap_sim_msg_add_encr_start"):
4324 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
4325 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
4327 raise Exception("EAP re-authentication did not start")
4328 wait_fail_trigger(dev
[0], "GET_FAIL")
4329 dev
[0].request("REMOVE_NETWORK all")
4330 dev
[0].dump_monitor()
4332 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4333 eap
="SIM", identity
="1232010000000000",
4334 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
4336 with
fail_test(dev
[0], 1, "os_get_random;eap_sim_init_for_reauth"):
4337 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
4338 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
4340 raise Exception("EAP re-authentication did not start")
4341 wait_fail_trigger(dev
[0], "GET_FAIL")
4342 dev
[0].request("REMOVE_NETWORK all")
4343 dev
[0].dump_monitor()
4345 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4346 eap
="SIM", identity
="1232010000000000",
4347 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
4349 with
alloc_fail(dev
[0], 1, "eap_sim_parse_encr;eap_sim_process_reauthentication"):
4350 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
4351 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
4353 raise Exception("EAP re-authentication did not start")
4354 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
4355 dev
[0].request("REMOVE_NETWORK all")
4356 dev
[0].dump_monitor()
4358 tests
= [ (1, "eap_sim_verify_mac;eap_sim_process_challenge"),
4359 (1, "eap_sim_parse_encr;eap_sim_process_challenge"),
4360 (1, "eap_sim_msg_init;eap_sim_response_start"),
4361 (1, "wpabuf_alloc;eap_sim_msg_init;eap_sim_response_start"),
4362 (1, "=eap_sim_learn_ids"),
4363 (2, "=eap_sim_learn_ids"),
4364 (2, "eap_sim_learn_ids"),
4365 (3, "eap_sim_learn_ids"),
4366 (1, "eap_sim_process_start"),
4367 (1, "eap_sim_getKey"),
4368 (1, "eap_sim_get_emsk"),
4369 (1, "eap_sim_get_session_id") ]
4370 for count
, func
in tests
:
4371 with
alloc_fail(dev
[0], count
, func
):
4372 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4373 eap
="SIM", identity
="1232010000000000",
4374 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
4375 erp
="1", wait_connect
=False)
4376 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
4377 dev
[0].request("REMOVE_NETWORK all")
4378 dev
[0].dump_monitor()
4380 tests
= [ (1, "aes_128_cbc_decrypt;eap_sim_parse_encr") ]
4381 for count
, func
in tests
:
4382 with
fail_test(dev
[0], count
, func
):
4383 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4384 eap
="SIM", identity
="1232010000000000",
4385 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
4387 wait_fail_trigger(dev
[0], "GET_FAIL")
4388 dev
[0].request("REMOVE_NETWORK all")
4389 dev
[0].dump_monitor()
4391 def test_eap_proto_aka_errors(dev
, apdev
):
4392 """EAP-AKA protocol tests (error paths)"""
4393 check_hlr_auc_gw_support()
4394 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
4395 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
4397 with
alloc_fail(dev
[0], 1, "eap_aka_init"):
4398 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4399 eap
="AKA", identity
="0232010000000000",
4400 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
4402 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
4405 raise Exception("Timeout on EAP start")
4406 dev
[0].request("REMOVE_NETWORK all")
4407 dev
[0].wait_disconnected()
4409 tests
= [ (1, "=eap_aka_learn_ids"),
4410 (2, "=eap_aka_learn_ids"),
4411 (1, "eap_sim_parse_encr;eap_aka_process_challenge"),
4412 (1, "eap_aka_getKey"),
4413 (1, "eap_aka_get_emsk"),
4414 (1, "eap_aka_get_session_id") ]
4415 for count
, func
in tests
:
4416 with
alloc_fail(dev
[0], count
, func
):
4417 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4418 eap
="AKA", identity
="0232010000000000",
4419 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
4420 erp
="1", wait_connect
=False)
4421 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
4422 dev
[0].request("REMOVE_NETWORK all")
4423 dev
[0].dump_monitor()
4425 def test_eap_proto_aka_prime_errors(dev
, apdev
):
4426 """EAP-AKA' protocol tests (error paths)"""
4427 check_hlr_auc_gw_support()
4428 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
4429 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
4431 with
alloc_fail(dev
[0], 1, "eap_aka_init"):
4432 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4433 eap
="AKA'", identity
="6555444333222111",
4434 password
="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
4436 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
4439 raise Exception("Timeout on EAP start")
4440 dev
[0].request("REMOVE_NETWORK all")
4441 dev
[0].wait_disconnected()
4443 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4444 eap
="AKA'", identity
="6555444333222111",
4445 password
="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
4447 with
fail_test(dev
[0], 1, "aes_128_cbc_encrypt;eap_aka_response_reauth"):
4448 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
4449 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
4451 raise Exception("EAP re-authentication did not start")
4452 wait_fail_trigger(dev
[0], "GET_FAIL")
4453 dev
[0].request("REMOVE_NETWORK all")
4454 dev
[0].dump_monitor()
4456 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4457 eap
="AKA'", identity
="6555444333222111",
4458 password
="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
4460 with
alloc_fail(dev
[0], 1, "eap_sim_parse_encr;eap_aka_process_reauthentication"):
4461 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
4462 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
4464 raise Exception("EAP re-authentication did not start")
4465 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
4466 dev
[0].request("REMOVE_NETWORK all")
4467 dev
[0].dump_monitor()
4469 tests
= [ (1, "eap_sim_verify_mac_sha256"),
4470 (1, "=eap_aka_process_challenge") ]
4471 for count
, func
in tests
:
4472 with
alloc_fail(dev
[0], count
, func
):
4473 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4474 eap
="AKA'", identity
="6555444333222111",
4475 password
="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
4476 erp
="1", wait_connect
=False)
4477 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
4478 dev
[0].request("REMOVE_NETWORK all")
4479 dev
[0].dump_monitor()
4481 def test_eap_proto_ikev2(dev
, apdev
):
4482 """EAP-IKEv2 protocol tests"""
4483 check_eap_capa(dev
[0], "IKEV2")
4484 def ikev2_handler(ctx
, req
):
4485 logger
.info("ikev2_handler - RX " + req
.encode("hex"))
4486 if 'num' not in ctx
:
4488 ctx
['num'] = ctx
['num'] + 1
4491 ctx
['id'] = (ctx
['id'] + 1) % 256
4496 if ctx
['num'] == idx
:
4497 logger
.info("Test: Missing payload")
4498 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
4503 if ctx
['num'] == idx
:
4504 logger
.info("Test: Truncated Message Length field")
4505 return struct
.pack(">BBHBB3B", EAP_CODE_REQUEST
, ctx
['id'],
4507 EAP_TYPE_IKEV2
, 0x80, 0, 0, 0)
4510 if ctx
['num'] == idx
:
4511 logger
.info("Test: Too short Message Length value")
4512 return struct
.pack(">BBHBBLB", EAP_CODE_REQUEST
, ctx
['id'],
4514 EAP_TYPE_IKEV2
, 0x80, 0, 1)
4517 if ctx
['num'] == idx
:
4518 logger
.info("Test: Truncated message")
4519 return struct
.pack(">BBHBBL", EAP_CODE_REQUEST
, ctx
['id'],
4521 EAP_TYPE_IKEV2
, 0x80, 1)
4524 if ctx
['num'] == idx
:
4525 logger
.info("Test: Truncated message(2)")
4526 return struct
.pack(">BBHBBL", EAP_CODE_REQUEST
, ctx
['id'],
4528 EAP_TYPE_IKEV2
, 0x80, 0xffffffff)
4531 if ctx
['num'] == idx
:
4532 logger
.info("Test: Truncated message(3)")
4533 return struct
.pack(">BBHBBL", EAP_CODE_REQUEST
, ctx
['id'],
4535 EAP_TYPE_IKEV2
, 0xc0, 0xffffffff)
4538 if ctx
['num'] == idx
:
4539 logger
.info("Test: Truncated message(4)")
4540 return struct
.pack(">BBHBBL", EAP_CODE_REQUEST
, ctx
['id'],
4542 EAP_TYPE_IKEV2
, 0xc0, 10000000)
4545 if ctx
['num'] == idx
:
4546 logger
.info("Test: Too long fragments (first fragment)")
4547 return struct
.pack(">BBHBBLB", EAP_CODE_REQUEST
, ctx
['id'],
4549 EAP_TYPE_IKEV2
, 0xc0, 2, 1)
4552 if ctx
['num'] == idx
:
4553 logger
.info("Test: Too long fragments (second fragment)")
4554 return struct
.pack(">BBHBB2B", EAP_CODE_REQUEST
, ctx
['id'],
4556 EAP_TYPE_IKEV2
, 0x00, 2, 3)
4559 if ctx
['num'] == idx
:
4560 logger
.info("Test: No Message Length field in first fragment")
4561 return struct
.pack(">BBHBBB", EAP_CODE_REQUEST
, ctx
['id'],
4563 EAP_TYPE_IKEV2
, 0x40, 1)
4566 if ctx
['num'] == idx
:
4567 logger
.info("Test: ICV before keys")
4568 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
4570 EAP_TYPE_IKEV2
, 0x20)
4573 if ctx
['num'] == idx
:
4574 logger
.info("Test: Unsupported IKEv2 header version")
4575 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
4577 EAP_TYPE_IKEV2
, 0x00,
4582 if ctx
['num'] == idx
:
4583 logger
.info("Test: Incorrect IKEv2 header Length")
4584 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
4586 EAP_TYPE_IKEV2
, 0x00,
4588 0, 0x20, 0, 0, 0, 0)
4591 if ctx
['num'] == idx
:
4592 logger
.info("Test: Unexpected IKEv2 Exchange Type in SA_INIT state")
4593 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
4595 EAP_TYPE_IKEV2
, 0x00,
4597 0, 0x20, 0, 0, 0, 28)
4600 if ctx
['num'] == idx
:
4601 logger
.info("Test: Unexpected IKEv2 Message ID in SA_INIT state")
4602 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
4604 EAP_TYPE_IKEV2
, 0x00,
4606 0, 0x20, 34, 0, 1, 28)
4609 if ctx
['num'] == idx
:
4610 logger
.info("Test: Unexpected IKEv2 Flags value")
4611 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
4613 EAP_TYPE_IKEV2
, 0x00,
4615 0, 0x20, 34, 0, 0, 28)
4618 if ctx
['num'] == idx
:
4619 logger
.info("Test: Unexpected IKEv2 Flags value(2)")
4620 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
4622 EAP_TYPE_IKEV2
, 0x00,
4624 0, 0x20, 34, 0x20, 0, 28)
4627 if ctx
['num'] == idx
:
4628 logger
.info("Test: No SAi1 in SA_INIT")
4629 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
4631 EAP_TYPE_IKEV2
, 0x00,
4633 0, 0x20, 34, 0x08, 0, 28)
4635 def build_ike(id, next
=0, exch_type
=34, flags
=0x00, ike
=''):
4636 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, id,
4637 4 + 1 + 1 + 28 + len(ike
),
4638 EAP_TYPE_IKEV2
, flags
,
4640 next
, 0x20, exch_type
, 0x08, 0,
4641 28 + len(ike
)) + ike
4644 if ctx
['num'] == idx
:
4645 logger
.info("Test: Unexpected extra data after payloads")
4646 return build_ike(ctx
['id'], ike
=struct
.pack(">B", 1))
4649 if ctx
['num'] == idx
:
4650 logger
.info("Test: Truncated payload header")
4651 return build_ike(ctx
['id'], next
=128, ike
=struct
.pack(">B", 1))
4654 if ctx
['num'] == idx
:
4655 logger
.info("Test: Too small payload header length")
4656 ike
= struct
.pack(">BBH", 0, 0, 3)
4657 return build_ike(ctx
['id'], next
=128, ike
=ike
)
4660 if ctx
['num'] == idx
:
4661 logger
.info("Test: Too large payload header length")
4662 ike
= struct
.pack(">BBH", 0, 0, 5)
4663 return build_ike(ctx
['id'], next
=128, ike
=ike
)
4666 if ctx
['num'] == idx
:
4667 logger
.info("Test: Unsupported payload (non-critical and critical)")
4668 ike
= struct
.pack(">BBHBBH", 129, 0, 4, 0, 0x01, 4)
4669 return build_ike(ctx
['id'], next
=128, ike
=ike
)
4672 if ctx
['num'] == idx
:
4673 logger
.info("Test: Certificate and empty SAi1")
4674 ike
= struct
.pack(">BBHBBH", 33, 0, 4, 0, 0, 4)
4675 return build_ike(ctx
['id'], next
=37, ike
=ike
)
4678 if ctx
['num'] == idx
:
4679 logger
.info("Test: Too short proposal")
4680 ike
= struct
.pack(">BBHBBHBBB", 0, 0, 4 + 7,
4682 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4685 if ctx
['num'] == idx
:
4686 logger
.info("Test: Too small proposal length in SAi1")
4687 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4688 0, 0, 7, 0, 0, 0, 0)
4689 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4692 if ctx
['num'] == idx
:
4693 logger
.info("Test: Too large proposal length in SAi1")
4694 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4695 0, 0, 9, 0, 0, 0, 0)
4696 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4699 if ctx
['num'] == idx
:
4700 logger
.info("Test: Unexpected proposal type in SAi1")
4701 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4702 1, 0, 8, 0, 0, 0, 0)
4703 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4706 if ctx
['num'] == idx
:
4707 logger
.info("Test: Unexpected Protocol ID in SAi1")
4708 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4709 0, 0, 8, 0, 0, 0, 0)
4710 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4713 if ctx
['num'] == idx
:
4714 logger
.info("Test: Unexpected proposal number in SAi1")
4715 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4716 0, 0, 8, 0, 1, 0, 0)
4717 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4720 if ctx
['num'] == idx
:
4721 logger
.info("Test: Not enough room for SPI in SAi1")
4722 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4723 0, 0, 8, 1, 1, 1, 0)
4724 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4727 if ctx
['num'] == idx
:
4728 logger
.info("Test: Unexpected SPI in SAi1")
4729 ike
= struct
.pack(">BBHBBHBBBBB", 0, 0, 4 + 9,
4730 0, 0, 9, 1, 1, 1, 0, 1)
4731 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4734 if ctx
['num'] == idx
:
4735 logger
.info("Test: No transforms in SAi1")
4736 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4737 0, 0, 8, 1, 1, 0, 0)
4738 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4741 if ctx
['num'] == idx
:
4742 logger
.info("Test: Too short transform in SAi1")
4743 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4744 0, 0, 8, 1, 1, 0, 1)
4745 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4748 if ctx
['num'] == idx
:
4749 logger
.info("Test: Too small transform length in SAi1")
4750 ike
= struct
.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
4751 0, 0, 8 + 8, 1, 1, 0, 1,
4753 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4756 if ctx
['num'] == idx
:
4757 logger
.info("Test: Too large transform length in SAi1")
4758 ike
= struct
.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
4759 0, 0, 8 + 8, 1, 1, 0, 1,
4761 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4764 if ctx
['num'] == idx
:
4765 logger
.info("Test: Unexpected Transform type in SAi1")
4766 ike
= struct
.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
4767 0, 0, 8 + 8, 1, 1, 0, 1,
4769 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4772 if ctx
['num'] == idx
:
4773 logger
.info("Test: No transform attributes in SAi1")
4774 ike
= struct
.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
4775 0, 0, 8 + 8, 1, 1, 0, 1,
4777 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4780 if ctx
['num'] == idx
:
4781 logger
.info("Test: No transform attr for AES and unexpected data after transforms in SAi1")
4785 tlen
= tlen1
+ tlen2
+ tlen3
4786 ike
= struct
.pack(">BBHBBHBBBBBBHBBH3BBBHBBHHHBBHBBHHHB",
4787 0, 0, 4 + 8 + tlen
+ 1,
4788 0, 0, 8 + tlen
+ 1, 1, 1, 0, 3,
4789 3, 0, tlen1
, 1, 0, 12, 1, 2, 3,
4790 3, 0, tlen2
, 1, 0, 12, 0, 128,
4791 0, 0, tlen3
, 1, 0, 12, 0x8000 |
14, 127,
4793 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4795 def build_sa(next
=0):
4797 return struct
.pack(">BBHBBHBBBBBBHBBHBBHBBHBBHBBHBBHBBHBBHBBH",
4798 next
, 0, 4 + 8 + tlen
,
4799 0, 0, 8 + tlen
, 1, 1, 0, 5,
4807 if ctx
['num'] == idx
:
4808 logger
.info("Test: Valid proposal, but no KEi in SAi1")
4810 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4813 if ctx
['num'] == idx
:
4814 logger
.info("Test: Empty KEi in SAi1")
4815 ike
= build_sa(next
=34) + struct
.pack(">BBH", 0, 0, 4)
4816 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4819 if ctx
['num'] == idx
:
4820 logger
.info("Test: Mismatch in DH Group in SAi1")
4821 ike
= build_sa(next
=34)
4822 ike
+= struct
.pack(">BBHHH", 0, 0, 4 + 4 + 96, 12345, 0)
4824 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4826 if ctx
['num'] == idx
:
4827 logger
.info("Test: EAP-Failure")
4828 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4831 if ctx
['num'] == idx
:
4832 logger
.info("Test: Invalid DH public value length in SAi1")
4833 ike
= build_sa(next
=34)
4834 ike
+= struct
.pack(">BBHHH", 0, 0, 4 + 4 + 96, 5, 0)
4836 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4838 def build_ke(next
=0):
4839 ke
= struct
.pack(">BBHHH", next
, 0, 4 + 4 + 192, 5, 0)
4844 if ctx
['num'] == idx
:
4845 logger
.info("Test: Valid proposal and KEi, but no Ni in SAi1")
4846 ike
= build_sa(next
=34)
4848 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4851 if ctx
['num'] == idx
:
4852 logger
.info("Test: Too short Ni in SAi1")
4853 ike
= build_sa(next
=34)
4854 ike
+= build_ke(next
=40)
4855 ike
+= struct
.pack(">BBH", 0, 0, 4)
4856 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4859 if ctx
['num'] == idx
:
4860 logger
.info("Test: Too long Ni in SAi1")
4861 ike
= build_sa(next
=34)
4862 ike
+= build_ke(next
=40)
4863 ike
+= struct
.pack(">BBH", 0, 0, 4 + 257) + 257*'\x00'
4864 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4866 def build_ni(next
=0):
4867 return struct
.pack(">BBH", next
, 0, 4 + 256) + 256*'\x00'
4870 ike
= build_sa(next
=34)
4871 ike
+= build_ke(next
=40)
4873 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4876 if ctx
['num'] == idx
:
4877 logger
.info("Test: Valid proposal, KEi, and Ni in SAi1")
4878 return build_sai1(ctx
['id'])
4880 if ctx
['num'] == idx
:
4881 logger
.info("Test: EAP-Failure")
4882 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4885 if ctx
['num'] == idx
:
4886 logger
.info("Test: Valid proposal, KEi, and Ni in SAi1")
4887 return build_sai1(ctx
['id'])
4889 if ctx
['num'] == idx
:
4890 logger
.info("Test: No integrity checksum")
4892 return build_ike(ctx
['id'], next
=37, ike
=ike
)
4895 if ctx
['num'] == idx
:
4896 logger
.info("Test: Valid proposal, KEi, and Ni in SAi1")
4897 return build_sai1(ctx
['id'])
4899 if ctx
['num'] == idx
:
4900 logger
.info("Test: Truncated integrity checksum")
4901 return struct
.pack(">BBHBB",
4902 EAP_CODE_REQUEST
, ctx
['id'],
4904 EAP_TYPE_IKEV2
, 0x20)
4907 if ctx
['num'] == idx
:
4908 logger
.info("Test: Valid proposal, KEi, and Ni in SAi1")
4909 return build_sai1(ctx
['id'])
4911 if ctx
['num'] == idx
:
4912 logger
.info("Test: Invalid integrity checksum")
4914 return build_ike(ctx
['id'], next
=37, flags
=0x20, ike
=ike
)
4918 srv
= start_radius_server(ikev2_handler
)
4921 hapd
= start_ap(apdev
[0]['ifname'])
4924 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4925 eap
="IKEV2", identity
="user",
4926 password
="password",
4928 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
4931 raise Exception("Timeout on EAP start")
4933 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
4936 raise Exception("Timeout on EAP failure")
4939 dev
[0].request("REMOVE_NETWORK all")
4941 stop_radius_server(srv
)
4943 def NtPasswordHash(password
):
4944 pw
= password
.encode('utf_16_le')
4945 return hashlib
.new('md4', pw
).digest()
4947 def HashNtPasswordHash(password_hash
):
4948 return hashlib
.new('md4', password_hash
).digest()
4950 def ChallengeHash(peer_challenge
, auth_challenge
, username
):
4951 data
= peer_challenge
+ auth_challenge
+ username
4952 return hashlib
.sha1(data
).digest()[0:8]
4954 def GenerateAuthenticatorResponse(password
, nt_response
, peer_challenge
,
4955 auth_challenge
, username
):
4956 magic1
= binascii
.unhexlify("4D616769632073657276657220746F20636C69656E74207369676E696E6720636F6E7374616E74")
4957 magic2
= binascii
.unhexlify("50616420746F206D616B6520697420646F206D6F7265207468616E206F6E6520697465726174696F6E")
4959 password_hash
= NtPasswordHash(password
)
4960 password_hash_hash
= HashNtPasswordHash(password_hash
)
4961 data
= password_hash_hash
+ nt_response
+ magic1
4962 digest
= hashlib
.sha1(data
).digest()
4964 challenge
= ChallengeHash(peer_challenge
, auth_challenge
, username
)
4966 data
= digest
+ challenge
+ magic2
4967 resp
= hashlib
.sha1(data
).digest()
4970 def test_eap_proto_ikev2_errors(dev
, apdev
):
4971 """EAP-IKEv2 local error cases"""
4972 check_eap_capa(dev
[0], "IKEV2")
4973 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
4974 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
4976 for i
in range(1, 5):
4977 with
alloc_fail(dev
[0], i
, "eap_ikev2_init"):
4978 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4979 eap
="IKEV2", identity
="ikev2 user",
4980 password
="ike password",
4982 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
4985 raise Exception("Timeout on EAP start")
4986 dev
[0].request("REMOVE_NETWORK all")
4987 dev
[0].wait_disconnected()
4989 tests
= [ (1, "ikev2_encr_encrypt"),
4990 (1, "ikev2_encr_decrypt"),
4991 (1, "ikev2_derive_auth_data"),
4992 (2, "ikev2_derive_auth_data"),
4993 (1, "=ikev2_decrypt_payload"),
4994 (1, "ikev2_encr_decrypt;ikev2_decrypt_payload"),
4995 (1, "ikev2_encr_encrypt;ikev2_build_encrypted"),
4996 (1, "ikev2_derive_sk_keys"),
4997 (2, "ikev2_derive_sk_keys"),
4998 (3, "ikev2_derive_sk_keys"),
4999 (4, "ikev2_derive_sk_keys"),
5000 (5, "ikev2_derive_sk_keys"),
5001 (6, "ikev2_derive_sk_keys"),
5002 (7, "ikev2_derive_sk_keys"),
5003 (8, "ikev2_derive_sk_keys"),
5004 (1, "eap_ikev2_derive_keymat;eap_ikev2_peer_keymat"),
5005 (1, "eap_msg_alloc;eap_ikev2_build_msg"),
5006 (1, "eap_ikev2_getKey"),
5007 (1, "eap_ikev2_get_emsk"),
5008 (1, "eap_ikev2_get_session_id"),
5009 (1, "=ikev2_derive_keys"),
5010 (2, "=ikev2_derive_keys"),
5011 (1, "wpabuf_alloc;ikev2_process_kei"),
5012 (1, "=ikev2_process_idi"),
5013 (1, "ikev2_derive_auth_data;ikev2_build_auth"),
5014 (1, "wpabuf_alloc;ikev2_build_sa_init"),
5015 (2, "wpabuf_alloc;ikev2_build_sa_init"),
5016 (3, "wpabuf_alloc;ikev2_build_sa_init"),
5017 (4, "wpabuf_alloc;ikev2_build_sa_init"),
5018 (5, "wpabuf_alloc;ikev2_build_sa_init"),
5019 (6, "wpabuf_alloc;ikev2_build_sa_init"),
5020 (1, "wpabuf_alloc;ikev2_build_sa_auth"),
5021 (2, "wpabuf_alloc;ikev2_build_sa_auth"),
5022 (1, "ikev2_build_auth;ikev2_build_sa_auth") ]
5023 for count
, func
in tests
:
5024 with
alloc_fail(dev
[0], count
, func
):
5025 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5026 eap
="IKEV2", identity
="ikev2 user",
5027 password
="ike password", erp
="1", wait_connect
=False)
5028 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5031 raise Exception("Timeout on EAP start")
5034 state
= dev
[0].request('GET_ALLOC_FAIL')
5035 if state
.startswith('0:'):
5040 raise Exception("No allocation failure seen for %d:%s" % (count
, func
))
5041 dev
[0].request("REMOVE_NETWORK all")
5042 dev
[0].wait_disconnected()
5044 tests
= [ (1, "wpabuf_alloc;ikev2_build_notify"),
5045 (2, "wpabuf_alloc;ikev2_build_notify"),
5046 (1, "ikev2_build_encrypted;ikev2_build_notify") ]
5047 for count
, func
in tests
:
5048 with
alloc_fail(dev
[0], count
, func
):
5049 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5050 eap
="IKEV2", identity
="ikev2 user",
5051 password
="wrong password", erp
="1",
5053 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5056 raise Exception("Timeout on EAP start")
5059 state
= dev
[0].request('GET_ALLOC_FAIL')
5060 if state
.startswith('0:'):
5065 raise Exception("No allocation failure seen for %d:%s" % (count
, func
))
5066 dev
[0].request("REMOVE_NETWORK all")
5067 dev
[0].wait_disconnected()
5069 tests
= [ (1, "ikev2_integ_hash"),
5070 (1, "ikev2_integ_hash;ikev2_decrypt_payload"),
5071 (1, "os_get_random;ikev2_build_encrypted"),
5072 (1, "ikev2_prf_plus;ikev2_derive_sk_keys"),
5073 (1, "eap_ikev2_derive_keymat;eap_ikev2_peer_keymat"),
5074 (1, "os_get_random;ikev2_build_sa_init"),
5075 (2, "os_get_random;ikev2_build_sa_init"),
5076 (1, "ikev2_integ_hash;eap_ikev2_validate_icv"),
5077 (1, "hmac_sha1_vector;?ikev2_prf_hash;ikev2_derive_keys"),
5078 (1, "hmac_sha1_vector;?ikev2_prf_hash;ikev2_derive_auth_data"),
5079 (2, "hmac_sha1_vector;?ikev2_prf_hash;ikev2_derive_auth_data"),
5080 (3, "hmac_sha1_vector;?ikev2_prf_hash;ikev2_derive_auth_data") ]
5081 for count
, func
in tests
:
5082 with
fail_test(dev
[0], count
, func
):
5083 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5084 eap
="IKEV2", identity
="ikev2 user",
5085 password
="ike password", wait_connect
=False)
5086 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5089 raise Exception("Timeout on EAP start")
5092 state
= dev
[0].request('GET_FAIL')
5093 if state
.startswith('0:'):
5098 raise Exception("No failure seen for %d:%s" % (count
, func
))
5099 dev
[0].request("REMOVE_NETWORK all")
5100 dev
[0].wait_disconnected()
5102 params
= { "ssid": "eap-test2", "wpa": "2", "wpa_key_mgmt": "WPA-EAP",
5103 "rsn_pairwise": "CCMP", "ieee8021x": "1",
5104 "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf",
5105 "fragment_size": "50" }
5106 hostapd
.add_ap(apdev
[1]['ifname'], params
)
5108 tests
= [ (1, "eap_ikev2_build_frag_ack"),
5109 (1, "wpabuf_alloc;eap_ikev2_process_fragment") ]
5110 for count
, func
in tests
:
5111 with
alloc_fail(dev
[0], count
, func
):
5112 dev
[0].connect("eap-test2", key_mgmt
="WPA-EAP", scan_freq
="2412",
5113 eap
="IKEV2", identity
="ikev2 user",
5114 password
="ike password", erp
="1", wait_connect
=False)
5115 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5118 raise Exception("Timeout on EAP start")
5121 state
= dev
[0].request('GET_ALLOC_FAIL')
5122 if state
.startswith('0:'):
5127 raise Exception("No allocation failure seen for %d:%s" % (count
, func
))
5128 dev
[0].request("REMOVE_NETWORK all")
5129 dev
[0].wait_disconnected()
5131 def test_eap_proto_mschapv2(dev
, apdev
):
5132 """EAP-MSCHAPv2 protocol tests"""
5133 check_eap_capa(dev
[0], "MSCHAPV2")
5135 def mschapv2_handler(ctx
, req
):
5136 logger
.info("mschapv2_handler - RX " + req
.encode("hex"))
5137 if 'num' not in ctx
:
5139 ctx
['num'] = ctx
['num'] + 1
5142 ctx
['id'] = (ctx
['id'] + 1) % 256
5146 if ctx
['num'] == idx
:
5147 logger
.info("Test: Missing payload")
5148 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5153 if ctx
['num'] == idx
:
5154 logger
.info("Test: Unknown MSCHAPv2 op_code")
5155 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5161 if ctx
['num'] == idx
:
5162 logger
.info("Test: Invalid ms_len and unknown MSCHAPv2 op_code")
5163 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5169 if ctx
['num'] == idx
:
5170 logger
.info("Test: Success before challenge")
5171 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5177 if ctx
['num'] == idx
:
5178 logger
.info("Test: Failure before challenge - required challenge field not present")
5179 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5184 if ctx
['num'] == idx
:
5185 logger
.info("Test: Failure")
5186 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
5189 if ctx
['num'] == idx
:
5190 logger
.info("Test: Failure before challenge - invalid failure challenge len")
5192 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5193 4 + 1 + 4 + len(payload
),
5195 4, 0, 4 + len(payload
)) + payload
5197 if ctx
['num'] == idx
:
5198 logger
.info("Test: Failure")
5199 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
5202 if ctx
['num'] == idx
:
5203 logger
.info("Test: Failure before challenge - invalid failure challenge len")
5204 payload
= 'C=12 V=3'
5205 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5206 4 + 1 + 4 + len(payload
),
5208 4, 0, 4 + len(payload
)) + payload
5210 if ctx
['num'] == idx
:
5211 logger
.info("Test: Failure")
5212 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
5215 if ctx
['num'] == idx
:
5216 logger
.info("Test: Failure before challenge - invalid failure challenge")
5217 payload
= 'C=00112233445566778899aabbccddeefQ '
5218 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5219 4 + 1 + 4 + len(payload
),
5221 4, 0, 4 + len(payload
)) + payload
5223 if ctx
['num'] == idx
:
5224 logger
.info("Test: Failure")
5225 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
5228 if ctx
['num'] == idx
:
5229 logger
.info("Test: Failure before challenge - password expired")
5230 payload
= 'E=648 R=1 C=00112233445566778899aabbccddeeff V=3 M=Password expired'
5231 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5232 4 + 1 + 4 + len(payload
),
5234 4, 0, 4 + len(payload
)) + payload
5236 if ctx
['num'] == idx
:
5237 logger
.info("Test: Success after password change")
5238 payload
= "S=1122334455667788990011223344556677889900"
5239 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5240 4 + 1 + 4 + len(payload
),
5242 3, 0, 4 + len(payload
)) + payload
5245 if ctx
['num'] == idx
:
5246 logger
.info("Test: Invalid challenge length")
5247 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5253 if ctx
['num'] == idx
:
5254 logger
.info("Test: Too short challenge packet")
5255 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5261 if ctx
['num'] == idx
:
5262 logger
.info("Test: Challenge")
5263 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5264 4 + 1 + 4 + 1 + 16 + 6,
5266 1, 0, 4 + 1 + 16 + 6, 16) + 16*'A' + 'foobar'
5268 if ctx
['num'] == idx
:
5269 logger
.info("Test: Failure - password expired")
5270 payload
= 'E=648 R=1 C=00112233445566778899aabbccddeeff V=3 M=Password expired'
5271 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5272 4 + 1 + 4 + len(payload
),
5274 4, 0, 4 + len(payload
)) + payload
5276 if ctx
['num'] == idx
:
5277 logger
.info("Test: Success after password change")
5279 logger
.info("Unexpected Change-Password packet length: %s" % len(req
))
5282 enc_pw
= data
[0:516]
5284 enc_hash
= data
[0:16]
5286 peer_challenge
= data
[0:16]
5290 nt_response
= data
[0:24]
5293 logger
.info("enc_hash: " + enc_hash
.encode("hex"))
5294 logger
.info("peer_challenge: " + peer_challenge
.encode("hex"))
5295 logger
.info("nt_response: " + nt_response
.encode("hex"))
5296 logger
.info("flags: " + flags
.encode("hex"))
5298 auth_challenge
= binascii
.unhexlify("00112233445566778899aabbccddeeff")
5299 logger
.info("auth_challenge: " + auth_challenge
.encode("hex"))
5301 auth_resp
= GenerateAuthenticatorResponse("new-pw", nt_response
,
5303 auth_challenge
, "user")
5304 payload
= "S=" + auth_resp
.encode('hex').upper()
5305 logger
.info("Success message payload: " + payload
)
5306 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5307 4 + 1 + 4 + len(payload
),
5309 3, 0, 4 + len(payload
)) + payload
5311 if ctx
['num'] == idx
:
5312 logger
.info("Test: EAP-Success")
5313 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'], 4)
5316 if ctx
['num'] == idx
:
5317 logger
.info("Test: Failure - password expired")
5318 payload
= 'E=648 R=1 C=00112233445566778899aabbccddeeff V=3 M=Password expired'
5319 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5320 4 + 1 + 4 + len(payload
),
5322 4, 0, 4 + len(payload
)) + payload
5324 if ctx
['num'] == idx
:
5325 logger
.info("Test: Success after password change")
5327 logger
.info("Unexpected Change-Password packet length: %s" % len(req
))
5330 enc_pw
= data
[0:516]
5332 enc_hash
= data
[0:16]
5334 peer_challenge
= data
[0:16]
5338 nt_response
= data
[0:24]
5341 logger
.info("enc_hash: " + enc_hash
.encode("hex"))
5342 logger
.info("peer_challenge: " + peer_challenge
.encode("hex"))
5343 logger
.info("nt_response: " + nt_response
.encode("hex"))
5344 logger
.info("flags: " + flags
.encode("hex"))
5346 auth_challenge
= binascii
.unhexlify("00112233445566778899aabbccddeeff")
5347 logger
.info("auth_challenge: " + auth_challenge
.encode("hex"))
5349 auth_resp
= GenerateAuthenticatorResponse("new-pw", nt_response
,
5351 auth_challenge
, "user")
5352 payload
= "S=" + auth_resp
.encode('hex').upper()
5353 logger
.info("Success message payload: " + payload
)
5354 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5355 4 + 1 + 4 + len(payload
),
5357 3, 0, 4 + len(payload
)) + payload
5359 if ctx
['num'] == idx
:
5360 logger
.info("Test: EAP-Success")
5361 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'], 4)
5364 if ctx
['num'] == idx
:
5365 logger
.info("Test: Challenge")
5366 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5367 4 + 1 + 4 + 1 + 16 + 6,
5369 1, 0, 4 + 1 + 16 + 6, 16) + 16*'A' + 'foobar'
5371 if ctx
['num'] == idx
:
5372 logger
.info("Test: Failure - authentication failure")
5373 payload
= 'E=691 R=1 C=00112233445566778899aabbccddeeff V=3 M=Authentication failed'
5374 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5375 4 + 1 + 4 + len(payload
),
5377 4, 0, 4 + len(payload
)) + payload
5380 if ctx
['num'] == idx
:
5381 logger
.info("Test: Challenge")
5382 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5383 4 + 1 + 4 + 1 + 16 + 6,
5385 1, 0, 4 + 1 + 16 + 6, 16) + 16*'A' + 'foobar'
5387 if ctx
['num'] == idx
:
5388 logger
.info("Test: Failure - authentication failure")
5389 payload
= 'E=691 R=1 C=00112233445566778899aabbccddeeff V=3 M=Authentication failed (2)'
5390 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5391 4 + 1 + 4 + len(payload
),
5393 4, 0, 4 + len(payload
)) + payload
5395 if ctx
['num'] == idx
:
5396 logger
.info("Test: Failure")
5397 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
5401 srv
= start_radius_server(mschapv2_handler
)
5404 hapd
= start_ap(apdev
[0]['ifname'])
5406 for i
in range(0, 15):
5407 logger
.info("RUN: %d" % i
)
5409 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5410 eap
="MSCHAPV2", identity
="user",
5411 password_hex
="hash:8846f7eaee8fb117ad06bdd830b7586c",
5414 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5415 eap
="MSCHAPV2", identity
="user",
5416 phase2
="mschapv2_retry=0",
5417 password
="password", wait_connect
=False)
5419 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5420 eap
="MSCHAPV2", identity
="user",
5421 password
="password", wait_connect
=False)
5422 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
5424 raise Exception("Timeout on EAP start")
5426 if i
in [ 8, 11, 12 ]:
5427 ev
= dev
[0].wait_event(["CTRL-REQ-NEW_PASSWORD"],
5430 raise Exception("Timeout on new password request")
5431 id = ev
.split(':')[0].split('-')[-1]
5432 dev
[0].request("CTRL-RSP-NEW_PASSWORD-" + id + ":new-pw")
5434 ev
= dev
[0].wait_event(["CTRL-EVENT-PASSWORD-CHANGED"],
5437 raise Exception("Timeout on password change")
5438 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"],
5441 raise Exception("Timeout on EAP success")
5443 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
5446 raise Exception("Timeout on EAP failure")
5449 ev
= dev
[0].wait_event(["CTRL-REQ-IDENTITY"],
5452 raise Exception("Timeout on identity request")
5453 id = ev
.split(':')[0].split('-')[-1]
5454 dev
[0].request("CTRL-RSP-IDENTITY-" + id + ":user")
5456 ev
= dev
[0].wait_event(["CTRL-REQ-PASSWORD"],
5459 raise Exception("Timeout on password request")
5460 id = ev
.split(':')[0].split('-')[-1]
5461 dev
[0].request("CTRL-RSP-PASSWORD-" + id + ":password")
5463 # TODO: Does this work correctly?
5465 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
5468 raise Exception("Timeout on EAP failure")
5470 if i
in [ 4, 5, 6, 7, 14 ]:
5471 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
5474 raise Exception("Timeout on EAP failure")
5477 dev
[0].request("REMOVE_NETWORK all")
5478 dev
[0].wait_disconnected(timeout
=1)
5480 stop_radius_server(srv
)
5482 def test_eap_proto_mschapv2_errors(dev
, apdev
):
5483 """EAP-MSCHAPv2 protocol tests (error paths)"""
5484 check_eap_capa(dev
[0], "MSCHAPV2")
5486 def mschapv2_handler(ctx
, req
):
5487 logger
.info("mschapv2_handler - RX " + req
.encode("hex"))
5488 if 'num' not in ctx
:
5490 ctx
['num'] = ctx
['num'] + 1
5493 ctx
['id'] = (ctx
['id'] + 1) % 256
5497 if ctx
['num'] == idx
:
5498 logger
.info("Test: Failure before challenge - password expired")
5499 payload
= 'E=648 R=1 C=00112233445566778899aabbccddeeff V=3 M=Password expired'
5500 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5501 4 + 1 + 4 + len(payload
),
5503 4, 0, 4 + len(payload
)) + payload
5505 if ctx
['num'] == idx
:
5506 logger
.info("Test: Success after password change")
5507 payload
= "S=1122334455667788990011223344556677889900"
5508 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5509 4 + 1 + 4 + len(payload
),
5511 3, 0, 4 + len(payload
)) + payload
5514 if ctx
['num'] == idx
:
5515 logger
.info("Test: Failure before challenge - password expired")
5516 payload
= 'E=648 R=1 C=00112233445566778899aabbccddeeff V=3 M=Password expired'
5517 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5518 4 + 1 + 4 + len(payload
),
5520 4, 0, 4 + len(payload
)) + payload
5522 if ctx
['num'] == idx
:
5523 logger
.info("Test: Success after password change")
5524 payload
= "S=1122334455667788990011223344556677889900"
5525 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5526 4 + 1 + 4 + len(payload
),
5528 3, 0, 4 + len(payload
)) + payload
5532 srv
= start_radius_server(mschapv2_handler
)
5535 hapd
= start_ap(apdev
[0]['ifname'])
5537 with
fail_test(dev
[0], 1, "eap_mschapv2_change_password"):
5538 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5539 eap
="MSCHAPV2", identity
="user",
5540 password
="password", wait_connect
=False)
5541 ev
= dev
[0].wait_event(["CTRL-REQ-NEW_PASSWORD"], timeout
=10)
5543 raise Exception("Timeout on new password request")
5544 id = ev
.split(':')[0].split('-')[-1]
5545 dev
[0].request("CTRL-RSP-NEW_PASSWORD-" + id + ":new-pw")
5546 wait_fail_trigger(dev
[0], "GET_FAIL")
5547 dev
[0].request("REMOVE_NETWORK all")
5548 dev
[0].wait_disconnected(timeout
=1)
5550 with
fail_test(dev
[0], 1, "get_master_key;eap_mschapv2_change_password"):
5551 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5552 eap
="MSCHAPV2", identity
="user",
5553 password
="password", wait_connect
=False)
5554 ev
= dev
[0].wait_event(["CTRL-REQ-NEW_PASSWORD"], timeout
=10)
5556 raise Exception("Timeout on new password request")
5557 id = ev
.split(':')[0].split('-')[-1]
5558 dev
[0].request("CTRL-RSP-NEW_PASSWORD-" + id + ":new-pw")
5559 wait_fail_trigger(dev
[0], "GET_FAIL")
5560 dev
[0].request("REMOVE_NETWORK all")
5561 dev
[0].wait_disconnected(timeout
=1)
5563 stop_radius_server(srv
)
5565 def test_eap_proto_pwd(dev
, apdev
):
5566 """EAP-pwd protocol tests"""
5567 check_eap_capa(dev
[0], "PWD")
5569 global eap_proto_pwd_test_done
, eap_proto_pwd_test_wait
5570 eap_proto_pwd_test_done
= False
5571 eap_proto_pwd_test_wait
= False
5573 def pwd_handler(ctx
, req
):
5574 logger
.info("pwd_handler - RX " + req
.encode("hex"))
5575 if 'num' not in ctx
:
5577 ctx
['num'] = ctx
['num'] + 1
5580 ctx
['id'] = (ctx
['id'] + 1) % 256
5583 global eap_proto_pwd_test_wait
5584 eap_proto_pwd_test_wait
= False
5587 if ctx
['num'] == idx
:
5588 logger
.info("Test: Missing payload")
5589 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'], 4 + 1,
5593 if ctx
['num'] == idx
:
5594 logger
.info("Test: Missing Total-Length field")
5595 payload
= struct
.pack("B", 0x80)
5596 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5597 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5600 if ctx
['num'] == idx
:
5601 logger
.info("Test: Too large Total-Length")
5602 payload
= struct
.pack(">BH", 0x80, 65535)
5603 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5604 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5607 if ctx
['num'] == idx
:
5608 eap_proto_pwd_test_wait
= True
5609 logger
.info("Test: First fragment")
5610 payload
= struct
.pack(">BH", 0xc0, 10)
5611 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5612 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5614 if ctx
['num'] == idx
:
5615 logger
.info("Test: Unexpected Total-Length value in the second fragment")
5616 payload
= struct
.pack(">BH", 0x80, 0)
5617 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5618 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5621 if ctx
['num'] == idx
:
5622 logger
.info("Test: First and only fragment")
5623 payload
= struct
.pack(">BH", 0x80, 0)
5624 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5625 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5628 if ctx
['num'] == idx
:
5629 logger
.info("Test: First and only fragment with extra data")
5630 payload
= struct
.pack(">BHB", 0x80, 0, 0)
5631 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5632 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5635 if ctx
['num'] == idx
:
5636 eap_proto_pwd_test_wait
= True
5637 logger
.info("Test: First fragment")
5638 payload
= struct
.pack(">BHB", 0xc0, 2, 1)
5639 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5640 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5642 if ctx
['num'] == idx
:
5643 logger
.info("Test: Extra data in the second fragment")
5644 payload
= struct
.pack(">BBB", 0x0, 2, 3)
5645 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5646 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5649 if ctx
['num'] == idx
:
5650 logger
.info("Test: Too short id exchange")
5651 payload
= struct
.pack(">B", 0x01)
5652 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5653 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5656 if ctx
['num'] == idx
:
5657 logger
.info("Test: Unsupported rand func in id exchange")
5658 payload
= struct
.pack(">BHBBLB", 0x01, 0, 0, 0, 0, 0)
5659 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5660 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5663 if ctx
['num'] == idx
:
5664 logger
.info("Test: Unsupported prf in id exchange")
5665 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 0, 0, 0)
5666 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5667 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5670 if ctx
['num'] == idx
:
5671 logger
.info("Test: Unsupported password pre-processing technique in id exchange")
5672 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 255)
5673 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5674 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5677 if ctx
['num'] == idx
:
5678 eap_proto_pwd_test_wait
= True
5679 logger
.info("Test: Valid id exchange")
5680 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
5681 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5682 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5684 if ctx
['num'] == idx
:
5685 logger
.info("Test: Unexpected id exchange")
5686 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
5687 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5688 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5691 if ctx
['num'] == idx
:
5692 logger
.info("Test: Unexpected commit exchange")
5693 payload
= struct
.pack(">B", 0x02)
5694 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5695 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5698 if ctx
['num'] == idx
:
5699 eap_proto_pwd_test_wait
= True
5700 logger
.info("Test: Valid id exchange")
5701 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
5702 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5703 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5705 if ctx
['num'] == idx
:
5706 logger
.info("Test: Unexpected Commit payload length")
5707 payload
= struct
.pack(">B", 0x02)
5708 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5709 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5712 if ctx
['num'] == idx
:
5713 eap_proto_pwd_test_wait
= True
5714 logger
.info("Test: Valid id exchange")
5715 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
5716 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5717 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5719 if ctx
['num'] == idx
:
5720 logger
.info("Test: Commit payload with all zeros values --> Shared key at infinity")
5721 payload
= struct
.pack(">B", 0x02) + 96*'\0'
5722 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5723 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5726 if ctx
['num'] == idx
:
5727 eap_proto_pwd_test_wait
= True
5728 logger
.info("Test: Valid id exchange")
5729 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
5730 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5731 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5733 if ctx
['num'] == idx
:
5734 eap_proto_pwd_test_wait
= True
5735 logger
.info("Test: Commit payload with valid values")
5736 element
= binascii
.unhexlify("8dcab2862c5396839a6bac0c689ff03d962863108e7c275bbf1d6eedf634ee832a214db99f0d0a1a6317733eecdd97f0fc4cda19f57e1bb9bb9c8dcf8c60ba6f")
5737 scalar
= binascii
.unhexlify("450f31e058cf2ac2636a5d6e2b3c70b1fcc301957f0716e77f13aa69f9a2e5bd")
5738 payload
= struct
.pack(">B", 0x02) + element
+ scalar
5739 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5740 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5742 if ctx
['num'] == idx
:
5743 logger
.info("Test: Unexpected Confirm payload length 0")
5744 payload
= struct
.pack(">B", 0x03)
5745 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5746 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5749 if ctx
['num'] == idx
:
5750 eap_proto_pwd_test_wait
= True
5751 logger
.info("Test: Valid id exchange")
5752 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
5753 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5754 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5756 if ctx
['num'] == idx
:
5757 eap_proto_pwd_test_wait
= True
5758 logger
.info("Test: Commit payload with valid values")
5759 element
= binascii
.unhexlify("8dcab2862c5396839a6bac0c689ff03d962863108e7c275bbf1d6eedf634ee832a214db99f0d0a1a6317733eecdd97f0fc4cda19f57e1bb9bb9c8dcf8c60ba6f")
5760 scalar
= binascii
.unhexlify("450f31e058cf2ac2636a5d6e2b3c70b1fcc301957f0716e77f13aa69f9a2e5bd")
5761 payload
= struct
.pack(">B", 0x02) + element
+ scalar
5762 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5763 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5765 if ctx
['num'] == idx
:
5766 logger
.info("Test: Confirm payload with incorrect value")
5767 payload
= struct
.pack(">B", 0x03) + 32*'\0'
5768 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5769 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5772 if ctx
['num'] == idx
:
5773 logger
.info("Test: Unexpected confirm exchange")
5774 payload
= struct
.pack(">B", 0x03)
5775 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5776 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5778 logger
.info("No more test responses available - test case completed")
5779 global eap_proto_pwd_test_done
5780 eap_proto_pwd_test_done
= True
5781 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
5783 srv
= start_radius_server(pwd_handler
)
5786 hapd
= start_ap(apdev
[0]['ifname'])
5789 while not eap_proto_pwd_test_done
:
5791 logger
.info("Running connection iteration %d" % i
)
5792 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5793 eap
="PWD", identity
="pwd user",
5794 password
="secret password",
5798 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STATUS",
5799 "CTRL-EVENT-EAP-PROPOSED-METHOD"],
5802 raise Exception("Timeout on EAP start")
5803 if "CTRL-EVENT-EAP-PROPOSED-METHOD" in ev
:
5806 if "CTRL-EVENT-EAP-STATUS" in ev
and "status='completion' parameter='failure'" in ev
:
5810 raise Exception("Expected EAP event not seen")
5811 if eap_proto_pwd_test_wait
:
5814 if not eap_proto_pwd_test_wait
:
5816 dev
[0].request("REMOVE_NETWORK all")
5817 dev
[0].wait_disconnected(timeout
=1)
5818 dev
[0].dump_monitor()
5820 stop_radius_server(srv
)
5822 def test_eap_proto_pwd_errors(dev
, apdev
):
5823 """EAP-pwd local error cases"""
5824 check_eap_capa(dev
[0], "PWD")
5825 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
5826 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
5828 for i
in range(1, 4):
5829 with
alloc_fail(dev
[0], i
, "eap_pwd_init"):
5830 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5831 eap
="PWD", identity
="pwd user",
5832 password
="secret password",
5834 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
5837 raise Exception("Timeout on EAP start")
5838 dev
[0].request("REMOVE_NETWORK all")
5839 dev
[0].wait_disconnected()
5841 with
alloc_fail(dev
[0], 1, "eap_pwd_get_session_id"):
5842 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5843 eap
="PWD", identity
="pwd user",
5844 password
="secret password")
5845 dev
[0].request("REMOVE_NETWORK all")
5846 dev
[0].wait_disconnected()
5848 for i
in range(1, 7):
5849 with
alloc_fail(dev
[0], i
, "eap_pwd_perform_id_exchange"):
5850 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5851 eap
="PWD", identity
="pwd user",
5852 password
="secret password",
5854 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5857 raise Exception("Timeout on EAP start")
5860 state
= dev
[0].request('GET_ALLOC_FAIL')
5861 if state
.startswith('0:'):
5866 raise Exception("No allocation failure seen")
5867 dev
[0].request("REMOVE_NETWORK all")
5868 dev
[0].wait_disconnected()
5870 with
alloc_fail(dev
[0], 1, "wpabuf_alloc;eap_pwd_perform_id_exchange"):
5871 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5872 eap
="PWD", identity
="pwd user",
5873 password
="secret password",
5875 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5878 raise Exception("Timeout on EAP start")
5879 dev
[0].request("REMOVE_NETWORK all")
5880 dev
[0].wait_disconnected()
5882 for i
in range(1, 4):
5883 with
alloc_fail(dev
[0], i
, "eap_pwd_perform_commit_exchange"):
5884 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5885 eap
="PWD", identity
="pwd user",
5886 password
="secret password",
5888 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5891 raise Exception("Timeout on EAP start")
5894 state
= dev
[0].request('GET_ALLOC_FAIL')
5895 if state
.startswith('0:'):
5900 raise Exception("No allocation failure seen")
5901 dev
[0].request("REMOVE_NETWORK all")
5902 dev
[0].wait_disconnected()
5904 for i
in range(1, 12):
5905 with
alloc_fail(dev
[0], i
, "eap_pwd_perform_confirm_exchange"):
5906 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5907 eap
="PWD", identity
="pwd user",
5908 password
="secret password",
5910 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5913 raise Exception("Timeout on EAP start")
5916 state
= dev
[0].request('GET_ALLOC_FAIL')
5917 if state
.startswith('0:'):
5922 raise Exception("No allocation failure seen")
5923 dev
[0].request("REMOVE_NETWORK all")
5924 dev
[0].wait_disconnected()
5926 for i
in range(1, 4):
5927 with
alloc_fail(dev
[0], i
, "eap_msg_alloc;=eap_pwd_process"):
5928 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5929 eap
="PWD", identity
="pwd user",
5930 password
="secret password",
5932 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5935 raise Exception("Timeout on EAP start")
5938 state
= dev
[0].request('GET_ALLOC_FAIL')
5939 if state
.startswith('0:'):
5944 raise Exception("No allocation failure seen")
5945 dev
[0].request("REMOVE_NETWORK all")
5946 dev
[0].wait_disconnected()
5948 # No password configured
5949 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5950 eap
="PWD", identity
="pwd user",
5952 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=52"],
5955 raise Exception("EAP-pwd not started")
5956 dev
[0].request("REMOVE_NETWORK all")
5957 dev
[0].wait_disconnected()
5959 def test_eap_proto_erp(dev
, apdev
):
5960 """ERP protocol tests"""
5961 check_erp_capa(dev
[0])
5963 global eap_proto_erp_test_done
5964 eap_proto_erp_test_done
= False
5966 def erp_handler(ctx
, req
):
5967 logger
.info("erp_handler - RX " + req
.encode("hex"))
5968 if 'num' not in ctx
:
5973 ctx
['id'] = (ctx
['id'] + 1) % 256
5977 if ctx
['num'] == idx
:
5978 logger
.info("Test: Missing type")
5979 return struct
.pack(">BBH", EAP_CODE_INITIATE
, ctx
['id'], 4)
5982 if ctx
['num'] == idx
:
5983 logger
.info("Test: Unexpected type")
5984 return struct
.pack(">BBHB", EAP_CODE_INITIATE
, ctx
['id'], 4 + 1,
5988 if ctx
['num'] == idx
:
5989 logger
.info("Test: Missing Reserved field")
5990 return struct
.pack(">BBHB", EAP_CODE_INITIATE
, ctx
['id'], 4 + 1,
5991 EAP_ERP_TYPE_REAUTH_START
)
5994 if ctx
['num'] == idx
:
5995 logger
.info("Test: Zero-length TVs/TLVs")
5997 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
5998 4 + 1 + 1 + len(payload
),
5999 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6002 if ctx
['num'] == idx
:
6003 logger
.info("Test: Too short TLV")
6004 payload
= struct
.pack("B", 191)
6005 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
6006 4 + 1 + 1 + len(payload
),
6007 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6010 if ctx
['num'] == idx
:
6011 logger
.info("Test: Truncated TLV")
6012 payload
= struct
.pack("BB", 191, 1)
6013 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
6014 4 + 1 + 1 + len(payload
),
6015 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6018 if ctx
['num'] == idx
:
6019 logger
.info("Test: Ignored unknown TLV and unknown TV/TLV terminating parsing")
6020 payload
= struct
.pack("BBB", 191, 0, 192)
6021 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
6022 4 + 1 + 1 + len(payload
),
6023 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6026 if ctx
['num'] == idx
:
6027 logger
.info("Test: More than one keyName-NAI")
6028 payload
= struct
.pack("BBBB", EAP_ERP_TLV_KEYNAME_NAI
, 0,
6029 EAP_ERP_TLV_KEYNAME_NAI
, 0)
6030 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
6031 4 + 1 + 1 + len(payload
),
6032 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6035 if ctx
['num'] == idx
:
6036 logger
.info("Test: Too short TLV keyName-NAI")
6037 payload
= struct
.pack("B", EAP_ERP_TLV_KEYNAME_NAI
)
6038 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
6039 4 + 1 + 1 + len(payload
),
6040 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6043 if ctx
['num'] == idx
:
6044 logger
.info("Test: Truncated TLV keyName-NAI")
6045 payload
= struct
.pack("BB", EAP_ERP_TLV_KEYNAME_NAI
, 1)
6046 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
6047 4 + 1 + 1 + len(payload
),
6048 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6051 if ctx
['num'] == idx
:
6052 logger
.info("Test: Valid rRK lifetime TV followed by too short rMSK lifetime TV")
6053 payload
= struct
.pack(">BLBH", EAP_ERP_TV_RRK_LIFETIME
, 0,
6054 EAP_ERP_TV_RMSK_LIFETIME
, 0)
6055 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
6056 4 + 1 + 1 + len(payload
),
6057 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6060 if ctx
['num'] == idx
:
6061 logger
.info("Test: Missing type (Finish)")
6062 return struct
.pack(">BBH", EAP_CODE_FINISH
, ctx
['id'], 4)
6065 if ctx
['num'] == idx
:
6066 logger
.info("Test: Unexpected type (Finish)")
6067 return struct
.pack(">BBHB", EAP_CODE_FINISH
, ctx
['id'], 4 + 1,
6071 if ctx
['num'] == idx
:
6072 logger
.info("Test: Missing fields (Finish)")
6073 return struct
.pack(">BBHB", EAP_CODE_FINISH
, ctx
['id'], 4 + 1,
6074 EAP_ERP_TYPE_REAUTH
)
6077 if ctx
['num'] == idx
:
6078 logger
.info("Test: Unexpected SEQ (Finish)")
6079 return struct
.pack(">BBHBBHB", EAP_CODE_FINISH
, ctx
['id'],
6081 EAP_ERP_TYPE_REAUTH
, 0, 0xffff, 0)
6083 logger
.info("No more test responses available - test case completed")
6084 global eap_proto_erp_test_done
6085 eap_proto_erp_test_done
= True
6086 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6088 srv
= start_radius_server(erp_handler
)
6091 hapd
= start_ap(apdev
[0]['ifname'])
6094 while not eap_proto_erp_test_done
:
6096 logger
.info("Running connection iteration %d" % i
)
6097 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6098 eap
="PAX", identity
="pax.user@example.com",
6099 password_hex
="0123456789abcdef0123456789abcdef",
6101 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
6103 raise Exception("Timeout on EAP start")
6105 dev
[0].request("REMOVE_NETWORK all")
6106 dev
[0].wait_disconnected(timeout
=1)
6107 dev
[0].dump_monitor()
6109 stop_radius_server(srv
)
6111 def test_eap_proto_fast_errors(dev
, apdev
):
6112 """EAP-FAST local error cases"""
6113 check_eap_capa(dev
[0], "FAST")
6114 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
6115 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
6117 for i
in range(1, 5):
6118 with
alloc_fail(dev
[0], i
, "eap_fast_init"):
6119 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6120 eap
="FAST", anonymous_identity
="FAST",
6121 identity
="user", password
="password",
6122 ca_cert
="auth_serv/ca.pem", phase2
="auth=GTC",
6123 phase1
="fast_provisioning=2",
6124 pac_file
="blob://fast_pac_auth",
6126 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
6129 raise Exception("Timeout on EAP start")
6130 dev
[0].request("REMOVE_NETWORK all")
6131 dev
[0].wait_disconnected()
6133 tests
= [ (1, "wpabuf_alloc;eap_fast_tlv_eap_payload"),
6134 (1, "eap_fast_derive_key;eap_fast_derive_key_auth"),
6135 (1, "eap_msg_alloc;eap_peer_tls_phase2_nak"),
6136 (1, "wpabuf_alloc;eap_fast_tlv_result"),
6137 (1, "wpabuf_alloc;eap_fast_tlv_pac_ack"),
6138 (1, "=eap_peer_tls_derive_session_id;eap_fast_process_crypto_binding"),
6139 (1, "eap_peer_tls_decrypt;eap_fast_decrypt"),
6140 (1, "eap_fast_getKey"),
6141 (1, "eap_fast_get_session_id"),
6142 (1, "eap_fast_get_emsk") ]
6143 for count
, func
in tests
:
6144 dev
[0].request("SET blob fast_pac_auth_errors ")
6145 with
alloc_fail(dev
[0], count
, func
):
6146 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6147 eap
="FAST", anonymous_identity
="FAST",
6148 identity
="user", password
="password",
6149 ca_cert
="auth_serv/ca.pem", phase2
="auth=GTC",
6150 phase1
="fast_provisioning=2",
6151 pac_file
="blob://fast_pac_auth_errors",
6154 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6157 raise Exception("Timeout on EAP start")
6158 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
6159 dev
[0].request("REMOVE_NETWORK all")
6160 dev
[0].wait_disconnected()
6162 tests
= [ (1, "eap_fast_derive_key;eap_fast_derive_key_provisioning"),
6163 (1, "eap_mschapv2_getKey;eap_fast_get_phase2_key"),
6164 (1, "=eap_fast_use_pac_opaque"),
6165 (1, "eap_fast_copy_buf"),
6166 (1, "=eap_fast_add_pac"),
6167 (1, "=eap_fast_init_pac_data"),
6168 (1, "=eap_fast_write_pac"),
6169 (2, "=eap_fast_write_pac") ]
6170 for count
, func
in tests
:
6171 dev
[0].request("SET blob fast_pac_errors ")
6172 with
alloc_fail(dev
[0], count
, func
):
6173 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6174 eap
="FAST", anonymous_identity
="FAST",
6175 identity
="user", password
="password",
6176 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
6177 phase1
="fast_provisioning=1",
6178 pac_file
="blob://fast_pac_errors",
6181 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6184 raise Exception("Timeout on EAP start")
6185 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
6186 dev
[0].request("REMOVE_NETWORK all")
6187 dev
[0].wait_disconnected()
6189 tests
= [ (1, "eap_fast_get_cmk;eap_fast_process_crypto_binding"),
6190 (1, "eap_fast_derive_eap_msk;eap_fast_process_crypto_binding"),
6191 (1, "eap_fast_derive_eap_emsk;eap_fast_process_crypto_binding") ]
6192 for count
, func
in tests
:
6193 dev
[0].request("SET blob fast_pac_auth_errors ")
6194 with
fail_test(dev
[0], count
, func
):
6195 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6196 eap
="FAST", anonymous_identity
="FAST",
6197 identity
="user", password
="password",
6198 ca_cert
="auth_serv/ca.pem", phase2
="auth=GTC",
6199 phase1
="fast_provisioning=2",
6200 pac_file
="blob://fast_pac_auth_errors",
6203 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6206 raise Exception("Timeout on EAP start")
6207 wait_fail_trigger(dev
[0], "GET_FAIL")
6208 dev
[0].request("REMOVE_NETWORK all")
6209 dev
[0].wait_disconnected()
6211 dev
[0].request("SET blob fast_pac_errors ")
6212 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6213 eap
="FAST", anonymous_identity
="FAST",
6214 identity
="user", password
="password",
6215 ca_cert
="auth_serv/ca.pem", phase2
="auth=GTC",
6216 phase1
="fast_provisioning=1",
6217 pac_file
="blob://fast_pac_errors",
6219 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout
=5)
6221 raise Exception("Timeout on EAP start")
6222 # EAP-FAST: Only EAP-MSCHAPv2 is allowed during unauthenticated
6223 # provisioning; reject phase2 type 6
6224 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
6226 raise Exception("Timeout on EAP failure")
6227 dev
[0].request("REMOVE_NETWORK all")
6228 dev
[0].wait_disconnected()
6230 logger
.info("Wrong password in Phase 2")
6231 dev
[0].request("SET blob fast_pac_errors ")
6232 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6233 eap
="FAST", anonymous_identity
="FAST",
6234 identity
="user", password
="wrong password",
6235 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
6236 phase1
="fast_provisioning=1",
6237 pac_file
="blob://fast_pac_errors",
6239 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout
=5)
6241 raise Exception("Timeout on EAP start")
6242 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
6244 raise Exception("Timeout on EAP failure")
6245 dev
[0].request("REMOVE_NETWORK all")
6246 dev
[0].wait_disconnected()
6248 tests
= [ "FOOBAR\n",
6249 "wpa_supplicant EAP-FAST PAC file - version 1\nFOOBAR\n",
6250 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\n",
6251 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nSTART\n",
6252 "wpa_supplicant EAP-FAST PAC file - version 1\nEND\n",
6253 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nPAC-Type=12345\nEND\n"
6254 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nPAC-Key=12\nEND\n",
6255 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nPAC-Key=1\nEND\n",
6256 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nPAC-Key=1q\nEND\n",
6257 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nPAC-Opaque=1\nEND\n",
6258 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nA-ID=1\nEND\n",
6259 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nI-ID=1\nEND\n",
6260 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nA-ID-Info=1\nEND\n" ]
6262 blob
= binascii
.hexlify(pac
)
6263 dev
[0].request("SET blob fast_pac_errors " + blob
)
6264 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6265 eap
="FAST", anonymous_identity
="FAST",
6266 identity
="user", password
="password",
6267 ca_cert
="auth_serv/ca.pem", phase2
="auth=GTC",
6268 phase1
="fast_provisioning=2",
6269 pac_file
="blob://fast_pac_errors",
6271 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
6274 raise Exception("Timeout on EAP start")
6275 dev
[0].request("REMOVE_NETWORK all")
6276 dev
[0].wait_disconnected()
6278 tests
= [ "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nEND\n",
6279 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nEND\nSTART\nEND\nSTART\nEND\n" ]
6281 blob
= binascii
.hexlify(pac
)
6282 dev
[0].request("SET blob fast_pac_errors " + blob
)
6283 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6284 eap
="FAST", anonymous_identity
="FAST",
6285 identity
="user", password
="password",
6286 ca_cert
="auth_serv/ca.pem", phase2
="auth=GTC",
6287 phase1
="fast_provisioning=2",
6288 pac_file
="blob://fast_pac_errors")
6289 dev
[0].request("REMOVE_NETWORK all")
6290 dev
[0].wait_disconnected()
6292 dev
[0].request("SET blob fast_pac_errors ")
6294 def test_eap_proto_peap_errors(dev
, apdev
):
6295 """EAP-PEAP local error cases"""
6296 check_eap_capa(dev
[0], "PEAP")
6297 check_eap_capa(dev
[0], "MSCHAPV2")
6298 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
6299 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
6301 for i
in range(1, 5):
6302 with
alloc_fail(dev
[0], i
, "eap_peap_init"):
6303 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6304 eap
="PEAP", anonymous_identity
="peap",
6305 identity
="user", password
="password",
6306 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
6308 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
6311 raise Exception("Timeout on EAP start")
6312 dev
[0].request("REMOVE_NETWORK all")
6313 dev
[0].wait_disconnected()
6315 tests
= [ (1, "eap_mschapv2_getKey;eap_peap_get_isk;eap_peap_derive_cmk"),
6316 (1, "eap_msg_alloc;eap_tlv_build_result"),
6317 (1, "eap_mschapv2_init;eap_peap_phase2_request"),
6318 (1, "eap_peer_tls_decrypt;eap_peap_decrypt"),
6319 (1, "wpabuf_alloc;=eap_peap_decrypt"),
6320 (1, "eap_peer_tls_encrypt;eap_peap_decrypt"),
6321 (1, "eap_peer_tls_process_helper;eap_peap_process"),
6322 (1, "eap_peer_tls_derive_key;eap_peap_process"),
6323 (1, "eap_peer_tls_derive_session_id;eap_peap_process"),
6324 (1, "eap_peap_getKey"),
6325 (1, "eap_peap_get_session_id") ]
6326 for count
, func
in tests
:
6327 with
alloc_fail(dev
[0], count
, func
):
6328 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6329 eap
="PEAP", anonymous_identity
="peap",
6330 identity
="user", password
="password",
6331 phase1
="peapver=0 crypto_binding=2",
6332 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
6333 erp
="1", wait_connect
=False)
6334 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6337 raise Exception("Timeout on EAP start")
6338 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
6339 dev
[0].request("REMOVE_NETWORK all")
6340 dev
[0].wait_disconnected()
6342 tests
= [ (1, "peap_prfplus;eap_peap_derive_cmk"),
6343 (1, "eap_tlv_add_cryptobinding;eap_tlv_build_result"),
6344 (1, "peap_prfplus;eap_peap_getKey") ]
6345 for count
, func
in tests
:
6346 with
fail_test(dev
[0], count
, func
):
6347 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6348 eap
="PEAP", anonymous_identity
="peap",
6349 identity
="user", password
="password",
6350 phase1
="peapver=0 crypto_binding=2",
6351 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
6352 erp
="1", wait_connect
=False)
6353 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6356 raise Exception("Timeout on EAP start")
6357 wait_fail_trigger(dev
[0], "GET_FAIL")
6358 dev
[0].request("REMOVE_NETWORK all")
6359 dev
[0].wait_disconnected()
6361 with
alloc_fail(dev
[0], 1,
6362 "eap_peer_tls_phase2_nak;eap_peap_phase2_request"):
6363 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6364 eap
="PEAP", anonymous_identity
="peap",
6365 identity
="cert user", password
="password",
6366 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
6368 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
6369 dev
[0].request("REMOVE_NETWORK all")
6370 dev
[0].wait_disconnected()
6372 def test_eap_proto_ttls_errors(dev
, apdev
):
6373 """EAP-TTLS local error cases"""
6374 check_eap_capa(dev
[0], "TTLS")
6375 check_eap_capa(dev
[0], "MSCHAPV2")
6376 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
6377 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
6379 for i
in range(1, 5):
6380 with
alloc_fail(dev
[0], i
, "eap_ttls_init"):
6381 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6382 eap
="TTLS", anonymous_identity
="ttls",
6383 identity
="user", password
="password",
6384 ca_cert
="auth_serv/ca.pem",
6385 phase2
="autheap=MSCHAPV2",
6387 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
6390 raise Exception("Timeout on EAP start")
6391 dev
[0].request("REMOVE_NETWORK all")
6392 dev
[0].wait_disconnected()
6394 tests
= [ (1, "eap_peer_tls_derive_key;eap_ttls_v0_derive_key",
6395 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6396 (1, "eap_peer_tls_derive_session_id;eap_ttls_v0_derive_key",
6397 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6398 (1, "wpabuf_alloc;eap_ttls_phase2_request_mschapv2",
6399 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6400 (1, "eap_peer_tls_derive_key;eap_ttls_phase2_request_mschapv2",
6401 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6402 (1, "eap_peer_tls_encrypt;eap_ttls_encrypt_response;eap_ttls_implicit_identity_request",
6403 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6404 (1, "eap_peer_tls_decrypt;eap_ttls_decrypt",
6405 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6406 (1, "eap_ttls_getKey",
6407 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6408 (1, "eap_ttls_get_session_id",
6409 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6410 (1, "eap_ttls_get_emsk",
6411 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6412 (1, "wpabuf_alloc;eap_ttls_phase2_request_mschap",
6413 "mschap user", "auth=MSCHAP"),
6414 (1, "eap_peer_tls_derive_key;eap_ttls_phase2_request_mschap",
6415 "mschap user", "auth=MSCHAP"),
6416 (1, "wpabuf_alloc;eap_ttls_phase2_request_chap",
6417 "chap user", "auth=CHAP"),
6418 (1, "eap_peer_tls_derive_key;eap_ttls_phase2_request_chap",
6419 "chap user", "auth=CHAP"),
6420 (1, "wpabuf_alloc;eap_ttls_phase2_request_pap",
6421 "pap user", "auth=PAP"),
6422 (1, "wpabuf_alloc;eap_ttls_avp_encapsulate",
6423 "user", "autheap=MSCHAPV2"),
6424 (1, "eap_mschapv2_init;eap_ttls_phase2_request_eap_method",
6425 "user", "autheap=MSCHAPV2"),
6426 (1, "eap_sm_buildIdentity;eap_ttls_phase2_request_eap",
6427 "user", "autheap=MSCHAPV2"),
6428 (1, "eap_ttls_avp_encapsulate;eap_ttls_phase2_request_eap",
6429 "user", "autheap=MSCHAPV2"),
6430 (1, "eap_ttls_parse_attr_eap",
6431 "user", "autheap=MSCHAPV2"),
6432 (1, "eap_peer_tls_encrypt;eap_ttls_encrypt_response;eap_ttls_process_decrypted",
6433 "user", "autheap=MSCHAPV2"),
6434 (1, "eap_ttls_fake_identity_request",
6435 "user", "autheap=MSCHAPV2"),
6436 (1, "eap_msg_alloc;eap_tls_process_output",
6437 "user", "autheap=MSCHAPV2"),
6438 (1, "eap_msg_alloc;eap_peer_tls_build_ack",
6439 "user", "autheap=MSCHAPV2"),
6440 (1, "tls_connection_decrypt;eap_peer_tls_decrypt",
6441 "user", "autheap=MSCHAPV2"),
6442 (1, "eap_peer_tls_phase2_nak;eap_ttls_phase2_request_eap_method",
6443 "cert user", "autheap=MSCHAPV2") ]
6444 for count
, func
, identity
, phase2
in tests
:
6445 with
alloc_fail(dev
[0], count
, func
):
6446 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6447 eap
="TTLS", anonymous_identity
="ttls",
6448 identity
=identity
, password
="password",
6449 ca_cert
="auth_serv/ca.pem", phase2
=phase2
,
6450 erp
="1", wait_connect
=False)
6451 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6454 raise Exception("Timeout on EAP start")
6455 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL",
6456 note
="Allocation failure not triggered for: %d:%s" % (count
, func
))
6457 dev
[0].request("REMOVE_NETWORK all")
6458 dev
[0].wait_disconnected()
6460 tests
= [ (1, "os_get_random;eap_ttls_phase2_request_mschapv2"),
6461 (1, "mschapv2_derive_response;eap_ttls_phase2_request_mschapv2") ]
6462 for count
, func
in tests
:
6463 with
fail_test(dev
[0], count
, func
):
6464 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6465 eap
="TTLS", anonymous_identity
="ttls",
6466 identity
="DOMAIN\mschapv2 user", password
="password",
6467 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
6468 erp
="1", wait_connect
=False)
6469 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6472 raise Exception("Timeout on EAP start")
6473 wait_fail_trigger(dev
[0], "GET_FAIL",
6474 note
="Test failure not triggered for: %d:%s" % (count
, func
))
6475 dev
[0].request("REMOVE_NETWORK all")
6476 dev
[0].wait_disconnected()
6478 def test_eap_proto_expanded(dev
, apdev
):
6479 """EAP protocol tests with expanded header"""
6480 global eap_proto_expanded_test_done
6481 eap_proto_expanded_test_done
= False
6483 def expanded_handler(ctx
, req
):
6484 logger
.info("expanded_handler - RX " + req
.encode("hex"))
6485 if 'num' not in ctx
:
6490 ctx
['id'] = (ctx
['id'] + 1) % 256
6494 if ctx
['num'] == idx
:
6495 logger
.info("Test: MD5 challenge in expanded header")
6496 return struct
.pack(">BBHB3BLBBB", EAP_CODE_REQUEST
, ctx
['id'],
6498 EAP_TYPE_EXPANDED
, 0, 0, 0, EAP_TYPE_MD5
,
6501 if ctx
['num'] == idx
:
6502 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6505 if ctx
['num'] == idx
:
6506 logger
.info("Test: Invalid expanded EAP length")
6507 return struct
.pack(">BBHB3BH", EAP_CODE_REQUEST
, ctx
['id'],
6509 EAP_TYPE_EXPANDED
, 0, 0, 0, EAP_TYPE_MD5
)
6511 if ctx
['num'] == idx
:
6512 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6515 if ctx
['num'] == idx
:
6516 logger
.info("Test: Invalid expanded frame type")
6517 return struct
.pack(">BBHB3BL", EAP_CODE_REQUEST
, ctx
['id'],
6519 EAP_TYPE_EXPANDED
, 0, 0, 1, EAP_TYPE_MD5
)
6521 if ctx
['num'] == idx
:
6522 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6525 if ctx
['num'] == idx
:
6526 logger
.info("Test: MSCHAPv2 Challenge")
6527 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
6528 4 + 1 + 4 + 1 + 16 + 6,
6530 1, 0, 4 + 1 + 16 + 6, 16) + 16*'A' + 'foobar'
6532 if ctx
['num'] == idx
:
6533 logger
.info("Test: Invalid expanded frame type")
6534 return struct
.pack(">BBHB3BL", EAP_CODE_REQUEST
, ctx
['id'],
6536 EAP_TYPE_EXPANDED
, 0, 0, 1, EAP_TYPE_MSCHAPV2
)
6538 logger
.info("No more test responses available - test case completed")
6539 global eap_proto_expanded_test_done
6540 eap_proto_expanded_test_done
= True
6541 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6543 srv
= start_radius_server(expanded_handler
)
6546 hapd
= start_ap(apdev
[0]['ifname'])
6549 while not eap_proto_expanded_test_done
:
6551 logger
.info("Running connection iteration %d" % i
)
6553 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6554 eap
="MSCHAPV2", identity
="user",
6555 password
="password",
6558 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6559 eap
="MD5", identity
="user", password
="password",
6561 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
6563 raise Exception("Timeout on EAP start")
6565 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout
=5)
6567 raise Exception("Timeout on EAP method start")
6568 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
6570 raise Exception("Timeout on EAP failure")
6572 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6575 raise Exception("Timeout on EAP proposed method")
6576 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
6578 raise Exception("Timeout on EAP failure")
6581 dev
[0].request("REMOVE_NETWORK all")
6582 dev
[0].wait_disconnected(timeout
=1)
6583 dev
[0].dump_monitor()
6585 stop_radius_server(srv
)
6587 def test_eap_proto_tnc(dev
, apdev
):
6588 """EAP-TNC protocol tests"""
6589 check_eap_capa(dev
[0], "TNC")
6590 global eap_proto_tnc_test_done
6591 eap_proto_tnc_test_done
= False
6593 def tnc_handler(ctx
, req
):
6594 logger
.info("tnc_handler - RX " + req
.encode("hex"))
6595 if 'num' not in ctx
:
6600 ctx
['id'] = (ctx
['id'] + 1) % 256
6604 if ctx
['num'] == idx
:
6605 logger
.info("Test: TNC start with unsupported version")
6606 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6611 if ctx
['num'] == idx
:
6612 logger
.info("Test: TNC without Flags field")
6613 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
6618 if ctx
['num'] == idx
:
6619 logger
.info("Test: Message underflow due to missing Message Length")
6620 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6625 if ctx
['num'] == idx
:
6626 logger
.info("Test: Invalid Message Length")
6627 return struct
.pack(">BBHBBLB", EAP_CODE_REQUEST
, ctx
['id'],
6629 EAP_TYPE_TNC
, 0xa1, 0, 0)
6632 if ctx
['num'] == idx
:
6633 logger
.info("Test: Invalid Message Length")
6634 return struct
.pack(">BBHBBL", EAP_CODE_REQUEST
, ctx
['id'],
6636 EAP_TYPE_TNC
, 0xe1, 75001)
6639 if ctx
['num'] == idx
:
6640 logger
.info("Test: Start with Message Length")
6641 return struct
.pack(">BBHBBL", EAP_CODE_REQUEST
, ctx
['id'],
6643 EAP_TYPE_TNC
, 0xa1, 1)
6645 if ctx
['num'] == idx
:
6646 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6649 if ctx
['num'] == idx
:
6650 logger
.info("Test: Server used start flag again")
6651 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6655 if ctx
['num'] == idx
:
6656 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6661 if ctx
['num'] == idx
:
6662 logger
.info("Test: Fragmentation and unexpected payload in ack")
6663 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6667 if ctx
['num'] == idx
:
6668 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6672 if ctx
['num'] == idx
:
6673 return struct
.pack(">BBHBBB", EAP_CODE_REQUEST
, ctx
['id'],
6675 EAP_TYPE_TNC
, 0x01, 0)
6678 if ctx
['num'] == idx
:
6679 logger
.info("Test: Server fragmenting and fragment overflow")
6680 return struct
.pack(">BBHBBLB", EAP_CODE_REQUEST
, ctx
['id'],
6682 EAP_TYPE_TNC
, 0xe1, 2, 1)
6684 if ctx
['num'] == idx
:
6685 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
6687 EAP_TYPE_TNC
, 0x01, 2, 3)
6690 if ctx
['num'] == idx
:
6691 logger
.info("Test: Server fragmenting and no message length in a fragment")
6692 return struct
.pack(">BBHBBB", EAP_CODE_REQUEST
, ctx
['id'],
6694 EAP_TYPE_TNC
, 0x61, 2)
6697 if ctx
['num'] == idx
:
6698 logger
.info("Test: TNC start followed by invalid TNCCS-Batch")
6699 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6703 if ctx
['num'] == idx
:
6704 logger
.info("Received TNCCS-Batch: " + req
[6:])
6706 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6707 4 + 1 + 1 + len(resp
),
6708 EAP_TYPE_TNC
, 0x01) + resp
6711 if ctx
['num'] == idx
:
6712 logger
.info("Test: TNC start followed by invalid TNCCS-Batch (2)")
6713 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6717 if ctx
['num'] == idx
:
6718 logger
.info("Received TNCCS-Batch: " + req
[6:])
6719 resp
= "</TNCCS-Batch><TNCCS-Batch>"
6720 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6721 4 + 1 + 1 + len(resp
),
6722 EAP_TYPE_TNC
, 0x01) + resp
6725 if ctx
['num'] == idx
:
6726 logger
.info("Test: TNCCS-Batch missing BatchId attribute")
6727 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6731 if ctx
['num'] == idx
:
6732 logger
.info("Received TNCCS-Batch: " + req
[6:])
6733 resp
= "<TNCCS-Batch foo=3></TNCCS-Batch>"
6734 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6735 4 + 1 + 1 + len(resp
),
6736 EAP_TYPE_TNC
, 0x01) + resp
6739 if ctx
['num'] == idx
:
6740 logger
.info("Test: Unexpected IF-TNCCS BatchId")
6741 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6745 if ctx
['num'] == idx
:
6746 logger
.info("Received TNCCS-Batch: " + req
[6:])
6747 resp
= "<TNCCS-Batch BatchId=123456789></TNCCS-Batch>"
6748 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6749 4 + 1 + 1 + len(resp
),
6750 EAP_TYPE_TNC
, 0x01) + resp
6753 if ctx
['num'] == idx
:
6754 logger
.info("Test: Missing IMC-IMV-Message and TNCC-TNCS-Message end tags")
6755 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6759 if ctx
['num'] == idx
:
6760 logger
.info("Received TNCCS-Batch: " + req
[6:])
6761 resp
= "<TNCCS-Batch BatchId=2><IMC-IMV-Message><TNCC-TNCS-Message></TNCCS-Batch>"
6762 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6763 4 + 1 + 1 + len(resp
),
6764 EAP_TYPE_TNC
, 0x01) + resp
6766 if ctx
['num'] == idx
:
6767 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6770 if ctx
['num'] == idx
:
6771 logger
.info("Test: Missing IMC-IMV-Message and TNCC-TNCS-Message Type")
6772 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6776 if ctx
['num'] == idx
:
6777 logger
.info("Received TNCCS-Batch: " + req
[6:])
6778 resp
= "<TNCCS-Batch BatchId=2><IMC-IMV-Message></IMC-IMV-Message><TNCC-TNCS-Message></TNCC-TNCS-Message></TNCCS-Batch>"
6779 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6780 4 + 1 + 1 + len(resp
),
6781 EAP_TYPE_TNC
, 0x01) + resp
6783 if ctx
['num'] == idx
:
6784 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6787 if ctx
['num'] == idx
:
6788 logger
.info("Test: Missing TNCC-TNCS-Message XML end tag")
6789 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6793 if ctx
['num'] == idx
:
6794 logger
.info("Received TNCCS-Batch: " + req
[6:])
6795 resp
= "<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><XML></TNCC-TNCS-Message></TNCCS-Batch>"
6796 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6797 4 + 1 + 1 + len(resp
),
6798 EAP_TYPE_TNC
, 0x01) + resp
6800 if ctx
['num'] == idx
:
6801 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6804 if ctx
['num'] == idx
:
6805 logger
.info("Test: Missing TNCC-TNCS-Message Base64 start tag")
6806 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6810 if ctx
['num'] == idx
:
6811 logger
.info("Received TNCCS-Batch: " + req
[6:])
6812 resp
= "<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type></TNCC-TNCS-Message></TNCCS-Batch>"
6813 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6814 4 + 1 + 1 + len(resp
),
6815 EAP_TYPE_TNC
, 0x01) + resp
6817 if ctx
['num'] == idx
:
6818 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6821 if ctx
['num'] == idx
:
6822 logger
.info("Test: Missing TNCC-TNCS-Message Base64 end tag")
6823 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6827 if ctx
['num'] == idx
:
6828 logger
.info("Received TNCCS-Batch: " + req
[6:])
6829 resp
= "<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><Base64>abc</TNCC-TNCS-Message></TNCCS-Batch>"
6830 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6831 4 + 1 + 1 + len(resp
),
6832 EAP_TYPE_TNC
, 0x01) + resp
6834 if ctx
['num'] == idx
:
6835 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6838 if ctx
['num'] == idx
:
6839 logger
.info("Test: TNCC-TNCS-Message Base64 message")
6840 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6844 if ctx
['num'] == idx
:
6845 logger
.info("Received TNCCS-Batch: " + req
[6:])
6846 resp
= "<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><Base64>aGVsbG8=</Base64></TNCC-TNCS-Message></TNCCS-Batch>"
6847 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6848 4 + 1 + 1 + len(resp
),
6849 EAP_TYPE_TNC
, 0x01) + resp
6851 if ctx
['num'] == idx
:
6852 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6855 if ctx
['num'] == idx
:
6856 logger
.info("Test: Invalid TNCC-TNCS-Message XML message")
6857 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6861 if ctx
['num'] == idx
:
6862 logger
.info("Received TNCCS-Batch: " + req
[6:])
6863 resp
= "<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><XML>hello</XML></TNCC-TNCS-Message></TNCCS-Batch>"
6864 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6865 4 + 1 + 1 + len(resp
),
6866 EAP_TYPE_TNC
, 0x01) + resp
6868 if ctx
['num'] == idx
:
6869 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6872 if ctx
['num'] == idx
:
6873 logger
.info("Test: Missing TNCCS-Recommendation type")
6874 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6878 if ctx
['num'] == idx
:
6879 logger
.info("Received TNCCS-Batch: " + req
[6:])
6880 resp
= '<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><XML><TNCCS-Recommendation foo=1></TNCCS-Recommendation></XML></TNCC-TNCS-Message></TNCCS-Batch>'
6881 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6882 4 + 1 + 1 + len(resp
),
6883 EAP_TYPE_TNC
, 0x01) + resp
6885 if ctx
['num'] == idx
:
6886 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6889 if ctx
['num'] == idx
:
6890 logger
.info("Test: TNCCS-Recommendation type=none")
6891 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6895 if ctx
['num'] == idx
:
6896 logger
.info("Received TNCCS-Batch: " + req
[6:])
6897 resp
= '<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><XML><TNCCS-Recommendation type="none"></TNCCS-Recommendation></XML></TNCC-TNCS-Message></TNCCS-Batch>'
6898 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6899 4 + 1 + 1 + len(resp
),
6900 EAP_TYPE_TNC
, 0x01) + resp
6902 if ctx
['num'] == idx
:
6903 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6906 if ctx
['num'] == idx
:
6907 logger
.info("Test: TNCCS-Recommendation type=isolate")
6908 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6912 if ctx
['num'] == idx
:
6913 logger
.info("Received TNCCS-Batch: " + req
[6:])
6914 resp
= '<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><XML><TNCCS-Recommendation type="isolate"></TNCCS-Recommendation></XML></TNCC-TNCS-Message></TNCCS-Batch>'
6915 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6916 4 + 1 + 1 + len(resp
),
6917 EAP_TYPE_TNC
, 0x01) + resp
6919 if ctx
['num'] == idx
:
6920 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6922 logger
.info("No more test responses available - test case completed")
6923 global eap_proto_tnc_test_done
6924 eap_proto_tnc_test_done
= True
6925 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6927 srv
= start_radius_server(tnc_handler
)
6930 hapd
= start_ap(apdev
[0]['ifname'])
6933 while not eap_proto_tnc_test_done
:
6935 logger
.info("Running connection iteration %d" % i
)
6939 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6940 eap
="TNC", identity
="tnc", fragment_size
=str(frag
),
6942 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
6944 raise Exception("Timeout on EAP start")
6945 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-METHOD",
6946 "CTRL-EVENT-EAP-STATUS"], timeout
=5)
6948 raise Exception("Timeout on EAP method start")
6950 dev
[0].request("REMOVE_NETWORK all")
6951 dev
[0].wait_disconnected(timeout
=1)
6952 dev
[0].dump_monitor()
6954 stop_radius_server(srv
)