2 # Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
11 logger
= logging
.getLogger()
18 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
19 from test_ap_eap
import check_eap_capa
, check_hlr_auc_gw_support
20 from test_erp
import check_erp_capa
30 EAP_TYPE_NOTIFICATION
= 2
41 EAP_TYPE_MSCHAPV2
= 26
49 EAP_TYPE_AKA_PRIME
= 50
53 EAP_TYPE_EXPANDED
= 254
55 # Type field in EAP-Initiate and EAP-Finish messages
56 EAP_ERP_TYPE_REAUTH_START
= 1
57 EAP_ERP_TYPE_REAUTH
= 2
59 EAP_ERP_TLV_KEYNAME_NAI
= 1
60 EAP_ERP_TV_RRK_LIFETIME
= 2
61 EAP_ERP_TV_RMSK_LIFETIME
= 3
62 EAP_ERP_TLV_DOMAIN_NAME
= 4
63 EAP_ERP_TLV_CRYPTOSUITES
= 5
64 EAP_ERP_TLV_AUTHORIZATION_INDICATION
= 6
65 EAP_ERP_TLV_CALLED_STATION_ID
= 128
66 EAP_ERP_TLV_CALLING_STATION_ID
= 129
67 EAP_ERP_TLV_NAS_IDENTIFIER
= 130
68 EAP_ERP_TLV_NAS_IP_ADDRESS
= 131
69 EAP_ERP_TLV_NAS_IPV6_ADDRESS
= 132
71 def run_pyrad_server(srv
, t_stop
, eap_handler
):
72 srv
.RunWithStop(t_stop
, eap_handler
)
74 def start_radius_server(eap_handler
):
78 import pyrad
.dictionary
80 raise HwsimSkip("No pyrad modules available")
82 class TestServer(pyrad
.server
.Server
):
83 def _HandleAuthPacket(self
, pkt
):
84 pyrad
.server
.Server
._HandleAuthPacket
(self
, pkt
)
88 eap_req
= self
.eap_handler(self
.ctx
, eap
)
89 reply
= self
.CreateReplyPacket(pkt
)
92 if len(eap_req
) > 253:
93 reply
.AddAttribute("EAP-Message", eap_req
[0:253])
94 eap_req
= eap_req
[253:]
96 reply
.AddAttribute("EAP-Message", eap_req
)
99 logger
.info("No EAP request available")
100 reply
.code
= pyrad
.packet
.AccessChallenge
102 hmac_obj
= hmac
.new(reply
.secret
)
103 hmac_obj
.update(struct
.pack("B", reply
.code
))
104 hmac_obj
.update(struct
.pack("B", reply
.id))
107 reply
.AddAttribute("Message-Authenticator",
108 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
109 attrs
= reply
._PktEncodeAttributes
()
112 flen
= 4 + 16 + len(attrs
)
113 hmac_obj
.update(struct
.pack(">H", flen
))
114 hmac_obj
.update(pkt
.authenticator
)
115 hmac_obj
.update(attrs
)
117 reply
.AddAttribute("Message-Authenticator", hmac_obj
.digest())
119 self
.SendReplyPacket(pkt
.fd
, reply
)
121 def RunWithStop(self
, t_stop
, eap_handler
):
122 self
._poll
= select
.poll()
124 self
._PrepareSockets
()
126 self
.eap_handler
= eap_handler
129 while not t_stop
.is_set():
130 for (fd
, event
) in self
._poll
.poll(200):
131 if event
== select
.POLLIN
:
133 fdo
= self
._fdmap
[fd
]
134 self
._ProcessInput
(fdo
)
135 except pyrad
.server
.ServerPacketError
as err
:
136 logger
.info("pyrad server dropping packet: " + str(err
))
137 except pyrad
.packet
.PacketError
as err
:
138 logger
.info("pyrad server received invalid packet: " + str(err
))
140 logger
.error("Unexpected event in pyrad server main loop")
142 srv
= TestServer(dict=pyrad
.dictionary
.Dictionary("dictionary.radius"),
143 authport
=18138, acctport
=18139)
144 srv
.hosts
["127.0.0.1"] = pyrad
.server
.RemoteHost("127.0.0.1",
147 srv
.BindToAddress("")
148 t_stop
= threading
.Event()
149 t
= threading
.Thread(target
=run_pyrad_server
, args
=(srv
, t_stop
, eap_handler
))
152 return { 'srv': srv
, 'stop': t_stop
, 'thread': t
}
154 def stop_radius_server(srv
):
158 def start_ap(ifname
):
159 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
160 params
['auth_server_port'] = "18138"
161 hapd
= hostapd
.add_ap(ifname
, params
)
164 def test_eap_proto(dev
, apdev
):
165 """EAP protocol tests"""
166 check_eap_capa(dev
[0], "MD5")
167 def eap_handler(ctx
, req
):
168 logger
.info("eap_handler - RX " + req
.encode("hex"))
171 ctx
['num'] = ctx
['num'] + 1
174 ctx
['id'] = (ctx
['id'] + 1) % 256
178 if ctx
['num'] == idx
:
179 logger
.info("Test: MD5 challenge")
180 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
185 if ctx
['num'] == idx
:
186 logger
.info("Test: EAP-Success - id off by 2")
187 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'] + 1, 4)
190 if ctx
['num'] == idx
:
191 logger
.info("Test: MD5 challenge")
192 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
197 if ctx
['num'] == idx
:
198 logger
.info("Test: EAP-Success - id off by 3")
199 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'] + 2, 4)
202 if ctx
['num'] == idx
:
203 logger
.info("Test: MD5 challenge")
204 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
209 if ctx
['num'] == idx
:
210 logger
.info("Test: EAP-Notification/Request")
211 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
213 EAP_TYPE_NOTIFICATION
,
216 if ctx
['num'] == idx
:
217 logger
.info("Test: EAP-Success")
218 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'] - 1, 4)
221 if ctx
['num'] == idx
:
222 logger
.info("Test: EAP-Notification/Request")
223 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
225 EAP_TYPE_NOTIFICATION
,
228 if ctx
['num'] == idx
:
229 logger
.info("Test: MD5 challenge")
230 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
235 if ctx
['num'] == idx
:
236 logger
.info("Test: EAP-Success")
237 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'] - 1, 4)
240 if ctx
['num'] == idx
:
241 logger
.info("Test: EAP-Notification/Request")
242 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
244 EAP_TYPE_NOTIFICATION
,
247 if ctx
['num'] == idx
:
248 logger
.info("Test: MD5 challenge")
249 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
254 if ctx
['num'] == idx
:
255 logger
.info("Test: EAP-Notification/Request")
256 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
258 EAP_TYPE_NOTIFICATION
,
261 if ctx
['num'] == idx
:
262 logger
.info("Test: EAP-Success")
263 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'] - 1, 4)
266 if ctx
['num'] == idx
:
267 logger
.info("Test: EAP-Notification/Request")
268 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
270 EAP_TYPE_NOTIFICATION
,
273 if ctx
['num'] == idx
:
274 logger
.info("Test: EAP-Notification/Request (same id)")
275 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'] - 1,
277 EAP_TYPE_NOTIFICATION
,
280 if ctx
['num'] == idx
:
281 logger
.info("Test: Unexpected EAP-Success")
282 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'] - 2, 4)
286 srv
= start_radius_server(eap_handler
)
289 hapd
= start_ap(apdev
[0]['ifname'])
291 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
292 eap
="MD5", identity
="user", password
="password",
294 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
296 raise Exception("Timeout on EAP start")
297 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=15)
299 raise Exception("Timeout on EAP success")
300 dev
[0].request("REMOVE_NETWORK all")
302 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
303 eap
="MD5", identity
="user", password
="password",
305 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
307 raise Exception("Timeout on EAP start")
308 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=1)
310 raise Exception("Unexpected EAP success")
311 dev
[0].request("REMOVE_NETWORK all")
313 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
314 eap
="MD5", identity
="user", password
="password",
316 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
318 raise Exception("Timeout on EAP start")
319 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout
=10)
321 raise Exception("Timeout on EAP notification")
322 if ev
!= "<3>CTRL-EVENT-EAP-NOTIFICATION A":
323 raise Exception("Unexpected notification contents: " + ev
)
324 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=15)
326 raise Exception("Timeout on EAP success")
327 dev
[0].request("REMOVE_NETWORK all")
329 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
330 eap
="MD5", identity
="user", password
="password",
332 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout
=10)
334 raise Exception("Timeout on EAP notification")
335 if ev
!= "<3>CTRL-EVENT-EAP-NOTIFICATION B":
336 raise Exception("Unexpected notification contents: " + ev
)
337 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
339 raise Exception("Timeout on EAP start")
340 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=15)
342 raise Exception("Timeout on EAP success")
343 dev
[0].request("REMOVE_NETWORK all")
345 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
346 eap
="MD5", identity
="user", password
="password",
348 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout
=10)
350 raise Exception("Timeout on EAP notification")
351 if ev
!= "<3>CTRL-EVENT-EAP-NOTIFICATION C":
352 raise Exception("Unexpected notification contents: " + ev
)
353 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
355 raise Exception("Timeout on EAP start")
356 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout
=10)
358 raise Exception("Timeout on EAP notification")
359 if ev
!= "<3>CTRL-EVENT-EAP-NOTIFICATION D":
360 raise Exception("Unexpected notification contents: " + ev
)
361 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=15)
363 raise Exception("Timeout on EAP success")
364 dev
[0].request("REMOVE_NETWORK all")
366 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
367 eap
="MD5", identity
="user", password
="password",
369 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout
=10)
371 raise Exception("Timeout on EAP notification")
372 if ev
!= "<3>CTRL-EVENT-EAP-NOTIFICATION E":
373 raise Exception("Unexpected notification contents: " + ev
)
374 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout
=10)
376 raise Exception("Timeout on EAP notification")
377 if ev
!= "<3>CTRL-EVENT-EAP-NOTIFICATION F":
378 raise Exception("Unexpected notification contents: " + ev
)
379 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=15)
381 raise Exception("Timeout on EAP failure")
382 dev
[0].request("REMOVE_NETWORK all")
384 stop_radius_server(srv
)
388 EAP_SAKE_SUBTYPE_CHALLENGE
= 1
389 EAP_SAKE_SUBTYPE_CONFIRM
= 2
390 EAP_SAKE_SUBTYPE_AUTH_REJECT
= 3
391 EAP_SAKE_SUBTYPE_IDENTITY
= 4
393 EAP_SAKE_AT_RAND_S
= 1
394 EAP_SAKE_AT_RAND_P
= 2
395 EAP_SAKE_AT_MIC_S
= 3
396 EAP_SAKE_AT_MIC_P
= 4
397 EAP_SAKE_AT_SERVERID
= 5
398 EAP_SAKE_AT_PEERID
= 6
399 EAP_SAKE_AT_SPI_S
= 7
400 EAP_SAKE_AT_SPI_P
= 8
401 EAP_SAKE_AT_ANY_ID_REQ
= 9
402 EAP_SAKE_AT_PERM_ID_REQ
= 10
403 EAP_SAKE_AT_ENCR_DATA
= 128
405 EAP_SAKE_AT_PADDING
= 130
406 EAP_SAKE_AT_NEXT_TMPID
= 131
407 EAP_SAKE_AT_MSK_LIFE
= 132
409 def test_eap_proto_sake(dev
, apdev
):
410 """EAP-SAKE protocol tests"""
411 global eap_proto_sake_test_done
412 eap_proto_sake_test_done
= False
414 def sake_challenge(ctx
):
415 logger
.info("Test: Challenge subtype")
416 return struct
.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST
, ctx
['id'],
419 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CHALLENGE
,
420 EAP_SAKE_AT_RAND_S
, 18, 0, 0, 0, 0)
422 def sake_handler(ctx
, req
):
423 logger
.info("sake_handler - RX " + req
.encode("hex"))
429 ctx
['id'] = (ctx
['id'] + 1) % 256
433 if ctx
['num'] == idx
:
434 logger
.info("Test: Missing payload")
435 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'], 4 + 1,
439 if ctx
['num'] == idx
:
440 logger
.info("Test: Identity subtype without any attributes")
441 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
444 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_IDENTITY
)
447 if ctx
['num'] == idx
:
448 logger
.info("Test: Identity subtype")
449 return struct
.pack(">BBHBBBBBBH", EAP_CODE_REQUEST
, ctx
['id'],
452 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_IDENTITY
,
453 EAP_SAKE_AT_ANY_ID_REQ
, 4, 0)
455 if ctx
['num'] == idx
:
456 logger
.info("Test: Identity subtype (different session id)")
457 return struct
.pack(">BBHBBBBBBH", EAP_CODE_REQUEST
, ctx
['id'],
460 EAP_SAKE_VERSION
, 1, EAP_SAKE_SUBTYPE_IDENTITY
,
461 EAP_SAKE_AT_PERM_ID_REQ
, 4, 0)
464 if ctx
['num'] == idx
:
465 logger
.info("Test: Identity subtype with too short attribute")
466 return struct
.pack(">BBHBBBBBB", EAP_CODE_REQUEST
, ctx
['id'],
469 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_IDENTITY
,
470 EAP_SAKE_AT_ANY_ID_REQ
, 2)
473 if ctx
['num'] == idx
:
474 logger
.info("Test: Identity subtype with truncated attribute")
475 return struct
.pack(">BBHBBBBBB", EAP_CODE_REQUEST
, ctx
['id'],
478 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_IDENTITY
,
479 EAP_SAKE_AT_ANY_ID_REQ
, 4)
482 if ctx
['num'] == idx
:
483 logger
.info("Test: Identity subtype with too short attribute header")
484 payload
= struct
.pack("B", EAP_SAKE_AT_ANY_ID_REQ
)
485 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
486 4 + 1 + 3 + len(payload
),
487 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
488 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
491 if ctx
['num'] == idx
:
492 logger
.info("Test: Identity subtype with AT_IV but not AT_ENCR_DATA")
493 payload
= struct
.pack("BB", EAP_SAKE_AT_IV
, 2)
494 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
495 4 + 1 + 3 + len(payload
),
496 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
497 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
500 if ctx
['num'] == idx
:
501 logger
.info("Test: Identity subtype with skippable and non-skippable unknown attribute")
502 payload
= struct
.pack("BBBB", 255, 2, 127, 2)
503 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
504 4 + 1 + 3 + len(payload
),
505 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
506 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
509 if ctx
['num'] == idx
:
510 logger
.info("Test: Identity subtype: AT_RAND_P with invalid payload length")
511 payload
= struct
.pack("BB", EAP_SAKE_AT_RAND_P
, 2)
512 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
513 4 + 1 + 3 + len(payload
),
514 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
515 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
518 if ctx
['num'] == idx
:
519 logger
.info("Test: Identity subtype: AT_MIC_P with invalid payload length")
520 payload
= struct
.pack("BB", EAP_SAKE_AT_MIC_P
, 2)
521 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
522 4 + 1 + 3 + len(payload
),
523 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
524 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
527 if ctx
['num'] == idx
:
528 logger
.info("Test: Identity subtype: AT_PERM_ID_REQ with invalid payload length")
529 payload
= struct
.pack("BBBBBBBBBBBBBB",
530 EAP_SAKE_AT_SPI_S
, 2,
531 EAP_SAKE_AT_SPI_P
, 2,
532 EAP_SAKE_AT_ENCR_DATA
, 2,
533 EAP_SAKE_AT_NEXT_TMPID
, 2,
534 EAP_SAKE_AT_PERM_ID_REQ
, 4, 0, 0,
535 EAP_SAKE_AT_PERM_ID_REQ
, 2)
536 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
537 4 + 1 + 3 + len(payload
),
538 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
539 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
542 if ctx
['num'] == idx
:
543 logger
.info("Test: Identity subtype: AT_PADDING")
544 payload
= struct
.pack("BBBBBB",
545 EAP_SAKE_AT_PADDING
, 3, 0,
546 EAP_SAKE_AT_PADDING
, 3, 1)
547 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
548 4 + 1 + 3 + len(payload
),
549 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
550 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
553 if ctx
['num'] == idx
:
554 logger
.info("Test: Identity subtype: AT_MSK_LIFE")
555 payload
= struct
.pack(">BBLBBH",
556 EAP_SAKE_AT_MSK_LIFE
, 6, 0,
557 EAP_SAKE_AT_MSK_LIFE
, 4, 0)
558 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
559 4 + 1 + 3 + len(payload
),
560 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
561 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
564 if ctx
['num'] == idx
:
565 logger
.info("Test: Identity subtype with invalid attribute length")
566 payload
= struct
.pack("BB", EAP_SAKE_AT_ANY_ID_REQ
, 0)
567 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
568 4 + 1 + 3 + len(payload
),
569 EAP_TYPE_SAKE
, EAP_SAKE_VERSION
, 0,
570 EAP_SAKE_SUBTYPE_IDENTITY
) + payload
573 if ctx
['num'] == idx
:
574 logger
.info("Test: Unknown subtype")
575 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
578 EAP_SAKE_VERSION
, 0, 123)
581 if ctx
['num'] == idx
:
582 logger
.info("Test: Challenge subtype without any attributes")
583 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
586 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CHALLENGE
)
589 if ctx
['num'] == idx
:
590 logger
.info("Test: Challenge subtype with too short AT_RAND_S")
591 return struct
.pack(">BBHBBBBBB", EAP_CODE_REQUEST
, ctx
['id'],
594 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CHALLENGE
,
595 EAP_SAKE_AT_RAND_S
, 2)
598 if ctx
['num'] == idx
:
599 return sake_challenge(ctx
)
601 if ctx
['num'] == idx
:
602 logger
.info("Test: Unexpected Identity subtype")
603 return struct
.pack(">BBHBBBBBBH", EAP_CODE_REQUEST
, ctx
['id'],
606 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_IDENTITY
,
607 EAP_SAKE_AT_ANY_ID_REQ
, 4, 0)
610 if ctx
['num'] == idx
:
611 return sake_challenge(ctx
)
613 if ctx
['num'] == idx
:
614 logger
.info("Test: Unexpected Challenge subtype")
615 return struct
.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST
, ctx
['id'],
618 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CHALLENGE
,
619 EAP_SAKE_AT_RAND_S
, 18, 0, 0, 0, 0)
622 if ctx
['num'] == idx
:
623 return sake_challenge(ctx
)
625 if ctx
['num'] == idx
:
626 logger
.info("Test: Confirm subtype without any attributes")
627 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
630 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CONFIRM
)
633 if ctx
['num'] == idx
:
634 return sake_challenge(ctx
)
636 if ctx
['num'] == idx
:
637 logger
.info("Test: Confirm subtype with too short AT_MIC_S")
638 return struct
.pack(">BBHBBBBBB", EAP_CODE_REQUEST
, ctx
['id'],
641 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CONFIRM
,
642 EAP_SAKE_AT_MIC_S
, 2)
645 if ctx
['num'] == idx
:
646 logger
.info("Test: Unexpected Confirm subtype")
647 return struct
.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST
, ctx
['id'],
650 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CONFIRM
,
651 EAP_SAKE_AT_MIC_S
, 18, 0, 0, 0, 0)
654 if ctx
['num'] == idx
:
655 return sake_challenge(ctx
)
657 if ctx
['num'] == idx
:
658 logger
.info("Test: Confirm subtype with incorrect AT_MIC_S")
659 return struct
.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST
, ctx
['id'],
662 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_CONFIRM
,
663 EAP_SAKE_AT_MIC_S
, 18, 0, 0, 0, 0)
665 global eap_proto_sake_test_done
666 if eap_proto_sake_test_done
:
667 return sake_challenge(ctx
)
669 logger
.info("No more test responses available - test case completed")
670 eap_proto_sake_test_done
= True
671 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
673 srv
= start_radius_server(sake_handler
)
676 hapd
= start_ap(apdev
[0]['ifname'])
678 while not eap_proto_sake_test_done
:
679 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
680 eap
="SAKE", identity
="sake user",
681 password_hex
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
683 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
685 raise Exception("Timeout on EAP start")
687 dev
[0].request("REMOVE_NETWORK all")
689 logger
.info("Too short password")
690 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
691 eap
="SAKE", identity
="sake user",
692 password_hex
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcd",
694 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
696 raise Exception("Timeout on EAP start")
699 stop_radius_server(srv
)
701 def test_eap_proto_sake_errors(dev
, apdev
):
702 """EAP-SAKE local error cases"""
703 check_eap_capa(dev
[0], "SAKE")
704 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
705 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
707 for i
in range(1, 3):
708 with
alloc_fail(dev
[0], i
, "eap_sake_init"):
709 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
710 eap
="SAKE", identity
="sake user",
711 password_hex
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
713 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
716 raise Exception("Timeout on EAP start")
717 dev
[0].request("REMOVE_NETWORK all")
718 dev
[0].wait_disconnected()
720 tests
= [ ( 1, "eap_msg_alloc;eap_sake_build_msg;eap_sake_process_challenge" ),
721 ( 1, "=eap_sake_process_challenge" ),
722 ( 1, "eap_sake_compute_mic;eap_sake_process_challenge" ),
723 ( 1, "eap_sake_build_msg;eap_sake_process_confirm" ),
724 ( 2, "eap_sake_compute_mic;eap_sake_process_confirm" ),
725 ( 1, "eap_sake_getKey" ),
726 ( 1, "eap_sake_get_emsk" ),
727 ( 1, "eap_sake_get_session_id" ) ]
728 for count
, func
in tests
:
729 with
alloc_fail(dev
[0], count
, func
):
730 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
731 eap
="SAKE", identity
="sake user",
732 password_hex
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
735 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
738 raise Exception("Timeout on EAP start")
739 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
740 dev
[0].request("REMOVE_NETWORK all")
741 dev
[0].wait_disconnected()
743 with
fail_test(dev
[0], 1, "os_get_random;eap_sake_process_challenge"):
744 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
745 eap
="SAKE", identity
="sake user",
746 password_hex
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
748 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
750 raise Exception("Timeout on EAP start")
751 wait_fail_trigger(dev
[0], "GET_FAIL")
752 dev
[0].request("REMOVE_NETWORK all")
753 dev
[0].wait_disconnected()
755 def test_eap_proto_sake_errors2(dev
, apdev
):
756 """EAP-SAKE protocol tests (2)"""
757 def sake_handler(ctx
, req
):
758 logger
.info("sake_handler - RX " + req
.encode("hex"))
764 ctx
['id'] = (ctx
['id'] + 1) % 256
768 if ctx
['num'] == idx
:
769 logger
.info("Test: Identity subtype")
770 return struct
.pack(">BBHBBBBBBH", EAP_CODE_REQUEST
, ctx
['id'],
773 EAP_SAKE_VERSION
, 0, EAP_SAKE_SUBTYPE_IDENTITY
,
774 EAP_SAKE_AT_ANY_ID_REQ
, 4, 0)
776 srv
= start_radius_server(sake_handler
)
779 hapd
= start_ap(apdev
[0]['ifname'])
781 with
alloc_fail(dev
[0], 1, "eap_msg_alloc;eap_sake_build_msg;eap_sake_process_identity"):
782 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
783 eap
="SAKE", identity
="sake user",
784 password_hex
="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
786 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
789 raise Exception("Timeout on EAP start")
790 dev
[0].request("REMOVE_NETWORK all")
791 dev
[0].wait_disconnected()
794 stop_radius_server(srv
)
796 def test_eap_proto_leap(dev
, apdev
):
797 """EAP-LEAP protocol tests"""
798 check_eap_capa(dev
[0], "LEAP")
799 def leap_handler(ctx
, req
):
800 logger
.info("leap_handler - RX " + req
.encode("hex"))
803 ctx
['num'] = ctx
['num'] + 1
806 ctx
['id'] = (ctx
['id'] + 1) % 256
809 logger
.info("Test: Missing payload")
810 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
815 logger
.info("Test: Unexpected version")
816 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
822 logger
.info("Test: Invalid challenge length")
823 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
829 logger
.info("Test: Truncated challenge")
830 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
836 logger
.info("Test: Valid challenge")
837 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
842 logger
.info("Test: Missing payload in Response")
843 return struct
.pack(">BBHB", EAP_CODE_RESPONSE
, ctx
['id'],
848 logger
.info("Test: Valid challenge")
849 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
854 logger
.info("Test: Unexpected version in Response")
855 return struct
.pack(">BBHBBBB", EAP_CODE_RESPONSE
, ctx
['id'],
861 logger
.info("Test: Valid challenge")
862 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
867 logger
.info("Test: Invalid challenge length in Response")
868 return struct
.pack(">BBHBBBB", EAP_CODE_RESPONSE
, ctx
['id'],
874 logger
.info("Test: Valid challenge")
875 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
880 logger
.info("Test: Truncated challenge in Response")
881 return struct
.pack(">BBHBBBB", EAP_CODE_RESPONSE
, ctx
['id'],
887 logger
.info("Test: Valid challenge")
888 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
893 logger
.info("Test: Invalid challange value in Response")
894 return struct
.pack(">BBHBBBB6L", EAP_CODE_RESPONSE
, ctx
['id'],
901 logger
.info("Test: Valid challenge")
902 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
907 logger
.info("Test: Valid challange value in Response")
908 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
912 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
913 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
914 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
917 logger
.info("Test: Valid challenge")
918 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
923 logger
.info("Test: Success")
924 return struct
.pack(">BBHB", EAP_CODE_SUCCESS
, ctx
['id'],
927 # hostapd will drop the next frame in the sequence
930 logger
.info("Test: Valid challenge")
931 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
936 logger
.info("Test: Failure")
937 return struct
.pack(">BBHB", EAP_CODE_FAILURE
, ctx
['id'],
943 srv
= start_radius_server(leap_handler
)
946 hapd
= start_ap(apdev
[0]['ifname'])
948 for i
in range(0, 12):
949 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
950 eap
="LEAP", identity
="user", password
="password",
952 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
954 raise Exception("Timeout on EAP start")
957 logger
.info("Wait for additional roundtrip")
959 dev
[0].request("REMOVE_NETWORK all")
961 stop_radius_server(srv
)
963 def test_eap_proto_leap_errors(dev
, apdev
):
964 """EAP-LEAP protocol tests (error paths)"""
965 check_eap_capa(dev
[0], "LEAP")
967 def leap_handler2(ctx
, req
):
968 logger
.info("leap_handler2 - RX " + req
.encode("hex"))
971 ctx
['num'] = ctx
['num'] + 1
974 ctx
['id'] = (ctx
['id'] + 1) % 256
978 if ctx
['num'] == idx
:
979 logger
.info("Test: Valid challenge")
980 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
985 if ctx
['num'] == idx
:
986 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
989 if ctx
['num'] == idx
:
990 logger
.info("Test: Valid challenge")
991 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
997 if ctx
['num'] == idx
:
998 logger
.info("Test: Valid challenge")
999 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1004 if ctx
['num'] == idx
:
1005 logger
.info("Test: Success")
1006 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'], 4)
1009 if ctx
['num'] == idx
:
1010 logger
.info("Test: Valid challenge")
1011 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1016 if ctx
['num'] == idx
:
1017 logger
.info("Test: Success")
1018 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'], 4)
1021 if ctx
['num'] == idx
:
1022 logger
.info("Test: Valid challenge")
1023 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1028 if ctx
['num'] == idx
:
1029 logger
.info("Test: Valid challange value in Response")
1030 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
1034 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
1035 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
1036 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
1039 if ctx
['num'] == idx
:
1040 logger
.info("Test: Valid challenge")
1041 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1046 if ctx
['num'] == idx
:
1047 logger
.info("Test: Valid challange value in Response")
1048 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
1052 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
1053 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
1054 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
1057 if ctx
['num'] == idx
:
1058 logger
.info("Test: Valid challenge")
1059 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1064 if ctx
['num'] == idx
:
1065 logger
.info("Test: Valid challange value in Response")
1066 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
1070 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
1071 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
1072 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
1075 if ctx
['num'] == idx
:
1076 logger
.info("Test: Valid challenge")
1077 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1082 if ctx
['num'] == idx
:
1083 logger
.info("Test: Valid challange value in Response")
1084 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
1088 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
1089 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
1090 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
1093 if ctx
['num'] == idx
:
1094 logger
.info("Test: Valid challenge")
1095 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1100 if ctx
['num'] == idx
:
1101 logger
.info("Test: Valid challange value in Response")
1102 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
1106 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
1107 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
1108 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
1111 if ctx
['num'] == idx
:
1112 logger
.info("Test: Valid challenge")
1113 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1118 if ctx
['num'] == idx
:
1119 logger
.info("Test: Valid challange value in Response")
1120 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
1124 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
1125 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
1126 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
1129 if ctx
['num'] == idx
:
1130 logger
.info("Test: Valid challenge")
1131 return struct
.pack(">BBHBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
1136 if ctx
['num'] == idx
:
1137 logger
.info("Test: Valid challange value in Response")
1138 return struct
.pack(">BBHBBBB24B", EAP_CODE_RESPONSE
, ctx
['id'],
1142 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
1143 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
1144 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
1146 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
1148 srv
= start_radius_server(leap_handler2
)
1151 hapd
= start_ap(apdev
[0]['ifname'])
1153 with
alloc_fail(dev
[0], 1, "eap_leap_init"):
1154 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1155 eap
="LEAP", identity
="user", password
="password",
1157 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
1158 dev
[0].request("REMOVE_NETWORK all")
1159 dev
[0].wait_disconnected()
1161 with
alloc_fail(dev
[0], 1, "eap_msg_alloc;eap_leap_process_request"):
1162 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1163 eap
="LEAP", identity
="user",
1164 password_hex
="hash:8846f7eaee8fb117ad06bdd830b7586c",
1166 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
1167 dev
[0].request("REMOVE_NETWORK all")
1168 dev
[0].wait_disconnected()
1170 with
alloc_fail(dev
[0], 1, "eap_leap_process_success"):
1171 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1172 eap
="LEAP", identity
="user", password
="password",
1174 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
1175 dev
[0].request("REMOVE_NETWORK all")
1176 dev
[0].wait_disconnected()
1178 with
fail_test(dev
[0], 1, "os_get_random;eap_leap_process_success"):
1179 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1180 eap
="LEAP", identity
="user", password
="password",
1182 wait_fail_trigger(dev
[0], "GET_FAIL")
1183 dev
[0].request("REMOVE_NETWORK all")
1184 dev
[0].wait_disconnected()
1186 with
fail_test(dev
[0], 1, "eap_leap_process_response"):
1187 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1188 eap
="LEAP", identity
="user",
1189 password_hex
="hash:8846f7eaee8fb117ad06bdd830b7586c",
1191 wait_fail_trigger(dev
[0], "GET_FAIL")
1192 dev
[0].request("REMOVE_NETWORK all")
1193 dev
[0].wait_disconnected()
1195 with
fail_test(dev
[0], 1, "nt_password_hash;eap_leap_process_response"):
1196 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1197 eap
="LEAP", identity
="user", password
="password",
1199 wait_fail_trigger(dev
[0], "GET_FAIL")
1200 dev
[0].request("REMOVE_NETWORK all")
1201 dev
[0].wait_disconnected()
1203 with
fail_test(dev
[0], 1, "hash_nt_password_hash;eap_leap_process_response"):
1204 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1205 eap
="LEAP", identity
="user", password
="password",
1207 wait_fail_trigger(dev
[0], "GET_FAIL")
1208 dev
[0].request("REMOVE_NETWORK all")
1209 dev
[0].wait_disconnected()
1211 with
alloc_fail(dev
[0], 1, "eap_leap_getKey"):
1212 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1213 eap
="LEAP", identity
="user",
1214 password_hex
="hash:8846f7eaee8fb117ad06bdd830b7586c",
1216 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
1217 dev
[0].request("REMOVE_NETWORK all")
1218 dev
[0].wait_disconnected()
1220 with
fail_test(dev
[0], 1, "eap_leap_getKey"):
1221 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1222 eap
="LEAP", identity
="user",
1223 password_hex
="hash:8846f7eaee8fb117ad06bdd830b7586c",
1225 wait_fail_trigger(dev
[0], "GET_FAIL")
1226 dev
[0].request("REMOVE_NETWORK all")
1227 dev
[0].wait_disconnected()
1229 with
fail_test(dev
[0], 1, "nt_password_hash;eap_leap_getKey"):
1230 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1231 eap
="LEAP", identity
="user", password
="password",
1233 wait_fail_trigger(dev
[0], "GET_FAIL")
1234 dev
[0].request("REMOVE_NETWORK all")
1235 dev
[0].wait_disconnected()
1237 with
fail_test(dev
[0], 1, "hash_nt_password_hash;eap_leap_getKey"):
1238 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1239 eap
="LEAP", identity
="user", password
="password",
1241 wait_fail_trigger(dev
[0], "GET_FAIL")
1242 dev
[0].request("REMOVE_NETWORK all")
1243 dev
[0].wait_disconnected()
1245 stop_radius_server(srv
)
1247 def test_eap_proto_md5(dev
, apdev
):
1248 """EAP-MD5 protocol tests"""
1249 check_eap_capa(dev
[0], "MD5")
1251 def md5_handler(ctx
, req
):
1252 logger
.info("md5_handler - RX " + req
.encode("hex"))
1253 if 'num' not in ctx
:
1255 ctx
['num'] = ctx
['num'] + 1
1258 ctx
['id'] = (ctx
['id'] + 1) % 256
1261 logger
.info("Test: Missing payload")
1262 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
1267 logger
.info("Test: Zero-length challenge")
1268 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1274 logger
.info("Test: Truncated challenge")
1275 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1281 logger
.info("Test: Shortest possible challenge and name")
1282 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
1289 srv
= start_radius_server(md5_handler
)
1292 hapd
= start_ap(apdev
[0]['ifname'])
1294 for i
in range(0, 4):
1295 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1296 eap
="MD5", identity
="user", password
="password",
1298 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
1300 raise Exception("Timeout on EAP start")
1302 dev
[0].request("REMOVE_NETWORK all")
1304 stop_radius_server(srv
)
1306 def test_eap_proto_md5_errors(dev
, apdev
):
1307 """EAP-MD5 local error cases"""
1308 check_eap_capa(dev
[0], "MD5")
1309 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
1310 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
1312 with
fail_test(dev
[0], 1, "chap_md5"):
1313 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1314 eap
="MD5", identity
="phase1-user", password
="password",
1316 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout
=15)
1318 raise Exception("Timeout on EAP start")
1319 dev
[0].request("REMOVE_NETWORK all")
1320 dev
[0].wait_disconnected()
1322 with
alloc_fail(dev
[0], 1, "eap_msg_alloc;eap_md5_process"):
1323 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1324 eap
="MD5", identity
="phase1-user", password
="password",
1326 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout
=15)
1328 raise Exception("Timeout on EAP start")
1330 dev
[0].request("REMOVE_NETWORK all")
1332 def test_eap_proto_otp(dev
, apdev
):
1333 """EAP-OTP protocol tests"""
1334 def otp_handler(ctx
, req
):
1335 logger
.info("otp_handler - RX " + req
.encode("hex"))
1336 if 'num' not in ctx
:
1338 ctx
['num'] = ctx
['num'] + 1
1341 ctx
['id'] = (ctx
['id'] + 1) % 256
1344 logger
.info("Test: Empty payload")
1345 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
1349 logger
.info("Test: Success")
1350 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'],
1354 logger
.info("Test: Challenge included")
1355 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1360 logger
.info("Test: Success")
1361 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'],
1366 srv
= start_radius_server(otp_handler
)
1369 hapd
= start_ap(apdev
[0]['ifname'])
1371 for i
in range(0, 1):
1372 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1373 eap
="OTP", identity
="user", password
="password",
1375 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
1378 raise Exception("Timeout on EAP start")
1380 dev
[0].request("REMOVE_NETWORK all")
1382 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1383 eap
="OTP", identity
="user", wait_connect
=False)
1384 ev
= dev
[0].wait_event(["CTRL-REQ-OTP"])
1386 raise Exception("Request for password timed out")
1387 id = ev
.split(':')[0].split('-')[-1]
1388 dev
[0].request("CTRL-RSP-OTP-" + id + ":password")
1389 ev
= dev
[0].wait_event("CTRL-EVENT-EAP-SUCCESS")
1391 raise Exception("Success not reported")
1393 stop_radius_server(srv
)
1395 EAP_GPSK_OPCODE_GPSK_1
= 1
1396 EAP_GPSK_OPCODE_GPSK_2
= 2
1397 EAP_GPSK_OPCODE_GPSK_3
= 3
1398 EAP_GPSK_OPCODE_GPSK_4
= 4
1399 EAP_GPSK_OPCODE_FAIL
= 5
1400 EAP_GPSK_OPCODE_PROTECTED_FAIL
= 6
1402 def test_eap_proto_gpsk(dev
, apdev
):
1403 """EAP-GPSK protocol tests"""
1404 def gpsk_handler(ctx
, req
):
1405 logger
.info("gpsk_handler - RX " + req
.encode("hex"))
1406 if 'num' not in ctx
:
1408 ctx
['num'] = ctx
['num'] + 1
1411 ctx
['id'] = (ctx
['id'] + 1) % 256
1416 if ctx
['num'] == idx
:
1417 logger
.info("Test: Missing payload")
1418 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
1423 if ctx
['num'] == idx
:
1424 logger
.info("Test: Unknown opcode")
1425 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1431 if ctx
['num'] == idx
:
1432 logger
.info("Test: Unexpected GPSK-3")
1433 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1436 EAP_GPSK_OPCODE_GPSK_3
)
1439 if ctx
['num'] == idx
:
1440 logger
.info("Test: GPSK-1 Too short GPSK-1")
1441 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1444 EAP_GPSK_OPCODE_GPSK_1
)
1447 if ctx
['num'] == idx
:
1448 logger
.info("Test: GPSK-1 Truncated ID_Server")
1449 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
1452 EAP_GPSK_OPCODE_GPSK_1
, 1)
1455 if ctx
['num'] == idx
:
1456 logger
.info("Test: GPSK-1 Missing RAND_Server")
1457 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
1460 EAP_GPSK_OPCODE_GPSK_1
, 0)
1463 if ctx
['num'] == idx
:
1464 logger
.info("Test: GPSK-1 Missing CSuite_List")
1465 return struct
.pack(">BBHBBH8L", EAP_CODE_REQUEST
, ctx
['id'],
1468 EAP_GPSK_OPCODE_GPSK_1
, 0,
1469 0, 0, 0, 0, 0, 0, 0, 0)
1472 if ctx
['num'] == idx
:
1473 logger
.info("Test: GPSK-1 Truncated CSuite_List")
1474 return struct
.pack(">BBHBBH8LH", EAP_CODE_REQUEST
, ctx
['id'],
1475 4 + 1 + 1 + 2 + 32 + 2,
1477 EAP_GPSK_OPCODE_GPSK_1
, 0,
1478 0, 0, 0, 0, 0, 0, 0, 0,
1482 if ctx
['num'] == idx
:
1483 logger
.info("Test: GPSK-1 Empty CSuite_List")
1484 return struct
.pack(">BBHBBH8LH", EAP_CODE_REQUEST
, ctx
['id'],
1485 4 + 1 + 1 + 2 + 32 + 2,
1487 EAP_GPSK_OPCODE_GPSK_1
, 0,
1488 0, 0, 0, 0, 0, 0, 0, 0,
1492 if ctx
['num'] == idx
:
1493 logger
.info("Test: GPSK-1 Invalid CSuite_List")
1494 return struct
.pack(">BBHBBH8LHB", EAP_CODE_REQUEST
, ctx
['id'],
1495 4 + 1 + 1 + 2 + 32 + 2 + 1,
1497 EAP_GPSK_OPCODE_GPSK_1
, 0,
1498 0, 0, 0, 0, 0, 0, 0, 0,
1502 if ctx
['num'] == idx
:
1503 logger
.info("Test: GPSK-1 No supported CSuite")
1504 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1505 4 + 1 + 1 + 2 + 32 + 2 + 6,
1507 EAP_GPSK_OPCODE_GPSK_1
, 0,
1508 0, 0, 0, 0, 0, 0, 0, 0,
1512 if ctx
['num'] == idx
:
1513 logger
.info("Test: GPSK-1 Supported CSuite")
1514 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1515 4 + 1 + 1 + 2 + 32 + 2 + 6,
1517 EAP_GPSK_OPCODE_GPSK_1
, 0,
1518 0, 0, 0, 0, 0, 0, 0, 0,
1521 if ctx
['num'] == idx
:
1522 logger
.info("Test: Unexpected GPSK-1")
1523 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1524 4 + 1 + 1 + 2 + 32 + 2 + 6,
1526 EAP_GPSK_OPCODE_GPSK_1
, 0,
1527 0, 0, 0, 0, 0, 0, 0, 0,
1531 if ctx
['num'] == idx
:
1532 logger
.info("Test: GPSK-1 Supported CSuite but too short key")
1533 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1534 4 + 1 + 1 + 2 + 32 + 2 + 6,
1536 EAP_GPSK_OPCODE_GPSK_1
, 0,
1537 0, 0, 0, 0, 0, 0, 0, 0,
1541 if ctx
['num'] == idx
:
1542 logger
.info("Test: GPSK-1 Supported CSuite")
1543 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1544 4 + 1 + 1 + 2 + 32 + 2 + 6,
1546 EAP_GPSK_OPCODE_GPSK_1
, 0,
1547 0, 0, 0, 0, 0, 0, 0, 0,
1550 if ctx
['num'] == idx
:
1551 logger
.info("Test: Too short GPSK-3")
1552 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1555 EAP_GPSK_OPCODE_GPSK_3
)
1558 if ctx
['num'] == idx
:
1559 logger
.info("Test: GPSK-1 Supported CSuite")
1560 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1561 4 + 1 + 1 + 2 + 32 + 2 + 6,
1563 EAP_GPSK_OPCODE_GPSK_1
, 0,
1564 0, 0, 0, 0, 0, 0, 0, 0,
1567 if ctx
['num'] == idx
:
1568 logger
.info("Test: GPSK-3 Mismatch in RAND_Peer")
1569 return struct
.pack(">BBHBB8L", EAP_CODE_REQUEST
, ctx
['id'],
1572 EAP_GPSK_OPCODE_GPSK_3
,
1573 0, 0, 0, 0, 0, 0, 0, 0)
1576 if ctx
['num'] == idx
:
1577 logger
.info("Test: GPSK-1 Supported CSuite")
1578 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1579 4 + 1 + 1 + 2 + 32 + 2 + 6,
1581 EAP_GPSK_OPCODE_GPSK_1
, 0,
1582 0, 0, 0, 0, 0, 0, 0, 0,
1585 if ctx
['num'] == idx
:
1586 logger
.info("Test: GPSK-3 Missing RAND_Server")
1587 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1590 EAP_GPSK_OPCODE_GPSK_3
)
1595 if ctx
['num'] == idx
:
1596 logger
.info("Test: GPSK-1 Supported CSuite")
1597 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1598 4 + 1 + 1 + 2 + 32 + 2 + 6,
1600 EAP_GPSK_OPCODE_GPSK_1
, 0,
1601 0, 0, 0, 0, 0, 0, 0, 0,
1604 if ctx
['num'] == idx
:
1605 logger
.info("Test: GPSK-3 Mismatch in RAND_Server")
1606 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1607 4 + 1 + 1 + 32 + 32,
1609 EAP_GPSK_OPCODE_GPSK_3
)
1611 msg
+= struct
.pack(">8L", 1, 1, 1, 1, 1, 1, 1, 1)
1615 if ctx
['num'] == idx
:
1616 logger
.info("Test: GPSK-1 Supported CSuite")
1617 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1618 4 + 1 + 1 + 2 + 32 + 2 + 6,
1620 EAP_GPSK_OPCODE_GPSK_1
, 0,
1621 0, 0, 0, 0, 0, 0, 0, 0,
1624 if ctx
['num'] == idx
:
1625 logger
.info("Test: GPSK-3 Missing ID_Server")
1626 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1627 4 + 1 + 1 + 32 + 32,
1629 EAP_GPSK_OPCODE_GPSK_3
)
1631 msg
+= struct
.pack(">8L", 0, 0, 0, 0, 0, 0, 0, 0)
1635 if ctx
['num'] == idx
:
1636 logger
.info("Test: GPSK-1 Supported CSuite")
1637 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1638 4 + 1 + 1 + 2 + 32 + 2 + 6,
1640 EAP_GPSK_OPCODE_GPSK_1
, 0,
1641 0, 0, 0, 0, 0, 0, 0, 0,
1644 if ctx
['num'] == idx
:
1645 logger
.info("Test: GPSK-3 Truncated ID_Server")
1646 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1647 4 + 1 + 1 + 32 + 32 + 2,
1649 EAP_GPSK_OPCODE_GPSK_3
)
1651 msg
+= struct
.pack(">8LH", 0, 0, 0, 0, 0, 0, 0, 0, 1)
1655 if ctx
['num'] == idx
:
1656 logger
.info("Test: GPSK-1 Supported CSuite")
1657 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1658 4 + 1 + 1 + 2 + 32 + 2 + 6,
1660 EAP_GPSK_OPCODE_GPSK_1
, 0,
1661 0, 0, 0, 0, 0, 0, 0, 0,
1664 if ctx
['num'] == idx
:
1665 logger
.info("Test: GPSK-3 Mismatch in ID_Server")
1666 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1667 4 + 1 + 1 + 32 + 32 + 3,
1669 EAP_GPSK_OPCODE_GPSK_3
)
1671 msg
+= struct
.pack(">8LHB", 0, 0, 0, 0, 0, 0, 0, 0, 1, ord('B'))
1675 if ctx
['num'] == idx
:
1676 logger
.info("Test: GPSK-1 Supported CSuite")
1677 return struct
.pack(">BBHBBHB8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1678 4 + 1 + 1 + 3 + 32 + 2 + 6,
1680 EAP_GPSK_OPCODE_GPSK_1
, 1, ord('A'),
1681 0, 0, 0, 0, 0, 0, 0, 0,
1684 if ctx
['num'] == idx
:
1685 logger
.info("Test: GPSK-3 Mismatch in ID_Server (same length)")
1686 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1687 4 + 1 + 1 + 32 + 32 + 3,
1689 EAP_GPSK_OPCODE_GPSK_3
)
1691 msg
+= struct
.pack(">8LHB", 0, 0, 0, 0, 0, 0, 0, 0, 1, ord('B'))
1695 if ctx
['num'] == idx
:
1696 logger
.info("Test: GPSK-1 Supported CSuite")
1697 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1698 4 + 1 + 1 + 2 + 32 + 2 + 6,
1700 EAP_GPSK_OPCODE_GPSK_1
, 0,
1701 0, 0, 0, 0, 0, 0, 0, 0,
1704 if ctx
['num'] == idx
:
1705 logger
.info("Test: GPSK-3 Missing CSuite_Sel")
1706 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1707 4 + 1 + 1 + 32 + 32 + 2,
1709 EAP_GPSK_OPCODE_GPSK_3
)
1711 msg
+= struct
.pack(">8LH", 0, 0, 0, 0, 0, 0, 0, 0, 0)
1715 if ctx
['num'] == idx
:
1716 logger
.info("Test: GPSK-1 Supported CSuite")
1717 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1718 4 + 1 + 1 + 2 + 32 + 2 + 6,
1720 EAP_GPSK_OPCODE_GPSK_1
, 0,
1721 0, 0, 0, 0, 0, 0, 0, 0,
1724 if ctx
['num'] == idx
:
1725 logger
.info("Test: GPSK-3 Mismatch in CSuite_Sel")
1726 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1727 4 + 1 + 1 + 32 + 32 + 2 + 6,
1729 EAP_GPSK_OPCODE_GPSK_3
)
1731 msg
+= struct
.pack(">8LHLH", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2)
1735 if ctx
['num'] == idx
:
1736 logger
.info("Test: GPSK-1 Supported CSuite")
1737 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1738 4 + 1 + 1 + 2 + 32 + 2 + 6,
1740 EAP_GPSK_OPCODE_GPSK_1
, 0,
1741 0, 0, 0, 0, 0, 0, 0, 0,
1744 if ctx
['num'] == idx
:
1745 logger
.info("Test: GPSK-3 Missing len(PD_Payload_Block)")
1746 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1747 4 + 1 + 1 + 32 + 32 + 2 + 6,
1749 EAP_GPSK_OPCODE_GPSK_3
)
1751 msg
+= struct
.pack(">8LHLH", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1)
1755 if ctx
['num'] == idx
:
1756 logger
.info("Test: GPSK-1 Supported CSuite")
1757 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1758 4 + 1 + 1 + 2 + 32 + 2 + 6,
1760 EAP_GPSK_OPCODE_GPSK_1
, 0,
1761 0, 0, 0, 0, 0, 0, 0, 0,
1764 if ctx
['num'] == idx
:
1765 logger
.info("Test: GPSK-3 Truncated PD_Payload_Block")
1766 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1767 4 + 1 + 1 + 32 + 32 + 2 + 6 + 2,
1769 EAP_GPSK_OPCODE_GPSK_3
)
1771 msg
+= struct
.pack(">8LHLHH", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1)
1775 if ctx
['num'] == idx
:
1776 logger
.info("Test: GPSK-1 Supported CSuite")
1777 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1778 4 + 1 + 1 + 2 + 32 + 2 + 6,
1780 EAP_GPSK_OPCODE_GPSK_1
, 0,
1781 0, 0, 0, 0, 0, 0, 0, 0,
1784 if ctx
['num'] == idx
:
1785 logger
.info("Test: GPSK-3 Missing MAC")
1786 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1787 4 + 1 + 1 + 32 + 32 + 2 + 6 + 3,
1789 EAP_GPSK_OPCODE_GPSK_3
)
1791 msg
+= struct
.pack(">8LHLHHB",
1792 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 123)
1796 if ctx
['num'] == idx
:
1797 logger
.info("Test: GPSK-1 Supported CSuite")
1798 return struct
.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST
, ctx
['id'],
1799 4 + 1 + 1 + 2 + 32 + 2 + 6,
1801 EAP_GPSK_OPCODE_GPSK_1
, 0,
1802 0, 0, 0, 0, 0, 0, 0, 0,
1805 if ctx
['num'] == idx
:
1806 logger
.info("Test: GPSK-3 Incorrect MAC")
1807 msg
= struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1808 4 + 1 + 1 + 32 + 32 + 2 + 6 + 3 + 16,
1810 EAP_GPSK_OPCODE_GPSK_3
)
1812 msg
+= struct
.pack(">8LHLHHB4L",
1813 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 123,
1819 srv
= start_radius_server(gpsk_handler
)
1822 hapd
= start_ap(apdev
[0]['ifname'])
1824 for i
in range(0, 27):
1828 pw
= "abcdefghijklmnop0123456789abcdef"
1829 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
1830 eap
="GPSK", identity
="user", password
=pw
,
1832 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
1835 raise Exception("Timeout on EAP start")
1837 dev
[0].request("REMOVE_NETWORK all")
1839 stop_radius_server(srv
)
1846 def test_eap_proto_eke(dev
, apdev
):
1847 """EAP-EKE protocol tests"""
1848 def eke_handler(ctx
, req
):
1849 logger
.info("eke_handler - RX " + req
.encode("hex"))
1850 if 'num' not in ctx
:
1852 ctx
['num'] = ctx
['num'] + 1
1855 ctx
['id'] = (ctx
['id'] + 1) % 256
1860 if ctx
['num'] == idx
:
1861 logger
.info("Test: Missing payload")
1862 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
1867 if ctx
['num'] == idx
:
1868 logger
.info("Test: Unknown exchange")
1869 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1875 if ctx
['num'] == idx
:
1876 logger
.info("Test: No NumProposals in EAP-EKE-ID/Request")
1877 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
1882 if ctx
['num'] == idx
:
1883 logger
.info("Test: EAP-Failure")
1884 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
1887 if ctx
['num'] == idx
:
1888 logger
.info("Test: NumProposals=0 in EAP-EKE-ID/Request")
1889 return struct
.pack(">BBHBBB", EAP_CODE_REQUEST
, ctx
['id'],
1895 if ctx
['num'] == idx
:
1896 logger
.info("Test: EAP-Failure")
1897 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
1900 if ctx
['num'] == idx
:
1901 logger
.info("Test: Truncated Proposals list in EAP-EKE-ID/Request")
1902 return struct
.pack(">BBHBBBB4B", EAP_CODE_REQUEST
, ctx
['id'],
1908 if ctx
['num'] == idx
:
1909 logger
.info("Test: EAP-Failure")
1910 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
1913 if ctx
['num'] == idx
:
1914 logger
.info("Test: Unsupported proposals in EAP-EKE-ID/Request")
1915 return struct
.pack(">BBHBBBB4B4B4B4B", EAP_CODE_REQUEST
, ctx
['id'],
1916 4 + 1 + 1 + 2 + 4 * 4,
1925 if ctx
['num'] == idx
:
1926 logger
.info("Test: EAP-Failure")
1927 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
1930 if ctx
['num'] == idx
:
1931 logger
.info("Test: Missing IDType/Identity in EAP-EKE-ID/Request")
1932 return struct
.pack(">BBHBBBB4B4B4B4B4B",
1933 EAP_CODE_REQUEST
, ctx
['id'],
1934 4 + 1 + 1 + 2 + 5 * 4,
1944 if ctx
['num'] == idx
:
1945 logger
.info("Test: EAP-Failure")
1946 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
1949 if ctx
['num'] == idx
:
1950 logger
.info("Test: Valid EAP-EKE-ID/Request")
1951 return struct
.pack(">BBHBBBB4BB",
1952 EAP_CODE_REQUEST
, ctx
['id'],
1953 4 + 1 + 1 + 2 + 4 + 1,
1960 if ctx
['num'] == idx
:
1961 logger
.info("Test: Unexpected EAP-EKE-ID/Request")
1962 return struct
.pack(">BBHBBBB4BB",
1963 EAP_CODE_REQUEST
, ctx
['id'],
1964 4 + 1 + 1 + 2 + 4 + 1,
1971 if ctx
['num'] == idx
:
1972 logger
.info("Test: EAP-Failure")
1973 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
1976 if ctx
['num'] == idx
:
1977 logger
.info("Test: Valid EAP-EKE-ID/Request")
1978 return struct
.pack(">BBHBBBB4BB",
1979 EAP_CODE_REQUEST
, ctx
['id'],
1980 4 + 1 + 1 + 2 + 4 + 1,
1987 if ctx
['num'] == idx
:
1988 logger
.info("Test: Unexpected EAP-EKE-Confirm/Request")
1989 return struct
.pack(">BBHBB",
1990 EAP_CODE_REQUEST
, ctx
['id'],
1995 if ctx
['num'] == idx
:
1996 logger
.info("Test: EAP-Failure")
1997 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2000 if ctx
['num'] == idx
:
2001 logger
.info("Test: Too short EAP-EKE-Failure/Request")
2002 return struct
.pack(">BBHBB",
2003 EAP_CODE_REQUEST
, ctx
['id'],
2008 if ctx
['num'] == idx
:
2009 logger
.info("Test: EAP-Failure")
2010 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2013 if ctx
['num'] == idx
:
2014 logger
.info("Test: Unexpected EAP-EKE-Commit/Request")
2015 return struct
.pack(">BBHBB",
2016 EAP_CODE_REQUEST
, ctx
['id'],
2021 if ctx
['num'] == idx
:
2022 logger
.info("Test: EAP-Failure")
2023 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2026 if ctx
['num'] == idx
:
2027 logger
.info("Test: Valid EAP-EKE-ID/Request")
2028 return struct
.pack(">BBHBBBB4BB",
2029 EAP_CODE_REQUEST
, ctx
['id'],
2030 4 + 1 + 1 + 2 + 4 + 1,
2037 if ctx
['num'] == idx
:
2038 logger
.info("Test: Too short EAP-EKE-Commit/Request")
2039 return struct
.pack(">BBHBB",
2040 EAP_CODE_REQUEST
, ctx
['id'],
2045 if ctx
['num'] == idx
:
2046 logger
.info("Test: EAP-Failure")
2047 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2050 if ctx
['num'] == idx
:
2051 logger
.info("Test: Valid EAP-EKE-ID/Request")
2052 return struct
.pack(">BBHBBBB4BB",
2053 EAP_CODE_REQUEST
, ctx
['id'],
2054 4 + 1 + 1 + 2 + 4 + 1,
2061 if ctx
['num'] == idx
:
2062 logger
.info("Test: All zeroes DHComponent_S and empty CBvalue in EAP-EKE-Commit/Request")
2063 return struct
.pack(">BBHBB4L32L",
2064 EAP_CODE_REQUEST
, ctx
['id'],
2065 4 + 1 + 1 + 16 + 128,
2069 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2070 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)
2072 if ctx
['num'] == idx
:
2073 logger
.info("Test: Too short EAP-EKE-Confirm/Request")
2074 return struct
.pack(">BBHBB",
2075 EAP_CODE_REQUEST
, ctx
['id'],
2080 if ctx
['num'] == idx
:
2081 logger
.info("Test: EAP-Failure")
2082 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2085 if ctx
['num'] == idx
:
2086 logger
.info("Test: Valid EAP-EKE-ID/Request")
2087 return struct
.pack(">BBHBBBB4BB",
2088 EAP_CODE_REQUEST
, ctx
['id'],
2089 4 + 1 + 1 + 2 + 4 + 1,
2096 if ctx
['num'] == idx
:
2097 logger
.info("Test: All zeroes DHComponent_S and empty CBvalue in EAP-EKE-Commit/Request")
2098 return struct
.pack(">BBHBB4L32L",
2099 EAP_CODE_REQUEST
, ctx
['id'],
2100 4 + 1 + 1 + 16 + 128,
2104 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
2105 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)
2107 if ctx
['num'] == idx
:
2108 logger
.info("Test: Invalid PNonce_PS and Auth_S values in EAP-EKE-Confirm/Request")
2109 return struct
.pack(">BBHBB4L8L5L5L",
2110 EAP_CODE_REQUEST
, ctx
['id'],
2111 4 + 1 + 1 + 16 + 2 * 16 + 20 + 20,
2115 0, 0, 0, 0, 0, 0, 0, 0,
2119 if ctx
['num'] == idx
:
2120 logger
.info("Test: EAP-Failure")
2121 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2125 srv
= start_radius_server(eke_handler
)
2128 hapd
= start_ap(apdev
[0]['ifname'])
2130 for i
in range(0, 14):
2131 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2132 eap
="EKE", identity
="user", password
="password",
2134 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
2137 raise Exception("Timeout on EAP start")
2138 if i
in [ 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 ]:
2139 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
2142 raise Exception("Timeout on EAP failure")
2145 dev
[0].request("REMOVE_NETWORK all")
2146 dev
[0].dump_monitor()
2148 stop_radius_server(srv
)
2150 def eap_eke_test_fail(dev
, phase1
=None, success
=False):
2151 dev
.connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2152 eap
="EKE", identity
="eke user", password
="hello",
2153 phase1
=phase1
, erp
="1", wait_connect
=False)
2154 ev
= dev
.wait_event([ "CTRL-EVENT-EAP-FAILURE",
2155 "CTRL-EVENT-EAP-SUCCESS" ], timeout
=5)
2157 raise Exception("Timeout on EAP failure")
2158 if not success
and "CTRL-EVENT-EAP-FAILURE" not in ev
:
2159 raise Exception("EAP did not fail during failure test")
2160 dev
.request("REMOVE_NETWORK all")
2161 dev
.wait_disconnected()
2163 def test_eap_proto_eke_errors(dev
, apdev
):
2164 """EAP-EKE local error cases"""
2165 check_eap_capa(dev
[0], "EKE")
2166 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
2167 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
2169 for i
in range(1, 3):
2170 with
alloc_fail(dev
[0], i
, "eap_eke_init"):
2171 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2172 eap
="EKE", identity
="eke user", password
="hello",
2174 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
2177 raise Exception("Timeout on EAP start")
2178 dev
[0].request("REMOVE_NETWORK all")
2179 dev
[0].wait_disconnected()
2181 tests
= [ (1, "eap_eke_dh_init", None),
2182 (1, "eap_eke_prf_hmac_sha1", "dhgroup=3 encr=1 prf=1 mac=1"),
2183 (1, "eap_eke_prf_hmac_sha256", "dhgroup=5 encr=1 prf=2 mac=2"),
2184 (1, "eap_eke_prf", None),
2185 (1, "os_get_random;eap_eke_dhcomp", None),
2186 (1, "aes_128_cbc_encrypt;eap_eke_dhcomp", None),
2187 (1, "aes_128_cbc_decrypt;eap_eke_shared_secret", None),
2188 (1, "eap_eke_prf;eap_eke_shared_secret", None),
2189 (1, "eap_eke_prfplus;eap_eke_derive_ke_ki", None),
2190 (1, "eap_eke_prfplus;eap_eke_derive_ka", None),
2191 (1, "eap_eke_prfplus;eap_eke_derive_msk", None),
2192 (1, "os_get_random;eap_eke_prot", None),
2193 (1, "aes_128_cbc_decrypt;eap_eke_decrypt_prot", None),
2194 (1, "eap_eke_derive_key;eap_eke_process_commit", None),
2195 (1, "eap_eke_dh_init;eap_eke_process_commit", None),
2196 (1, "eap_eke_shared_secret;eap_eke_process_commit", None),
2197 (1, "eap_eke_derive_ke_ki;eap_eke_process_commit", None),
2198 (1, "eap_eke_dhcomp;eap_eke_process_commit", None),
2199 (1, "os_get_random;eap_eke_process_commit", None),
2200 (1, "os_get_random;=eap_eke_process_commit", None),
2201 (1, "eap_eke_prot;eap_eke_process_commit", None),
2202 (1, "eap_eke_decrypt_prot;eap_eke_process_confirm", None),
2203 (1, "eap_eke_derive_ka;eap_eke_process_confirm", None),
2204 (1, "eap_eke_auth;eap_eke_process_confirm", None),
2205 (2, "eap_eke_auth;eap_eke_process_confirm", None),
2206 (1, "eap_eke_prot;eap_eke_process_confirm", None),
2207 (1, "eap_eke_derive_msk;eap_eke_process_confirm", None) ]
2208 for count
, func
, phase1
in tests
:
2209 with
fail_test(dev
[0], count
, func
):
2210 eap_eke_test_fail(dev
[0], phase1
)
2212 tests
= [ (1, "=eap_eke_derive_ke_ki", None),
2213 (1, "=eap_eke_derive_ka", None),
2214 (1, "=eap_eke_derive_msk", None),
2215 (1, "eap_eke_build_msg;eap_eke_process_id", None),
2216 (1, "wpabuf_alloc;eap_eke_process_id", None),
2217 (1, "=eap_eke_process_id", None),
2218 (1, "wpabuf_alloc;eap_eke_process_id", None),
2219 (1, "eap_eke_build_msg;eap_eke_process_commit", None),
2220 (1, "wpabuf_resize;eap_eke_process_commit", None),
2221 (1, "eap_eke_build_msg;eap_eke_process_confirm", None) ]
2222 for count
, func
, phase1
in tests
:
2223 with
alloc_fail(dev
[0], count
, func
):
2224 eap_eke_test_fail(dev
[0], phase1
)
2226 tests
= [ (1, "eap_eke_getKey", None),
2227 (1, "eap_eke_get_emsk", None),
2228 (1, "eap_eke_get_session_id", None) ]
2229 for count
, func
, phase1
in tests
:
2230 with
alloc_fail(dev
[0], count
, func
):
2231 eap_eke_test_fail(dev
[0], phase1
, success
=True)
2233 EAP_PAX_OP_STD_1
= 0x01
2234 EAP_PAX_OP_STD_2
= 0x02
2235 EAP_PAX_OP_STD_3
= 0x03
2236 EAP_PAX_OP_SEC_1
= 0x11
2237 EAP_PAX_OP_SEC_2
= 0x12
2238 EAP_PAX_OP_SEC_3
= 0x13
2239 EAP_PAX_OP_SEC_4
= 0x14
2240 EAP_PAX_OP_SEC_5
= 0x15
2241 EAP_PAX_OP_ACK
= 0x21
2243 EAP_PAX_FLAGS_MF
= 0x01
2244 EAP_PAX_FLAGS_CE
= 0x02
2245 EAP_PAX_FLAGS_AI
= 0x04
2247 EAP_PAX_MAC_HMAC_SHA1_128
= 0x01
2248 EAP_PAX_HMAC_SHA256_128
= 0x02
2250 EAP_PAX_DH_GROUP_NONE
= 0x00
2251 EAP_PAX_DH_GROUP_2048_MODP
= 0x01
2252 EAP_PAX_DH_GROUP_3072_MODP
= 0x02
2253 EAP_PAX_DH_GROUP_NIST_ECC_P_256
= 0x03
2255 EAP_PAX_PUBLIC_KEY_NONE
= 0x00
2256 EAP_PAX_PUBLIC_KEY_RSAES_OAEP
= 0x01
2257 EAP_PAX_PUBLIC_KEY_RSA_PKCS1_V1_5
= 0x02
2258 EAP_PAX_PUBLIC_KEY_EL_GAMAL_NIST_ECC
= 0x03
2260 EAP_PAX_ADE_VENDOR_SPECIFIC
= 0x01
2261 EAP_PAX_ADE_CLIENT_CHANNEL_BINDING
= 0x02
2262 EAP_PAX_ADE_SERVER_CHANNEL_BINDING
= 0x03
2264 def test_eap_proto_pax(dev
, apdev
):
2265 """EAP-PAX protocol tests"""
2267 logger
.info("Test: STD-1")
2269 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2270 4 + 1 + 5 + 2 + 32 + 16,
2272 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2273 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2274 32, 0, 0, 0, 0, 0, 0, 0, 0,
2275 0x16, 0xc9, 0x08, 0x9d, 0x98, 0xa5, 0x6e, 0x1f,
2276 0xf0, 0xac, 0xcf, 0xc4, 0x66, 0xcd, 0x2d, 0xbf)
2278 def pax_handler(ctx
, req
):
2279 logger
.info("pax_handler - RX " + req
.encode("hex"))
2280 if 'num' not in ctx
:
2282 ctx
['num'] = ctx
['num'] + 1
2285 ctx
['id'] = (ctx
['id'] + 1) % 256
2290 if ctx
['num'] == idx
:
2291 logger
.info("Test: Missing payload")
2292 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
2297 if ctx
['num'] == idx
:
2298 logger
.info("Test: Minimum length payload")
2299 return struct
.pack(">BBHB4L", EAP_CODE_REQUEST
, ctx
['id'],
2305 if ctx
['num'] == idx
:
2306 logger
.info("Test: Unsupported MAC ID")
2307 return struct
.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2310 EAP_PAX_OP_STD_1
, 0, 255, EAP_PAX_DH_GROUP_NONE
,
2311 EAP_PAX_PUBLIC_KEY_NONE
,
2315 if ctx
['num'] == idx
:
2316 logger
.info("Test: Unsupported DH Group ID")
2317 return struct
.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2320 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2321 255, EAP_PAX_PUBLIC_KEY_NONE
,
2325 if ctx
['num'] == idx
:
2326 logger
.info("Test: Unsupported Public Key ID")
2327 return struct
.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2330 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2331 EAP_PAX_DH_GROUP_NONE
, 255,
2335 if ctx
['num'] == idx
:
2336 logger
.info("Test: More fragments")
2337 return struct
.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2340 EAP_PAX_OP_STD_1
, EAP_PAX_FLAGS_MF
,
2341 EAP_PAX_MAC_HMAC_SHA1_128
,
2342 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2346 if ctx
['num'] == idx
:
2347 logger
.info("Test: Invalid ICV")
2348 return struct
.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2351 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2352 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2356 if ctx
['num'] == idx
:
2357 logger
.info("Test: Invalid ICV in short frame")
2358 return struct
.pack(">BBHBBBBBB3L", EAP_CODE_REQUEST
, ctx
['id'],
2361 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2362 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2366 if ctx
['num'] == idx
:
2367 logger
.info("Test: Correct ICV - unsupported op_code")
2369 return struct
.pack(">BBHBBBBBB16B", EAP_CODE_REQUEST
, ctx
['id'],
2372 255, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2373 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2374 0x90, 0x78, 0x97, 0x38, 0x29, 0x94, 0x32, 0xd4,
2375 0x81, 0x27, 0xe0, 0xf6, 0x3b, 0x0d, 0xb2, 0xb2)
2378 if ctx
['num'] == idx
:
2379 logger
.info("Test: Correct ICV - CE flag in STD-1")
2381 return struct
.pack(">BBHBBBBBB16B", EAP_CODE_REQUEST
, ctx
['id'],
2384 EAP_PAX_OP_STD_1
, EAP_PAX_FLAGS_CE
,
2385 EAP_PAX_MAC_HMAC_SHA1_128
,
2386 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2387 0x9c, 0x98, 0xb4, 0x0b, 0x94, 0x90, 0xde, 0x88,
2388 0xb7, 0x72, 0x63, 0x44, 0x1d, 0xe3, 0x7c, 0x5c)
2391 if ctx
['num'] == idx
:
2392 logger
.info("Test: Correct ICV - too short STD-1 payload")
2394 return struct
.pack(">BBHBBBBBB16B", EAP_CODE_REQUEST
, ctx
['id'],
2397 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2398 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2399 0xda, 0xab, 0x2c, 0xe7, 0x84, 0x41, 0xb5, 0x5c,
2400 0xee, 0xcf, 0x62, 0x03, 0xc5, 0x69, 0xcb, 0xf4)
2403 if ctx
['num'] == idx
:
2404 logger
.info("Test: Correct ICV - incorrect A length in STD-1")
2406 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2407 4 + 1 + 5 + 2 + 32 + 16,
2409 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2410 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2411 0, 0, 0, 0, 0, 0, 0, 0, 0,
2412 0xc4, 0xb0, 0x81, 0xe4, 0x6c, 0x8c, 0x20, 0x23,
2413 0x60, 0x46, 0x89, 0xea, 0x94, 0x60, 0xf3, 0x2a)
2416 if ctx
['num'] == idx
:
2417 logger
.info("Test: Correct ICV - extra data in STD-1")
2419 return struct
.pack(">BBHBBBBBBH8LB16B", EAP_CODE_REQUEST
, ctx
['id'],
2420 4 + 1 + 5 + 2 + 32 + 1 + 16,
2422 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2423 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2424 32, 0, 0, 0, 0, 0, 0, 0, 0,
2426 0x61, 0x49, 0x65, 0x37, 0x21, 0xe8, 0xd8, 0xbf,
2427 0xf3, 0x02, 0x01, 0xe5, 0x42, 0x51, 0xd3, 0x34)
2429 if ctx
['num'] == idx
:
2430 logger
.info("Test: Unexpected STD-1")
2431 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2432 4 + 1 + 5 + 2 + 32 + 16,
2434 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2435 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2436 32, 0, 0, 0, 0, 0, 0, 0, 0,
2437 0xe5, 0x1d, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
2438 0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
2441 if ctx
['num'] == idx
:
2442 return pax_std_1(ctx
)
2444 if ctx
['num'] == idx
:
2445 logger
.info("Test: MAC ID changed during session")
2446 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2447 4 + 1 + 5 + 2 + 32 + 16,
2449 EAP_PAX_OP_STD_1
, 0, EAP_PAX_HMAC_SHA256_128
,
2450 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2451 32, 0, 0, 0, 0, 0, 0, 0, 0,
2452 0xee, 0x00, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
2453 0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
2456 if ctx
['num'] == idx
:
2457 return pax_std_1(ctx
)
2459 if ctx
['num'] == idx
:
2460 logger
.info("Test: DH Group ID changed during session")
2461 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2462 4 + 1 + 5 + 2 + 32 + 16,
2464 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2465 EAP_PAX_DH_GROUP_2048_MODP
,
2466 EAP_PAX_PUBLIC_KEY_NONE
,
2467 32, 0, 0, 0, 0, 0, 0, 0, 0,
2468 0xee, 0x01, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
2469 0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
2472 if ctx
['num'] == idx
:
2473 return pax_std_1(ctx
)
2475 if ctx
['num'] == idx
:
2476 logger
.info("Test: Public Key ID changed during session")
2477 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2478 4 + 1 + 5 + 2 + 32 + 16,
2480 EAP_PAX_OP_STD_1
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2481 EAP_PAX_DH_GROUP_NONE
,
2482 EAP_PAX_PUBLIC_KEY_RSAES_OAEP
,
2483 32, 0, 0, 0, 0, 0, 0, 0, 0,
2484 0xee, 0x02, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
2485 0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
2488 if ctx
['num'] == idx
:
2489 logger
.info("Test: Unexpected STD-3")
2491 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2492 4 + 1 + 5 + 2 + 32 + 16,
2494 EAP_PAX_OP_STD_3
, 0, EAP_PAX_MAC_HMAC_SHA1_128
,
2495 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2496 32, 0, 0, 0, 0, 0, 0, 0, 0,
2497 0x47, 0xbb, 0xc0, 0xf9, 0xb9, 0x69, 0xf5, 0xcb,
2498 0x3a, 0xe8, 0xe7, 0xd6, 0x80, 0x28, 0xf2, 0x59)
2501 if ctx
['num'] == idx
:
2502 return pax_std_1(ctx
)
2504 if ctx
['num'] == idx
:
2505 # TODO: MAC calculation; for now, this gets dropped due to incorrect
2507 logger
.info("Test: STD-3 with CE flag")
2508 return struct
.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST
, ctx
['id'],
2509 4 + 1 + 5 + 2 + 32 + 16,
2511 EAP_PAX_OP_STD_3
, EAP_PAX_FLAGS_CE
,
2512 EAP_PAX_MAC_HMAC_SHA1_128
,
2513 EAP_PAX_DH_GROUP_NONE
, EAP_PAX_PUBLIC_KEY_NONE
,
2514 32, 0, 0, 0, 0, 0, 0, 0, 0,
2515 0x8a, 0xc2, 0xf9, 0xf4, 0x8b, 0x75, 0x72, 0xa2,
2516 0x4d, 0xd3, 0x1e, 0x54, 0x77, 0x04, 0x05, 0xe2)
2519 if ctx
['num'] & 0x1 == idx
& 0x1:
2520 logger
.info("Test: Default request")
2521 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
2525 logger
.info("Test: Default EAP-Failure")
2526 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2528 srv
= start_radius_server(pax_handler
)
2531 hapd
= start_ap(apdev
[0]['ifname'])
2533 for i
in range(0, 18):
2534 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2535 eap
="PAX", identity
="user",
2536 password_hex
="0123456789abcdef0123456789abcdef",
2538 logger
.info("Waiting for EAP method to start")
2539 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
2542 raise Exception("Timeout on EAP start")
2544 dev
[0].request("REMOVE_NETWORK all")
2545 dev
[0].dump_monitor()
2547 logger
.info("Too short password")
2548 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2549 eap
="PAX", identity
="user",
2550 password_hex
="0123456789abcdef0123456789abcd",
2552 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
2554 raise Exception("Timeout on EAP start")
2556 dev
[0].request("REMOVE_NETWORK all")
2557 dev
[0].dump_monitor()
2559 logger
.info("No password")
2560 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2561 eap
="PAX", identity
="user",
2563 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
2565 raise Exception("Timeout on EAP start")
2567 dev
[0].request("REMOVE_NETWORK all")
2568 dev
[0].dump_monitor()
2570 stop_radius_server(srv
)
2572 def test_eap_proto_psk(dev
, apdev
):
2573 """EAP-PSK protocol tests"""
2574 def psk_handler(ctx
, req
):
2575 logger
.info("psk_handler - RX " + req
.encode("hex"))
2576 if 'num' not in ctx
:
2578 ctx
['num'] = ctx
['num'] + 1
2581 ctx
['id'] = (ctx
['id'] + 1) % 256
2586 if ctx
['num'] == idx
:
2587 logger
.info("Test: Missing payload")
2588 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
2593 if ctx
['num'] == idx
:
2594 logger
.info("Test: Non-zero T in first message")
2595 return struct
.pack(">BBHBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2597 EAP_TYPE_PSK
, 0xc0, 0, 0, 0, 0)
2600 if ctx
['num'] == idx
:
2601 logger
.info("Test: Valid first message")
2602 return struct
.pack(">BBHBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2604 EAP_TYPE_PSK
, 0, 0, 0, 0, 0)
2606 if ctx
['num'] == idx
:
2607 logger
.info("Test: Too short third message")
2608 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
2613 if ctx
['num'] == idx
:
2614 logger
.info("Test: Valid first message")
2615 return struct
.pack(">BBHBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2617 EAP_TYPE_PSK
, 0, 0, 0, 0, 0)
2619 if ctx
['num'] == idx
:
2620 logger
.info("Test: Incorrect T in third message")
2621 return struct
.pack(">BBHBB4L4L", EAP_CODE_REQUEST
, ctx
['id'],
2622 4 + 1 + 1 + 16 + 16,
2623 EAP_TYPE_PSK
, 0, 0, 0, 0, 0, 0, 0, 0, 0)
2626 if ctx
['num'] == idx
:
2627 logger
.info("Test: Valid first message")
2628 return struct
.pack(">BBHBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2630 EAP_TYPE_PSK
, 0, 0, 0, 0, 0)
2632 if ctx
['num'] == idx
:
2633 logger
.info("Test: Missing PCHANNEL in third message")
2634 return struct
.pack(">BBHBB4L4L", EAP_CODE_REQUEST
, ctx
['id'],
2635 4 + 1 + 1 + 16 + 16,
2636 EAP_TYPE_PSK
, 0x80, 0, 0, 0, 0, 0, 0, 0, 0)
2639 if ctx
['num'] == idx
:
2640 logger
.info("Test: Valid first message")
2641 return struct
.pack(">BBHBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2643 EAP_TYPE_PSK
, 0, 0, 0, 0, 0)
2645 if ctx
['num'] == idx
:
2646 logger
.info("Test: Invalic MAC_S in third message")
2647 return struct
.pack(">BBHBB4L4L5LB", EAP_CODE_REQUEST
, ctx
['id'],
2648 4 + 1 + 1 + 16 + 16 + 21,
2649 EAP_TYPE_PSK
, 0x80, 0, 0, 0, 0, 0, 0, 0, 0,
2653 if ctx
['num'] == idx
:
2654 logger
.info("Test: Valid first message")
2655 return struct
.pack(">BBHBB4L", EAP_CODE_REQUEST
, ctx
['id'],
2657 EAP_TYPE_PSK
, 0, 0, 0, 0, 0)
2659 if ctx
['num'] == idx
:
2660 logger
.info("Test: EAP-Failure")
2661 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2665 srv
= start_radius_server(psk_handler
)
2668 hapd
= start_ap(apdev
[0]['ifname'])
2670 for i
in range(0, 6):
2671 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2672 eap
="PSK", identity
="user",
2673 password_hex
="0123456789abcdef0123456789abcdef",
2675 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
2678 raise Exception("Timeout on EAP start")
2680 dev
[0].request("REMOVE_NETWORK all")
2682 logger
.info("Test: Invalid PSK length")
2683 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2684 eap
="PSK", identity
="user",
2685 password_hex
="0123456789abcdef0123456789abcd",
2687 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
2690 raise Exception("Timeout on EAP start")
2692 dev
[0].request("REMOVE_NETWORK all")
2694 stop_radius_server(srv
)
2696 def test_eap_proto_psk_errors(dev
, apdev
):
2697 """EAP-PSK local error cases"""
2698 check_eap_capa(dev
[0], "PSK")
2699 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
2700 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
2702 for i
in range(1, 6):
2703 with
alloc_fail(dev
[0], i
, "eap_psk_init"):
2704 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2705 eap
="PSK", identity
="psk.user@example.com",
2706 password_hex
="0123456789abcdef0123456789abcdef",
2708 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
2711 raise Exception("Timeout on EAP start")
2712 dev
[0].request("REMOVE_NETWORK all")
2713 dev
[0].wait_disconnected()
2715 tests
= [ (1, "=eap_psk_process_1"),
2716 (2, "=eap_psk_process_1"),
2717 (1, "eap_msg_alloc;eap_psk_process_1"),
2718 (1, "=eap_psk_process_3"),
2719 (2, "=eap_psk_process_3"),
2720 (1, "eap_msg_alloc;eap_psk_process_3"),
2721 (1, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2722 (2, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2723 (3, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2724 (4, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2725 (5, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2726 (6, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2727 (7, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2728 (8, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2729 (9, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2730 (10, "aes_128_encrypt_block;eap_psk_derive_keys;eap_psk_process_3"),
2731 (1, "aes_128_ctr_encrypt;aes_128_eax_decrypt;eap_psk_process_3"),
2732 (1, "aes_128_ctr_encrypt;aes_128_eax_encrypt;eap_psk_process_3"),
2733 (1, "eap_psk_getKey"),
2734 (1, "eap_psk_get_session_id"),
2735 (1, "eap_psk_get_emsk") ]
2736 for count
, func
in tests
:
2737 with
alloc_fail(dev
[0], count
, func
):
2738 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2739 eap
="PSK", identity
="psk.user@example.com",
2740 password_hex
="0123456789abcdef0123456789abcdef",
2741 erp
="1", wait_connect
=False)
2742 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
2745 raise Exception("Timeout on EAP start")
2748 state
= dev
[0].request('GET_ALLOC_FAIL')
2749 if state
.startswith('0:'):
2754 raise Exception("No allocation failure seen for %d:%s" % (count
, func
))
2755 dev
[0].request("REMOVE_NETWORK all")
2756 dev
[0].wait_disconnected()
2758 tests
= [ (1, "os_get_random;eap_psk_process_1"),
2759 (1, "omac1_aes_128;eap_psk_process_3"),
2760 (1, "aes_128_eax_decrypt;eap_psk_process_3"),
2761 (2, "aes_128_eax_decrypt;eap_psk_process_3"),
2762 (3, "aes_128_eax_decrypt;eap_psk_process_3"),
2763 (1, "aes_128_eax_encrypt;eap_psk_process_3"),
2764 (2, "aes_128_eax_encrypt;eap_psk_process_3"),
2765 (3, "aes_128_eax_encrypt;eap_psk_process_3") ]
2766 for count
, func
in tests
:
2767 with
fail_test(dev
[0], count
, func
):
2768 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
2769 eap
="PSK", identity
="psk.user@example.com",
2770 password_hex
="0123456789abcdef0123456789abcdef",
2772 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
2775 raise Exception("Timeout on EAP start")
2778 state
= dev
[0].request('GET_FAIL')
2779 if state
.startswith('0:'):
2784 raise Exception("No failure seen for %d:%s" % (count
, func
))
2785 dev
[0].request("REMOVE_NETWORK all")
2786 dev
[0].wait_disconnected()
2788 EAP_SIM_SUBTYPE_START
= 10
2789 EAP_SIM_SUBTYPE_CHALLENGE
= 11
2790 EAP_SIM_SUBTYPE_NOTIFICATION
= 12
2791 EAP_SIM_SUBTYPE_REAUTHENTICATION
= 13
2792 EAP_SIM_SUBTYPE_CLIENT_ERROR
= 14
2794 EAP_AKA_SUBTYPE_CHALLENGE
= 1
2795 EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT
= 2
2796 EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE
= 4
2797 EAP_AKA_SUBTYPE_IDENTITY
= 5
2798 EAP_AKA_SUBTYPE_NOTIFICATION
= 12
2799 EAP_AKA_SUBTYPE_REAUTHENTICATION
= 13
2800 EAP_AKA_SUBTYPE_CLIENT_ERROR
= 14
2806 EAP_SIM_AT_PADDING
= 6
2807 EAP_SIM_AT_NONCE_MT
= 7
2808 EAP_SIM_AT_PERMANENT_ID_REQ
= 10
2810 EAP_SIM_AT_NOTIFICATION
= 12
2811 EAP_SIM_AT_ANY_ID_REQ
= 13
2812 EAP_SIM_AT_IDENTITY
= 14
2813 EAP_SIM_AT_VERSION_LIST
= 15
2814 EAP_SIM_AT_SELECTED_VERSION
= 16
2815 EAP_SIM_AT_FULLAUTH_ID_REQ
= 17
2816 EAP_SIM_AT_COUNTER
= 19
2817 EAP_SIM_AT_COUNTER_TOO_SMALL
= 20
2818 EAP_SIM_AT_NONCE_S
= 21
2819 EAP_SIM_AT_CLIENT_ERROR_CODE
= 22
2820 EAP_SIM_AT_KDF_INPUT
= 23
2823 EAP_SIM_AT_ENCR_DATA
= 130
2824 EAP_SIM_AT_NEXT_PSEUDONYM
= 132
2825 EAP_SIM_AT_NEXT_REAUTH_ID
= 133
2826 EAP_SIM_AT_CHECKCODE
= 134
2827 EAP_SIM_AT_RESULT_IND
= 135
2828 EAP_SIM_AT_BIDDING
= 136
2830 def test_eap_proto_aka(dev
, apdev
):
2831 """EAP-AKA protocol tests"""
2832 def aka_handler(ctx
, req
):
2833 logger
.info("aka_handler - RX " + req
.encode("hex"))
2834 if 'num' not in ctx
:
2836 ctx
['num'] = ctx
['num'] + 1
2839 ctx
['id'] = (ctx
['id'] + 1) % 256
2844 if ctx
['num'] == idx
:
2845 logger
.info("Test: Missing payload")
2846 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
2851 if ctx
['num'] == idx
:
2852 logger
.info("Test: Unknown subtype")
2853 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2855 EAP_TYPE_AKA
, 255, 0)
2857 if ctx
['num'] == idx
:
2858 logger
.info("Test: EAP-Failure")
2859 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2862 if ctx
['num'] == idx
:
2863 logger
.info("Test: Client Error")
2864 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2866 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_CLIENT_ERROR
, 0)
2868 if ctx
['num'] == idx
:
2869 logger
.info("Test: EAP-Failure")
2870 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2873 if ctx
['num'] == idx
:
2874 logger
.info("Test: Too short attribute header")
2875 return struct
.pack(">BBHBBHB", EAP_CODE_REQUEST
, ctx
['id'],
2877 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0, 255)
2879 if ctx
['num'] == idx
:
2880 logger
.info("Test: EAP-Failure")
2881 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2884 if ctx
['num'] == idx
:
2885 logger
.info("Test: Truncated attribute")
2886 return struct
.pack(">BBHBBHBB", EAP_CODE_REQUEST
, ctx
['id'],
2888 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0, 255,
2891 if ctx
['num'] == idx
:
2892 logger
.info("Test: EAP-Failure")
2893 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2896 if ctx
['num'] == idx
:
2897 logger
.info("Test: Too short attribute data")
2898 return struct
.pack(">BBHBBHBB", EAP_CODE_REQUEST
, ctx
['id'],
2900 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0, 255,
2903 if ctx
['num'] == idx
:
2904 logger
.info("Test: EAP-Failure")
2905 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2908 if ctx
['num'] == idx
:
2909 logger
.info("Test: Skippable/non-skippable unrecognzized attribute")
2910 return struct
.pack(">BBHBBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2912 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2913 255, 1, 0, 127, 1, 0)
2915 if ctx
['num'] == idx
:
2916 logger
.info("Test: EAP-Failure")
2917 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2920 if ctx
['num'] == idx
:
2921 logger
.info("Test: Identity request without ID type")
2922 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2924 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0)
2926 if ctx
['num'] == idx
:
2927 logger
.info("Test: Identity request ANY_ID")
2928 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2930 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2931 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
2933 if ctx
['num'] == idx
:
2934 logger
.info("Test: Identity request ANY_ID (duplicate)")
2935 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2937 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2938 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
2940 if ctx
['num'] == idx
:
2941 logger
.info("Test: EAP-Failure")
2942 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2945 if ctx
['num'] == idx
:
2946 logger
.info("Test: Identity request ANY_ID")
2947 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2949 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2950 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
2952 if ctx
['num'] == idx
:
2953 logger
.info("Test: Identity request FULLAUTH_ID")
2954 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2956 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2957 EAP_SIM_AT_FULLAUTH_ID_REQ
, 1, 0)
2959 if ctx
['num'] == idx
:
2960 logger
.info("Test: Identity request FULLAUTH_ID (duplicate)")
2961 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2963 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2964 EAP_SIM_AT_FULLAUTH_ID_REQ
, 1, 0)
2966 if ctx
['num'] == idx
:
2967 logger
.info("Test: EAP-Failure")
2968 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
2971 if ctx
['num'] == idx
:
2972 logger
.info("Test: Identity request ANY_ID")
2973 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2975 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2976 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
2978 if ctx
['num'] == idx
:
2979 logger
.info("Test: Identity request FULLAUTH_ID")
2980 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2982 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2983 EAP_SIM_AT_FULLAUTH_ID_REQ
, 1, 0)
2985 if ctx
['num'] == idx
:
2986 logger
.info("Test: Identity request PERMANENT_ID")
2987 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2989 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2990 EAP_SIM_AT_PERMANENT_ID_REQ
, 1, 0)
2992 if ctx
['num'] == idx
:
2993 logger
.info("Test: Identity request PERMANENT_ID (duplicate)")
2994 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
2996 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
2997 EAP_SIM_AT_PERMANENT_ID_REQ
, 1, 0)
2999 if ctx
['num'] == idx
:
3000 logger
.info("Test: EAP-Failure")
3001 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3004 if ctx
['num'] == idx
:
3005 logger
.info("Test: Challenge with no attributes")
3006 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3008 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_CHALLENGE
, 0)
3010 if ctx
['num'] == idx
:
3011 logger
.info("Test: EAP-Failure")
3012 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3015 if ctx
['num'] == idx
:
3016 logger
.info("Test: AKA Challenge with BIDDING")
3017 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3019 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3020 EAP_SIM_AT_BIDDING
, 1, 0x8000)
3022 if ctx
['num'] == idx
:
3023 logger
.info("Test: EAP-Failure")
3024 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3027 if ctx
['num'] == idx
:
3028 logger
.info("Test: Notification with no attributes")
3029 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3031 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0)
3033 if ctx
['num'] == idx
:
3034 logger
.info("Test: EAP-Failure")
3035 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3038 if ctx
['num'] == idx
:
3039 logger
.info("Test: Notification indicating success, but no MAC")
3040 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3042 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0,
3043 EAP_SIM_AT_NOTIFICATION
, 1, 32768)
3045 if ctx
['num'] == idx
:
3046 logger
.info("Test: EAP-Failure")
3047 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3050 if ctx
['num'] == idx
:
3051 logger
.info("Test: Notification indicating success, but invalid MAC value")
3052 return struct
.pack(">BBHBBHBBHBBH4L", EAP_CODE_REQUEST
, ctx
['id'],
3054 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0,
3055 EAP_SIM_AT_NOTIFICATION
, 1, 32768,
3056 EAP_SIM_AT_MAC
, 5, 0, 0, 0, 0, 0)
3058 if ctx
['num'] == idx
:
3059 logger
.info("Test: EAP-Failure")
3060 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3063 if ctx
['num'] == idx
:
3064 logger
.info("Test: Notification indicating success with zero-key MAC")
3065 return struct
.pack(">BBHBBHBBHBBH16B", EAP_CODE_REQUEST
,
3068 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0,
3069 EAP_SIM_AT_NOTIFICATION
, 1, 32768,
3070 EAP_SIM_AT_MAC
, 5, 0,
3071 0xbe, 0x2e, 0xbb, 0xa9, 0xfa, 0x2e, 0x82, 0x36,
3072 0x37, 0x8c, 0x32, 0x41, 0xb7, 0xc7, 0x58, 0xa3)
3074 if ctx
['num'] == idx
:
3075 logger
.info("Test: EAP-Success")
3076 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'], 4)
3079 if ctx
['num'] == idx
:
3080 logger
.info("Test: Notification before auth")
3081 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3083 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0,
3084 EAP_SIM_AT_NOTIFICATION
, 1, 16384)
3086 if ctx
['num'] == idx
:
3087 logger
.info("Test: EAP-Failure")
3088 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3091 if ctx
['num'] == idx
:
3092 logger
.info("Test: Notification before auth")
3093 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3095 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0,
3096 EAP_SIM_AT_NOTIFICATION
, 1, 16385)
3098 if ctx
['num'] == idx
:
3099 logger
.info("Test: EAP-Failure")
3100 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3103 if ctx
['num'] == idx
:
3104 logger
.info("Test: Notification with unrecognized non-failure")
3105 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3107 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0,
3108 EAP_SIM_AT_NOTIFICATION
, 1, 0xc000)
3110 if ctx
['num'] == idx
:
3111 logger
.info("Test: Notification before auth (duplicate)")
3112 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3114 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_NOTIFICATION
, 0,
3115 EAP_SIM_AT_NOTIFICATION
, 1, 0xc000)
3117 if ctx
['num'] == idx
:
3118 logger
.info("Test: EAP-Failure")
3119 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3122 if ctx
['num'] == idx
:
3123 logger
.info("Test: Re-authentication (unexpected) with no attributes")
3124 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3126 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_REAUTHENTICATION
,
3129 if ctx
['num'] == idx
:
3130 logger
.info("Test: EAP-Failure")
3131 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3134 if ctx
['num'] == idx
:
3135 logger
.info("Test: AKA Challenge with Checkcode claiming identity round was used")
3136 return struct
.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST
, ctx
['id'],
3138 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3139 EAP_SIM_AT_CHECKCODE
, 6, 0, 0, 0, 0, 0, 0)
3141 if ctx
['num'] == idx
:
3142 logger
.info("Test: EAP-Failure")
3143 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3146 if ctx
['num'] == idx
:
3147 logger
.info("Test: Identity request ANY_ID")
3148 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3150 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3151 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
3153 if ctx
['num'] == idx
:
3154 logger
.info("Test: AKA Challenge with Checkcode claiming no identity round was used")
3155 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3157 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3158 EAP_SIM_AT_CHECKCODE
, 1, 0)
3160 if ctx
['num'] == idx
:
3161 logger
.info("Test: EAP-Failure")
3162 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3165 if ctx
['num'] == idx
:
3166 logger
.info("Test: Identity request ANY_ID")
3167 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3169 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3170 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
3172 if ctx
['num'] == idx
:
3173 logger
.info("Test: AKA Challenge with mismatching Checkcode value")
3174 return struct
.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST
, ctx
['id'],
3176 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3177 EAP_SIM_AT_CHECKCODE
, 6, 0, 0, 0, 0, 0, 0)
3179 if ctx
['num'] == idx
:
3180 logger
.info("Test: EAP-Failure")
3181 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3184 if ctx
['num'] == idx
:
3185 logger
.info("Test: Re-authentication (unexpected) with Checkcode claimin identity round was used")
3186 return struct
.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST
, ctx
['id'],
3188 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_REAUTHENTICATION
,
3190 EAP_SIM_AT_CHECKCODE
, 6, 0, 0, 0, 0, 0, 0)
3192 if ctx
['num'] == idx
:
3193 logger
.info("Test: EAP-Failure")
3194 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3197 if ctx
['num'] == idx
:
3198 logger
.info("Test: Invalid AT_RAND length")
3199 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3201 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3202 EAP_SIM_AT_RAND
, 1, 0)
3204 if ctx
['num'] == idx
:
3205 logger
.info("Test: EAP-Failure")
3206 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3209 if ctx
['num'] == idx
:
3210 logger
.info("Test: Invalid AT_AUTN length")
3211 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3213 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3214 EAP_SIM_AT_AUTN
, 1, 0)
3216 if ctx
['num'] == idx
:
3217 logger
.info("Test: EAP-Failure")
3218 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3221 if ctx
['num'] == idx
:
3222 logger
.info("Test: Unencrypted AT_PADDING")
3223 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3225 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3226 EAP_SIM_AT_PADDING
, 1, 0)
3228 if ctx
['num'] == idx
:
3229 logger
.info("Test: EAP-Failure")
3230 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3233 if ctx
['num'] == idx
:
3234 logger
.info("Test: Invalid AT_NONCE_MT length")
3235 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3237 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3238 EAP_SIM_AT_NONCE_MT
, 1, 0)
3240 if ctx
['num'] == idx
:
3241 logger
.info("Test: EAP-Failure")
3242 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3245 if ctx
['num'] == idx
:
3246 logger
.info("Test: Invalid AT_MAC length")
3247 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3249 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3250 EAP_SIM_AT_MAC
, 1, 0)
3252 if ctx
['num'] == idx
:
3253 logger
.info("Test: EAP-Failure")
3254 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3257 if ctx
['num'] == idx
:
3258 logger
.info("Test: Invalid AT_NOTIFICATION length")
3259 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3261 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3262 EAP_SIM_AT_NOTIFICATION
, 2, 0, 0)
3264 if ctx
['num'] == idx
:
3265 logger
.info("Test: EAP-Failure")
3266 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3269 if ctx
['num'] == idx
:
3270 logger
.info("Test: AT_IDENTITY overflow")
3271 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3273 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3274 EAP_SIM_AT_IDENTITY
, 1, 0xffff)
3276 if ctx
['num'] == idx
:
3277 logger
.info("Test: EAP-Failure")
3278 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3281 if ctx
['num'] == idx
:
3282 logger
.info("Test: Unexpected AT_VERSION_LIST")
3283 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3285 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3286 EAP_SIM_AT_VERSION_LIST
, 1, 0)
3288 if ctx
['num'] == idx
:
3289 logger
.info("Test: EAP-Failure")
3290 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3293 if ctx
['num'] == idx
:
3294 logger
.info("Test: Invalid AT_SELECTED_VERSION length")
3295 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3297 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3298 EAP_SIM_AT_SELECTED_VERSION
, 2, 0, 0)
3300 if ctx
['num'] == idx
:
3301 logger
.info("Test: EAP-Failure")
3302 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3305 if ctx
['num'] == idx
:
3306 logger
.info("Test: Unencrypted AT_COUNTER")
3307 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3309 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3310 EAP_SIM_AT_COUNTER
, 1, 0)
3312 if ctx
['num'] == idx
:
3313 logger
.info("Test: EAP-Failure")
3314 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3317 if ctx
['num'] == idx
:
3318 logger
.info("Test: Unencrypted AT_COUNTER_TOO_SMALL")
3319 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3321 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3322 EAP_SIM_AT_COUNTER_TOO_SMALL
, 1, 0)
3324 if ctx
['num'] == idx
:
3325 logger
.info("Test: EAP-Failure")
3326 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3329 if ctx
['num'] == idx
:
3330 logger
.info("Test: Unencrypted AT_NONCE_S")
3331 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3333 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3334 EAP_SIM_AT_NONCE_S
, 1, 0)
3336 if ctx
['num'] == idx
:
3337 logger
.info("Test: EAP-Failure")
3338 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3341 if ctx
['num'] == idx
:
3342 logger
.info("Test: Invalid AT_CLIENT_ERROR_CODE length")
3343 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3345 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3346 EAP_SIM_AT_CLIENT_ERROR_CODE
, 2, 0, 0)
3348 if ctx
['num'] == idx
:
3349 logger
.info("Test: EAP-Failure")
3350 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3353 if ctx
['num'] == idx
:
3354 logger
.info("Test: Invalid AT_IV length")
3355 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3357 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3358 EAP_SIM_AT_IV
, 1, 0)
3360 if ctx
['num'] == idx
:
3361 logger
.info("Test: EAP-Failure")
3362 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3365 if ctx
['num'] == idx
:
3366 logger
.info("Test: Invalid AT_ENCR_DATA length")
3367 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3369 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3370 EAP_SIM_AT_ENCR_DATA
, 2, 0, 0)
3372 if ctx
['num'] == idx
:
3373 logger
.info("Test: EAP-Failure")
3374 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3377 if ctx
['num'] == idx
:
3378 logger
.info("Test: Unencrypted AT_NEXT_PSEUDONYM")
3379 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3381 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3382 EAP_SIM_AT_NEXT_PSEUDONYM
, 1, 0)
3384 if ctx
['num'] == idx
:
3385 logger
.info("Test: EAP-Failure")
3386 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3389 if ctx
['num'] == idx
:
3390 logger
.info("Test: Unencrypted AT_NEXT_REAUTH_ID")
3391 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3393 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3394 EAP_SIM_AT_NEXT_REAUTH_ID
, 1, 0)
3396 if ctx
['num'] == idx
:
3397 logger
.info("Test: EAP-Failure")
3398 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3401 if ctx
['num'] == idx
:
3402 logger
.info("Test: Invalid AT_RES length")
3403 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3405 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3406 EAP_SIM_AT_RES
, 1, 0)
3408 if ctx
['num'] == idx
:
3409 logger
.info("Test: EAP-Failure")
3410 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3413 if ctx
['num'] == idx
:
3414 logger
.info("Test: Invalid AT_RES length")
3415 return struct
.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST
, ctx
['id'],
3417 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3418 EAP_SIM_AT_RES
, 6, 0xffff, 0, 0, 0, 0, 0)
3420 if ctx
['num'] == idx
:
3421 logger
.info("Test: EAP-Failure")
3422 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3425 if ctx
['num'] == idx
:
3426 logger
.info("Test: Invalid AT_AUTS length")
3427 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3429 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3430 EAP_SIM_AT_AUTS
, 2, 0, 0)
3432 if ctx
['num'] == idx
:
3433 logger
.info("Test: EAP-Failure")
3434 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3437 if ctx
['num'] == idx
:
3438 logger
.info("Test: Invalid AT_CHECKCODE length")
3439 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3441 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3442 EAP_SIM_AT_CHECKCODE
, 2, 0, 0)
3444 if ctx
['num'] == idx
:
3445 logger
.info("Test: EAP-Failure")
3446 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3449 if ctx
['num'] == idx
:
3450 logger
.info("Test: Invalid AT_RESULT_IND length")
3451 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3453 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3454 EAP_SIM_AT_RESULT_IND
, 2, 0, 0)
3456 if ctx
['num'] == idx
:
3457 logger
.info("Test: EAP-Failure")
3458 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3461 if ctx
['num'] == idx
:
3462 logger
.info("Test: Unexpected AT_KDF_INPUT")
3463 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3465 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3466 EAP_SIM_AT_KDF_INPUT
, 2, 0, 0)
3468 if ctx
['num'] == idx
:
3469 logger
.info("Test: EAP-Failure")
3470 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3473 if ctx
['num'] == idx
:
3474 logger
.info("Test: Unexpected AT_KDF")
3475 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3477 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3478 EAP_SIM_AT_KDF
, 2, 0, 0)
3480 if ctx
['num'] == idx
:
3481 logger
.info("Test: EAP-Failure")
3482 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3485 if ctx
['num'] == idx
:
3486 logger
.info("Test: Invalid AT_BIDDING length")
3487 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3489 EAP_TYPE_AKA
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3490 EAP_SIM_AT_BIDDING
, 2, 0, 0)
3492 if ctx
['num'] == idx
:
3493 logger
.info("Test: EAP-Failure")
3494 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3498 srv
= start_radius_server(aka_handler
)
3501 hapd
= start_ap(apdev
[0]['ifname'])
3503 for i
in range(0, 49):
3504 eap
= "AKA AKA'" if i
== 11 else "AKA"
3505 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
3506 eap
=eap
, identity
="0232010000000000",
3507 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
3509 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
3512 raise Exception("Timeout on EAP start")
3516 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
3519 raise Exception("Timeout on EAP failure")
3520 dev
[0].request("REMOVE_NETWORK all")
3521 dev
[0].dump_monitor()
3523 stop_radius_server(srv
)
3525 def test_eap_proto_aka_prime(dev
, apdev
):
3526 """EAP-AKA' protocol tests"""
3527 def aka_prime_handler(ctx
, req
):
3528 logger
.info("aka_prime_handler - RX " + req
.encode("hex"))
3529 if 'num' not in ctx
:
3531 ctx
['num'] = ctx
['num'] + 1
3534 ctx
['id'] = (ctx
['id'] + 1) % 256
3539 if ctx
['num'] == idx
:
3540 logger
.info("Test: Missing payload")
3541 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
3546 if ctx
['num'] == idx
:
3547 logger
.info("Test: Challenge with no attributes")
3548 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3550 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0)
3552 if ctx
['num'] == idx
:
3553 logger
.info("Test: EAP-Failure")
3554 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3557 if ctx
['num'] == idx
:
3558 logger
.info("Test: Challenge with empty AT_KDF_INPUT")
3559 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3561 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3562 EAP_SIM_AT_KDF_INPUT
, 1, 0)
3564 if ctx
['num'] == idx
:
3565 logger
.info("Test: EAP-Failure")
3566 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3569 if ctx
['num'] == idx
:
3570 logger
.info("Test: Challenge with AT_KDF_INPUT")
3571 return struct
.pack(">BBHBBHBBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
3573 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3574 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3577 if ctx
['num'] == idx
:
3578 logger
.info("Test: EAP-Failure")
3579 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3582 if ctx
['num'] == idx
:
3583 logger
.info("Test: Challenge with duplicated KDF")
3584 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBH",
3585 EAP_CODE_REQUEST
, ctx
['id'],
3586 4 + 1 + 3 + 8 + 3 * 4,
3587 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3588 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3590 EAP_SIM_AT_KDF
, 1, 1,
3591 EAP_SIM_AT_KDF
, 1, 2,
3592 EAP_SIM_AT_KDF
, 1, 1)
3594 if ctx
['num'] == idx
:
3595 logger
.info("Test: EAP-Failure")
3596 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3599 if ctx
['num'] == idx
:
3600 logger
.info("Test: Challenge with multiple KDF proposals")
3601 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBH",
3602 EAP_CODE_REQUEST
, ctx
['id'],
3603 4 + 1 + 3 + 8 + 3 * 4,
3604 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3605 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3607 EAP_SIM_AT_KDF
, 1, 255,
3608 EAP_SIM_AT_KDF
, 1, 254,
3609 EAP_SIM_AT_KDF
, 1, 1)
3611 if ctx
['num'] == idx
:
3612 logger
.info("Test: Challenge with incorrect KDF selected")
3613 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBHBBH",
3614 EAP_CODE_REQUEST
, ctx
['id'],
3615 4 + 1 + 3 + 8 + 4 * 4,
3616 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3617 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3619 EAP_SIM_AT_KDF
, 1, 255,
3620 EAP_SIM_AT_KDF
, 1, 255,
3621 EAP_SIM_AT_KDF
, 1, 254,
3622 EAP_SIM_AT_KDF
, 1, 1)
3624 if ctx
['num'] == idx
:
3625 logger
.info("Test: EAP-Failure")
3626 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3629 if ctx
['num'] == idx
:
3630 logger
.info("Test: Challenge with multiple KDF proposals")
3631 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBH",
3632 EAP_CODE_REQUEST
, ctx
['id'],
3633 4 + 1 + 3 + 8 + 3 * 4,
3634 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3635 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3637 EAP_SIM_AT_KDF
, 1, 255,
3638 EAP_SIM_AT_KDF
, 1, 254,
3639 EAP_SIM_AT_KDF
, 1, 1)
3641 if ctx
['num'] == idx
:
3642 logger
.info("Test: Challenge with selected KDF not duplicated")
3643 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBH",
3644 EAP_CODE_REQUEST
, ctx
['id'],
3645 4 + 1 + 3 + 8 + 3 * 4,
3646 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3647 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3649 EAP_SIM_AT_KDF
, 1, 1,
3650 EAP_SIM_AT_KDF
, 1, 255,
3651 EAP_SIM_AT_KDF
, 1, 254)
3653 if ctx
['num'] == idx
:
3654 logger
.info("Test: EAP-Failure")
3655 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3658 if ctx
['num'] == idx
:
3659 logger
.info("Test: Challenge with multiple KDF proposals")
3660 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBH",
3661 EAP_CODE_REQUEST
, ctx
['id'],
3662 4 + 1 + 3 + 8 + 3 * 4,
3663 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3664 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3666 EAP_SIM_AT_KDF
, 1, 255,
3667 EAP_SIM_AT_KDF
, 1, 254,
3668 EAP_SIM_AT_KDF
, 1, 1)
3670 if ctx
['num'] == idx
:
3671 logger
.info("Test: Challenge with selected KDF duplicated (missing MAC, RAND, AUTN)")
3672 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBHBBH",
3673 EAP_CODE_REQUEST
, ctx
['id'],
3674 4 + 1 + 3 + 8 + 4 * 4,
3675 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3676 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3678 EAP_SIM_AT_KDF
, 1, 1,
3679 EAP_SIM_AT_KDF
, 1, 255,
3680 EAP_SIM_AT_KDF
, 1, 254,
3681 EAP_SIM_AT_KDF
, 1, 1)
3683 if ctx
['num'] == idx
:
3684 logger
.info("Test: EAP-Failure")
3685 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3688 if ctx
['num'] == idx
:
3689 logger
.info("Test: Challenge with multiple unsupported KDF proposals")
3690 return struct
.pack(">BBHBBHBBHBBBBBBHBBH",
3691 EAP_CODE_REQUEST
, ctx
['id'],
3692 4 + 1 + 3 + 8 + 2 * 4,
3693 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3694 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3696 EAP_SIM_AT_KDF
, 1, 255,
3697 EAP_SIM_AT_KDF
, 1, 254)
3699 if ctx
['num'] == idx
:
3700 logger
.info("Test: EAP-Failure")
3701 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3704 if ctx
['num'] == idx
:
3705 logger
.info("Test: Challenge with multiple KDF proposals")
3706 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBH",
3707 EAP_CODE_REQUEST
, ctx
['id'],
3708 4 + 1 + 3 + 8 + 3 * 4,
3709 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3710 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3712 EAP_SIM_AT_KDF
, 1, 255,
3713 EAP_SIM_AT_KDF
, 1, 254,
3714 EAP_SIM_AT_KDF
, 1, 1)
3716 if ctx
['num'] == idx
:
3717 logger
.info("Test: Challenge with invalid MAC, RAND, AUTN values)")
3718 return struct
.pack(">BBHBBHBBHBBBBBBHBBHBBHBBHBBH4LBBH4LBBH4L",
3719 EAP_CODE_REQUEST
, ctx
['id'],
3720 4 + 1 + 3 + 8 + 4 * 4 + 20 + 20 + 20,
3721 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3722 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3724 EAP_SIM_AT_KDF
, 1, 1,
3725 EAP_SIM_AT_KDF
, 1, 255,
3726 EAP_SIM_AT_KDF
, 1, 254,
3727 EAP_SIM_AT_KDF
, 1, 1,
3728 EAP_SIM_AT_MAC
, 5, 0, 0, 0, 0, 0,
3729 EAP_SIM_AT_RAND
, 5, 0, 0, 0, 0, 0,
3730 EAP_SIM_AT_AUTN
, 5, 0, 0, 0, 0, 0)
3732 if ctx
['num'] == idx
:
3733 logger
.info("Test: EAP-Failure")
3734 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3737 if ctx
['num'] == idx
:
3738 logger
.info("Test: Challenge - AMF separation bit not set)")
3739 return struct
.pack(">BBHBBHBBHBBBBBBHBBH4LBBH4LBBH4L",
3740 EAP_CODE_REQUEST
, ctx
['id'],
3741 4 + 1 + 3 + 8 + 4 + 20 + 20 + 20,
3742 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3743 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3745 EAP_SIM_AT_KDF
, 1, 1,
3746 EAP_SIM_AT_MAC
, 5, 0, 1, 2, 3, 4,
3747 EAP_SIM_AT_RAND
, 5, 0, 5, 6, 7, 8,
3748 EAP_SIM_AT_AUTN
, 5, 0, 9, 10,
3749 0x2fda8ef7, 0xbba518cc)
3751 if ctx
['num'] == idx
:
3752 logger
.info("Test: EAP-Failure")
3753 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3756 if ctx
['num'] == idx
:
3757 logger
.info("Test: Challenge - Invalid MAC")
3758 return struct
.pack(">BBHBBHBBHBBBBBBHBBH4LBBH4LBBH4L",
3759 EAP_CODE_REQUEST
, ctx
['id'],
3760 4 + 1 + 3 + 8 + 4 + 20 + 20 + 20,
3761 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3762 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3764 EAP_SIM_AT_KDF
, 1, 1,
3765 EAP_SIM_AT_MAC
, 5, 0, 1, 2, 3, 4,
3766 EAP_SIM_AT_RAND
, 5, 0, 5, 6, 7, 8,
3767 EAP_SIM_AT_AUTN
, 5, 0, 0xffffffff, 0xffffffff,
3768 0xd1f90322, 0x40514cb4)
3770 if ctx
['num'] == idx
:
3771 logger
.info("Test: EAP-Failure")
3772 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3775 if ctx
['num'] == idx
:
3776 logger
.info("Test: Challenge - Valid MAC")
3777 return struct
.pack(">BBHBBHBBHBBBBBBHBBH4LBBH4LBBH4L",
3778 EAP_CODE_REQUEST
, ctx
['id'],
3779 4 + 1 + 3 + 8 + 4 + 20 + 20 + 20,
3780 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3781 EAP_SIM_AT_KDF_INPUT
, 2, 1, ord('a'), ord('b'),
3783 EAP_SIM_AT_KDF
, 1, 1,
3784 EAP_SIM_AT_MAC
, 5, 0,
3785 0xf4a3c1d3, 0x7c901401, 0x34bd8b01, 0x6f7fa32f,
3786 EAP_SIM_AT_RAND
, 5, 0, 5, 6, 7, 8,
3787 EAP_SIM_AT_AUTN
, 5, 0, 0xffffffff, 0xffffffff,
3788 0xd1f90322, 0x40514cb4)
3790 if ctx
['num'] == idx
:
3791 logger
.info("Test: EAP-Failure")
3792 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3795 if ctx
['num'] == idx
:
3796 logger
.info("Test: Invalid AT_KDF_INPUT length")
3797 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3799 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3800 EAP_SIM_AT_KDF_INPUT
, 2, 0xffff, 0)
3802 if ctx
['num'] == idx
:
3803 logger
.info("Test: EAP-Failure")
3804 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3807 if ctx
['num'] == idx
:
3808 logger
.info("Test: Invalid AT_KDF length")
3809 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3811 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_IDENTITY
, 0,
3812 EAP_SIM_AT_KDF
, 2, 0, 0)
3814 if ctx
['num'] == idx
:
3815 logger
.info("Test: EAP-Failure")
3816 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3819 if ctx
['num'] == idx
:
3820 logger
.info("Test: Challenge with large number of KDF proposals")
3821 return struct
.pack(">BBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBH",
3822 EAP_CODE_REQUEST
, ctx
['id'],
3824 EAP_TYPE_AKA_PRIME
, EAP_AKA_SUBTYPE_CHALLENGE
, 0,
3825 EAP_SIM_AT_KDF
, 1, 255,
3826 EAP_SIM_AT_KDF
, 1, 254,
3827 EAP_SIM_AT_KDF
, 1, 253,
3828 EAP_SIM_AT_KDF
, 1, 252,
3829 EAP_SIM_AT_KDF
, 1, 251,
3830 EAP_SIM_AT_KDF
, 1, 250,
3831 EAP_SIM_AT_KDF
, 1, 249,
3832 EAP_SIM_AT_KDF
, 1, 248,
3833 EAP_SIM_AT_KDF
, 1, 247,
3834 EAP_SIM_AT_KDF
, 1, 246,
3835 EAP_SIM_AT_KDF
, 1, 245,
3836 EAP_SIM_AT_KDF
, 1, 244)
3838 if ctx
['num'] == idx
:
3839 logger
.info("Test: EAP-Failure")
3840 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3844 srv
= start_radius_server(aka_prime_handler
)
3847 hapd
= start_ap(apdev
[0]['ifname'])
3849 for i
in range(0, 16):
3850 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
3851 eap
="AKA'", identity
="6555444333222111",
3852 password
="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
3854 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
3857 raise Exception("Timeout on EAP start")
3861 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
3864 raise Exception("Timeout on EAP failure")
3865 dev
[0].request("REMOVE_NETWORK all")
3866 dev
[0].dump_monitor()
3868 stop_radius_server(srv
)
3870 def test_eap_proto_sim(dev
, apdev
):
3871 """EAP-SIM protocol tests"""
3872 def sim_handler(ctx
, req
):
3873 logger
.info("sim_handler - RX " + req
.encode("hex"))
3874 if 'num' not in ctx
:
3876 ctx
['num'] = ctx
['num'] + 1
3879 ctx
['id'] = (ctx
['id'] + 1) % 256
3884 if ctx
['num'] == idx
:
3885 logger
.info("Test: Missing payload")
3886 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
3891 if ctx
['num'] == idx
:
3892 logger
.info("Test: Unexpected AT_AUTN")
3893 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3895 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3896 EAP_SIM_AT_AUTN
, 2, 0, 0)
3898 if ctx
['num'] == idx
:
3899 logger
.info("Test: EAP-Failure")
3900 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3903 if ctx
['num'] == idx
:
3904 logger
.info("Test: Too short AT_VERSION_LIST")
3905 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3907 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3908 EAP_SIM_AT_VERSION_LIST
, 1, 0)
3910 if ctx
['num'] == idx
:
3911 logger
.info("Test: EAP-Failure")
3912 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3915 if ctx
['num'] == idx
:
3916 logger
.info("Test: AT_VERSION_LIST overflow")
3917 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3919 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3920 EAP_SIM_AT_VERSION_LIST
, 1, 0xffff)
3922 if ctx
['num'] == idx
:
3923 logger
.info("Test: EAP-Failure")
3924 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3927 if ctx
['num'] == idx
:
3928 logger
.info("Test: Unexpected AT_AUTS")
3929 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3931 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3932 EAP_SIM_AT_AUTS
, 2, 0, 0)
3934 if ctx
['num'] == idx
:
3935 logger
.info("Test: EAP-Failure")
3936 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3939 if ctx
['num'] == idx
:
3940 logger
.info("Test: Unexpected AT_CHECKCODE")
3941 return struct
.pack(">BBHBBHBBHL", EAP_CODE_REQUEST
, ctx
['id'],
3943 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3944 EAP_SIM_AT_CHECKCODE
, 2, 0, 0)
3946 if ctx
['num'] == idx
:
3947 logger
.info("Test: EAP-Failure")
3948 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3951 if ctx
['num'] == idx
:
3952 logger
.info("Test: No AT_VERSION_LIST in Start")
3953 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
3955 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0)
3957 if ctx
['num'] == idx
:
3958 logger
.info("Test: EAP-Failure")
3959 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3962 if ctx
['num'] == idx
:
3963 logger
.info("Test: No support version in AT_VERSION_LIST")
3964 return struct
.pack(">BBHBBHBBH4B", EAP_CODE_REQUEST
, ctx
['id'],
3966 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3967 EAP_SIM_AT_VERSION_LIST
, 2, 3, 2, 3, 4, 5)
3969 if ctx
['num'] == idx
:
3970 logger
.info("Test: EAP-Failure")
3971 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
3975 if ctx
['num'] == idx
:
3976 logger
.info("Test: Identity request without ID type")
3977 return struct
.pack(">BBHBBHBBH2H", EAP_CODE_REQUEST
, ctx
['id'],
3979 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3980 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0)
3982 if ctx
['num'] == idx
:
3983 logger
.info("Test: Identity request ANY_ID")
3984 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
3986 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3987 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
3988 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
3990 if ctx
['num'] == idx
:
3991 logger
.info("Test: Identity request ANY_ID (duplicate)")
3992 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
3994 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
3995 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
3996 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
3998 if ctx
['num'] == idx
:
3999 logger
.info("Test: EAP-Failure")
4000 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4003 if ctx
['num'] == idx
:
4004 logger
.info("Test: Identity request ANY_ID")
4005 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
4007 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
4008 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
4009 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
4011 if ctx
['num'] == idx
:
4012 logger
.info("Test: Identity request FULLAUTH_ID")
4013 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
4015 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
4016 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
4017 EAP_SIM_AT_FULLAUTH_ID_REQ
, 1, 0)
4019 if ctx
['num'] == idx
:
4020 logger
.info("Test: Identity request FULLAUTH_ID (duplicate)")
4021 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
4023 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
4024 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
4025 EAP_SIM_AT_FULLAUTH_ID_REQ
, 1, 0)
4027 if ctx
['num'] == idx
:
4028 logger
.info("Test: EAP-Failure")
4029 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4032 if ctx
['num'] == idx
:
4033 logger
.info("Test: Identity request ANY_ID")
4034 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
4036 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
4037 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
4038 EAP_SIM_AT_ANY_ID_REQ
, 1, 0)
4040 if ctx
['num'] == idx
:
4041 logger
.info("Test: Identity request FULLAUTH_ID")
4042 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
4044 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
4045 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
4046 EAP_SIM_AT_FULLAUTH_ID_REQ
, 1, 0)
4048 if ctx
['num'] == idx
:
4049 logger
.info("Test: Identity request PERMANENT_ID")
4050 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
4052 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
4053 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
4054 EAP_SIM_AT_PERMANENT_ID_REQ
, 1, 0)
4056 if ctx
['num'] == idx
:
4057 logger
.info("Test: Identity request PERMANENT_ID (duplicate)")
4058 return struct
.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST
, ctx
['id'],
4060 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_START
, 0,
4061 EAP_SIM_AT_VERSION_LIST
, 2, 2, 1, 0,
4062 EAP_SIM_AT_PERMANENT_ID_REQ
, 1, 0)
4064 if ctx
['num'] == idx
:
4065 logger
.info("Test: EAP-Failure")
4066 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4069 if ctx
['num'] == idx
:
4070 logger
.info("Test: No AT_MAC and AT_RAND in Challenge")
4071 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4073 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_CHALLENGE
, 0)
4075 if ctx
['num'] == idx
:
4076 logger
.info("Test: EAP-Failure")
4077 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4080 if ctx
['num'] == idx
:
4081 logger
.info("Test: No AT_RAND in Challenge")
4082 return struct
.pack(">BBHBBHBBH4L", EAP_CODE_REQUEST
, ctx
['id'],
4084 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_CHALLENGE
, 0,
4085 EAP_SIM_AT_MAC
, 5, 0, 0, 0, 0, 0)
4087 if ctx
['num'] == idx
:
4088 logger
.info("Test: EAP-Failure")
4089 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4092 if ctx
['num'] == idx
:
4093 logger
.info("Test: Insufficient number of challenges in Challenge")
4094 return struct
.pack(">BBHBBHBBH4LBBH4L", EAP_CODE_REQUEST
, ctx
['id'],
4095 4 + 1 + 3 + 20 + 20,
4096 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_CHALLENGE
, 0,
4097 EAP_SIM_AT_RAND
, 5, 0, 0, 0, 0, 0,
4098 EAP_SIM_AT_MAC
, 5, 0, 0, 0, 0, 0)
4100 if ctx
['num'] == idx
:
4101 logger
.info("Test: EAP-Failure")
4102 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4105 if ctx
['num'] == idx
:
4106 logger
.info("Test: Too many challenges in Challenge")
4107 return struct
.pack(">BBHBBHBBH4L4L4L4LBBH4L", EAP_CODE_REQUEST
,
4109 4 + 1 + 3 + 4 + 4 * 16 + 20,
4110 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_CHALLENGE
, 0,
4111 EAP_SIM_AT_RAND
, 17, 0, 0, 0, 0, 0, 0, 0, 0, 0,
4112 0, 0, 0, 0, 0, 0, 0, 0,
4113 EAP_SIM_AT_MAC
, 5, 0, 0, 0, 0, 0)
4115 if ctx
['num'] == idx
:
4116 logger
.info("Test: EAP-Failure")
4117 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4120 if ctx
['num'] == idx
:
4121 logger
.info("Test: Same RAND multiple times in Challenge")
4122 return struct
.pack(">BBHBBHBBH4L4L4LBBH4L", EAP_CODE_REQUEST
,
4124 4 + 1 + 3 + 4 + 3 * 16 + 20,
4125 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_CHALLENGE
, 0,
4126 EAP_SIM_AT_RAND
, 13, 0, 0, 0, 0, 0, 0, 0, 0, 1,
4128 EAP_SIM_AT_MAC
, 5, 0, 0, 0, 0, 0)
4130 if ctx
['num'] == idx
:
4131 logger
.info("Test: EAP-Failure")
4132 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4135 if ctx
['num'] == idx
:
4136 logger
.info("Test: Notification with no attributes")
4137 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4139 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_NOTIFICATION
, 0)
4141 if ctx
['num'] == idx
:
4142 logger
.info("Test: EAP-Failure")
4143 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4146 if ctx
['num'] == idx
:
4147 logger
.info("Test: Notification indicating success, but no MAC")
4148 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4150 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_NOTIFICATION
, 0,
4151 EAP_SIM_AT_NOTIFICATION
, 1, 32768)
4153 if ctx
['num'] == idx
:
4154 logger
.info("Test: EAP-Failure")
4155 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4158 if ctx
['num'] == idx
:
4159 logger
.info("Test: Notification indicating success, but invalid MAC value")
4160 return struct
.pack(">BBHBBHBBHBBH4L", EAP_CODE_REQUEST
, ctx
['id'],
4162 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_NOTIFICATION
, 0,
4163 EAP_SIM_AT_NOTIFICATION
, 1, 32768,
4164 EAP_SIM_AT_MAC
, 5, 0, 0, 0, 0, 0)
4166 if ctx
['num'] == idx
:
4167 logger
.info("Test: EAP-Failure")
4168 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4171 if ctx
['num'] == idx
:
4172 logger
.info("Test: Notification before auth")
4173 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4175 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_NOTIFICATION
, 0,
4176 EAP_SIM_AT_NOTIFICATION
, 1, 16384)
4178 if ctx
['num'] == idx
:
4179 logger
.info("Test: EAP-Failure")
4180 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4183 if ctx
['num'] == idx
:
4184 logger
.info("Test: Notification before auth")
4185 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4187 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_NOTIFICATION
, 0,
4188 EAP_SIM_AT_NOTIFICATION
, 1, 16385)
4190 if ctx
['num'] == idx
:
4191 logger
.info("Test: EAP-Failure")
4192 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4195 if ctx
['num'] == idx
:
4196 logger
.info("Test: Notification with unrecognized non-failure")
4197 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4199 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_NOTIFICATION
, 0,
4200 EAP_SIM_AT_NOTIFICATION
, 1, 0xc000)
4202 if ctx
['num'] == idx
:
4203 logger
.info("Test: Notification before auth (duplicate)")
4204 return struct
.pack(">BBHBBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4206 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_NOTIFICATION
, 0,
4207 EAP_SIM_AT_NOTIFICATION
, 1, 0xc000)
4209 if ctx
['num'] == idx
:
4210 logger
.info("Test: EAP-Failure")
4211 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4214 if ctx
['num'] == idx
:
4215 logger
.info("Test: Re-authentication (unexpected) with no attributes")
4216 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4218 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_REAUTHENTICATION
,
4221 if ctx
['num'] == idx
:
4222 logger
.info("Test: EAP-Failure")
4223 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4226 if ctx
['num'] == idx
:
4227 logger
.info("Test: Client Error")
4228 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4230 EAP_TYPE_SIM
, EAP_SIM_SUBTYPE_CLIENT_ERROR
, 0)
4232 if ctx
['num'] == idx
:
4233 logger
.info("Test: EAP-Failure")
4234 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4237 if ctx
['num'] == idx
:
4238 logger
.info("Test: Unknown subtype")
4239 return struct
.pack(">BBHBBH", EAP_CODE_REQUEST
, ctx
['id'],
4241 EAP_TYPE_SIM
, 255, 0)
4243 if ctx
['num'] == idx
:
4244 logger
.info("Test: EAP-Failure")
4245 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4249 srv
= start_radius_server(sim_handler
)
4252 hapd
= start_ap(apdev
[0]['ifname'])
4254 for i
in range(0, 25):
4255 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4256 eap
="SIM", identity
="1232010000000000",
4257 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
4259 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
4262 raise Exception("Timeout on EAP start")
4266 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
4269 raise Exception("Timeout on EAP failure")
4270 dev
[0].request("REMOVE_NETWORK all")
4271 dev
[0].dump_monitor()
4273 stop_radius_server(srv
)
4275 def test_eap_proto_sim_errors(dev
, apdev
):
4276 """EAP-SIM protocol tests (error paths)"""
4277 check_hlr_auc_gw_support()
4278 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
4279 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
4281 with
alloc_fail(dev
[0], 1, "eap_sim_init"):
4282 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4283 eap
="SIM", identity
="1232010000000000",
4284 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
4286 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
4289 raise Exception("Timeout on EAP start")
4290 dev
[0].request("REMOVE_NETWORK all")
4291 dev
[0].wait_disconnected()
4293 with
fail_test(dev
[0], 1, "os_get_random;eap_sim_init"):
4294 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4295 eap
="SIM", identity
="1232010000000000",
4296 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
4298 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
4301 raise Exception("Timeout on EAP start")
4302 dev
[0].request("REMOVE_NETWORK all")
4303 dev
[0].wait_disconnected()
4305 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4306 eap
="SIM", identity
="1232010000000000",
4307 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
4309 with
fail_test(dev
[0], 1, "aes_128_cbc_encrypt;eap_sim_response_reauth"):
4310 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
4311 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
4313 raise Exception("EAP re-authentication did not start")
4314 wait_fail_trigger(dev
[0], "GET_FAIL")
4315 dev
[0].request("REMOVE_NETWORK all")
4316 dev
[0].dump_monitor()
4318 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4319 eap
="SIM", identity
="1232010000000000",
4320 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
4322 with
fail_test(dev
[0], 1, "os_get_random;eap_sim_msg_add_encr_start"):
4323 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
4324 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
4326 raise Exception("EAP re-authentication did not start")
4327 wait_fail_trigger(dev
[0], "GET_FAIL")
4328 dev
[0].request("REMOVE_NETWORK all")
4329 dev
[0].dump_monitor()
4331 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4332 eap
="SIM", identity
="1232010000000000",
4333 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
4335 with
fail_test(dev
[0], 1, "os_get_random;eap_sim_init_for_reauth"):
4336 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
4337 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
4339 raise Exception("EAP re-authentication did not start")
4340 wait_fail_trigger(dev
[0], "GET_FAIL")
4341 dev
[0].request("REMOVE_NETWORK all")
4342 dev
[0].dump_monitor()
4344 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4345 eap
="SIM", identity
="1232010000000000",
4346 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
4348 with
alloc_fail(dev
[0], 1, "eap_sim_parse_encr;eap_sim_process_reauthentication"):
4349 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
4350 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
4352 raise Exception("EAP re-authentication did not start")
4353 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
4354 dev
[0].request("REMOVE_NETWORK all")
4355 dev
[0].dump_monitor()
4357 tests
= [ (1, "eap_sim_verify_mac;eap_sim_process_challenge"),
4358 (1, "eap_sim_parse_encr;eap_sim_process_challenge"),
4359 (1, "eap_sim_msg_init;eap_sim_response_start"),
4360 (1, "wpabuf_alloc;eap_sim_msg_init;eap_sim_response_start"),
4361 (1, "=eap_sim_learn_ids"),
4362 (2, "=eap_sim_learn_ids"),
4363 (2, "eap_sim_learn_ids"),
4364 (3, "eap_sim_learn_ids"),
4365 (1, "eap_sim_process_start"),
4366 (1, "eap_sim_getKey"),
4367 (1, "eap_sim_get_emsk"),
4368 (1, "eap_sim_get_session_id") ]
4369 for count
, func
in tests
:
4370 with
alloc_fail(dev
[0], count
, func
):
4371 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4372 eap
="SIM", identity
="1232010000000000",
4373 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
4374 erp
="1", wait_connect
=False)
4375 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
4376 dev
[0].request("REMOVE_NETWORK all")
4377 dev
[0].dump_monitor()
4379 tests
= [ (1, "aes_128_cbc_decrypt;eap_sim_parse_encr") ]
4380 for count
, func
in tests
:
4381 with
fail_test(dev
[0], count
, func
):
4382 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4383 eap
="SIM", identity
="1232010000000000",
4384 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
4386 wait_fail_trigger(dev
[0], "GET_FAIL")
4387 dev
[0].request("REMOVE_NETWORK all")
4388 dev
[0].dump_monitor()
4390 def test_eap_proto_aka_errors(dev
, apdev
):
4391 """EAP-AKA protocol tests (error paths)"""
4392 check_hlr_auc_gw_support()
4393 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
4394 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
4396 with
alloc_fail(dev
[0], 1, "eap_aka_init"):
4397 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4398 eap
="AKA", identity
="0232010000000000",
4399 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
4401 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
4404 raise Exception("Timeout on EAP start")
4405 dev
[0].request("REMOVE_NETWORK all")
4406 dev
[0].wait_disconnected()
4408 tests
= [ (1, "=eap_aka_learn_ids"),
4409 (2, "=eap_aka_learn_ids"),
4410 (1, "eap_sim_parse_encr;eap_aka_process_challenge"),
4411 (1, "eap_aka_getKey"),
4412 (1, "eap_aka_get_emsk"),
4413 (1, "eap_aka_get_session_id") ]
4414 for count
, func
in tests
:
4415 with
alloc_fail(dev
[0], count
, func
):
4416 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4417 eap
="AKA", identity
="0232010000000000",
4418 password
="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
4419 erp
="1", wait_connect
=False)
4420 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
4421 dev
[0].request("REMOVE_NETWORK all")
4422 dev
[0].dump_monitor()
4424 def test_eap_proto_aka_prime_errors(dev
, apdev
):
4425 """EAP-AKA' protocol tests (error paths)"""
4426 check_hlr_auc_gw_support()
4427 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
4428 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
4430 with
alloc_fail(dev
[0], 1, "eap_aka_init"):
4431 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4432 eap
="AKA'", identity
="6555444333222111",
4433 password
="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
4435 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
4438 raise Exception("Timeout on EAP start")
4439 dev
[0].request("REMOVE_NETWORK all")
4440 dev
[0].wait_disconnected()
4442 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4443 eap
="AKA'", identity
="6555444333222111",
4444 password
="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
4446 with
fail_test(dev
[0], 1, "aes_128_cbc_encrypt;eap_aka_response_reauth"):
4447 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
4448 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
4450 raise Exception("EAP re-authentication did not start")
4451 wait_fail_trigger(dev
[0], "GET_FAIL")
4452 dev
[0].request("REMOVE_NETWORK all")
4453 dev
[0].dump_monitor()
4455 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4456 eap
="AKA'", identity
="6555444333222111",
4457 password
="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
4459 with
alloc_fail(dev
[0], 1, "eap_sim_parse_encr;eap_aka_process_reauthentication"):
4460 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
4461 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
4463 raise Exception("EAP re-authentication did not start")
4464 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
4465 dev
[0].request("REMOVE_NETWORK all")
4466 dev
[0].dump_monitor()
4468 tests
= [ (1, "eap_sim_verify_mac_sha256"),
4469 (1, "=eap_aka_process_challenge") ]
4470 for count
, func
in tests
:
4471 with
alloc_fail(dev
[0], count
, func
):
4472 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4473 eap
="AKA'", identity
="6555444333222111",
4474 password
="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
4475 erp
="1", wait_connect
=False)
4476 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
4477 dev
[0].request("REMOVE_NETWORK all")
4478 dev
[0].dump_monitor()
4480 def test_eap_proto_ikev2(dev
, apdev
):
4481 """EAP-IKEv2 protocol tests"""
4482 check_eap_capa(dev
[0], "IKEV2")
4483 def ikev2_handler(ctx
, req
):
4484 logger
.info("ikev2_handler - RX " + req
.encode("hex"))
4485 if 'num' not in ctx
:
4487 ctx
['num'] = ctx
['num'] + 1
4490 ctx
['id'] = (ctx
['id'] + 1) % 256
4495 if ctx
['num'] == idx
:
4496 logger
.info("Test: Missing payload")
4497 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
4502 if ctx
['num'] == idx
:
4503 logger
.info("Test: Truncated Message Length field")
4504 return struct
.pack(">BBHBB3B", EAP_CODE_REQUEST
, ctx
['id'],
4506 EAP_TYPE_IKEV2
, 0x80, 0, 0, 0)
4509 if ctx
['num'] == idx
:
4510 logger
.info("Test: Too short Message Length value")
4511 return struct
.pack(">BBHBBLB", EAP_CODE_REQUEST
, ctx
['id'],
4513 EAP_TYPE_IKEV2
, 0x80, 0, 1)
4516 if ctx
['num'] == idx
:
4517 logger
.info("Test: Truncated message")
4518 return struct
.pack(">BBHBBL", EAP_CODE_REQUEST
, ctx
['id'],
4520 EAP_TYPE_IKEV2
, 0x80, 1)
4523 if ctx
['num'] == idx
:
4524 logger
.info("Test: Truncated message(2)")
4525 return struct
.pack(">BBHBBL", EAP_CODE_REQUEST
, ctx
['id'],
4527 EAP_TYPE_IKEV2
, 0x80, 0xffffffff)
4530 if ctx
['num'] == idx
:
4531 logger
.info("Test: Truncated message(3)")
4532 return struct
.pack(">BBHBBL", EAP_CODE_REQUEST
, ctx
['id'],
4534 EAP_TYPE_IKEV2
, 0xc0, 0xffffffff)
4537 if ctx
['num'] == idx
:
4538 logger
.info("Test: Truncated message(4)")
4539 return struct
.pack(">BBHBBL", EAP_CODE_REQUEST
, ctx
['id'],
4541 EAP_TYPE_IKEV2
, 0xc0, 10000000)
4544 if ctx
['num'] == idx
:
4545 logger
.info("Test: Too long fragments (first fragment)")
4546 return struct
.pack(">BBHBBLB", EAP_CODE_REQUEST
, ctx
['id'],
4548 EAP_TYPE_IKEV2
, 0xc0, 2, 1)
4551 if ctx
['num'] == idx
:
4552 logger
.info("Test: Too long fragments (second fragment)")
4553 return struct
.pack(">BBHBB2B", EAP_CODE_REQUEST
, ctx
['id'],
4555 EAP_TYPE_IKEV2
, 0x00, 2, 3)
4558 if ctx
['num'] == idx
:
4559 logger
.info("Test: No Message Length field in first fragment")
4560 return struct
.pack(">BBHBBB", EAP_CODE_REQUEST
, ctx
['id'],
4562 EAP_TYPE_IKEV2
, 0x40, 1)
4565 if ctx
['num'] == idx
:
4566 logger
.info("Test: ICV before keys")
4567 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
4569 EAP_TYPE_IKEV2
, 0x20)
4572 if ctx
['num'] == idx
:
4573 logger
.info("Test: Unsupported IKEv2 header version")
4574 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
4576 EAP_TYPE_IKEV2
, 0x00,
4581 if ctx
['num'] == idx
:
4582 logger
.info("Test: Incorrect IKEv2 header Length")
4583 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
4585 EAP_TYPE_IKEV2
, 0x00,
4587 0, 0x20, 0, 0, 0, 0)
4590 if ctx
['num'] == idx
:
4591 logger
.info("Test: Unexpected IKEv2 Exchange Type in SA_INIT state")
4592 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
4594 EAP_TYPE_IKEV2
, 0x00,
4596 0, 0x20, 0, 0, 0, 28)
4599 if ctx
['num'] == idx
:
4600 logger
.info("Test: Unexpected IKEv2 Message ID in SA_INIT state")
4601 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
4603 EAP_TYPE_IKEV2
, 0x00,
4605 0, 0x20, 34, 0, 1, 28)
4608 if ctx
['num'] == idx
:
4609 logger
.info("Test: Unexpected IKEv2 Flags value")
4610 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
4612 EAP_TYPE_IKEV2
, 0x00,
4614 0, 0x20, 34, 0, 0, 28)
4617 if ctx
['num'] == idx
:
4618 logger
.info("Test: Unexpected IKEv2 Flags value(2)")
4619 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
4621 EAP_TYPE_IKEV2
, 0x00,
4623 0, 0x20, 34, 0x20, 0, 28)
4626 if ctx
['num'] == idx
:
4627 logger
.info("Test: No SAi1 in SA_INIT")
4628 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, ctx
['id'],
4630 EAP_TYPE_IKEV2
, 0x00,
4632 0, 0x20, 34, 0x08, 0, 28)
4634 def build_ike(id, next
=0, exch_type
=34, flags
=0x00, ike
=''):
4635 return struct
.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST
, id,
4636 4 + 1 + 1 + 28 + len(ike
),
4637 EAP_TYPE_IKEV2
, flags
,
4639 next
, 0x20, exch_type
, 0x08, 0,
4640 28 + len(ike
)) + ike
4643 if ctx
['num'] == idx
:
4644 logger
.info("Test: Unexpected extra data after payloads")
4645 return build_ike(ctx
['id'], ike
=struct
.pack(">B", 1))
4648 if ctx
['num'] == idx
:
4649 logger
.info("Test: Truncated payload header")
4650 return build_ike(ctx
['id'], next
=128, ike
=struct
.pack(">B", 1))
4653 if ctx
['num'] == idx
:
4654 logger
.info("Test: Too small payload header length")
4655 ike
= struct
.pack(">BBH", 0, 0, 3)
4656 return build_ike(ctx
['id'], next
=128, ike
=ike
)
4659 if ctx
['num'] == idx
:
4660 logger
.info("Test: Too large payload header length")
4661 ike
= struct
.pack(">BBH", 0, 0, 5)
4662 return build_ike(ctx
['id'], next
=128, ike
=ike
)
4665 if ctx
['num'] == idx
:
4666 logger
.info("Test: Unsupported payload (non-critical and critical)")
4667 ike
= struct
.pack(">BBHBBH", 129, 0, 4, 0, 0x01, 4)
4668 return build_ike(ctx
['id'], next
=128, ike
=ike
)
4671 if ctx
['num'] == idx
:
4672 logger
.info("Test: Certificate and empty SAi1")
4673 ike
= struct
.pack(">BBHBBH", 33, 0, 4, 0, 0, 4)
4674 return build_ike(ctx
['id'], next
=37, ike
=ike
)
4677 if ctx
['num'] == idx
:
4678 logger
.info("Test: Too short proposal")
4679 ike
= struct
.pack(">BBHBBHBBB", 0, 0, 4 + 7,
4681 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4684 if ctx
['num'] == idx
:
4685 logger
.info("Test: Too small proposal length in SAi1")
4686 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4687 0, 0, 7, 0, 0, 0, 0)
4688 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4691 if ctx
['num'] == idx
:
4692 logger
.info("Test: Too large proposal length in SAi1")
4693 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4694 0, 0, 9, 0, 0, 0, 0)
4695 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4698 if ctx
['num'] == idx
:
4699 logger
.info("Test: Unexpected proposal type in SAi1")
4700 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4701 1, 0, 8, 0, 0, 0, 0)
4702 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4705 if ctx
['num'] == idx
:
4706 logger
.info("Test: Unexpected Protocol ID in SAi1")
4707 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4708 0, 0, 8, 0, 0, 0, 0)
4709 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4712 if ctx
['num'] == idx
:
4713 logger
.info("Test: Unexpected proposal number in SAi1")
4714 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4715 0, 0, 8, 0, 1, 0, 0)
4716 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4719 if ctx
['num'] == idx
:
4720 logger
.info("Test: Not enough room for SPI in SAi1")
4721 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4722 0, 0, 8, 1, 1, 1, 0)
4723 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4726 if ctx
['num'] == idx
:
4727 logger
.info("Test: Unexpected SPI in SAi1")
4728 ike
= struct
.pack(">BBHBBHBBBBB", 0, 0, 4 + 9,
4729 0, 0, 9, 1, 1, 1, 0, 1)
4730 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4733 if ctx
['num'] == idx
:
4734 logger
.info("Test: No transforms in SAi1")
4735 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4736 0, 0, 8, 1, 1, 0, 0)
4737 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4740 if ctx
['num'] == idx
:
4741 logger
.info("Test: Too short transform in SAi1")
4742 ike
= struct
.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
4743 0, 0, 8, 1, 1, 0, 1)
4744 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4747 if ctx
['num'] == idx
:
4748 logger
.info("Test: Too small transform length in SAi1")
4749 ike
= struct
.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
4750 0, 0, 8 + 8, 1, 1, 0, 1,
4752 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4755 if ctx
['num'] == idx
:
4756 logger
.info("Test: Too large transform length in SAi1")
4757 ike
= struct
.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
4758 0, 0, 8 + 8, 1, 1, 0, 1,
4760 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4763 if ctx
['num'] == idx
:
4764 logger
.info("Test: Unexpected Transform type in SAi1")
4765 ike
= struct
.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
4766 0, 0, 8 + 8, 1, 1, 0, 1,
4768 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4771 if ctx
['num'] == idx
:
4772 logger
.info("Test: No transform attributes in SAi1")
4773 ike
= struct
.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
4774 0, 0, 8 + 8, 1, 1, 0, 1,
4776 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4779 if ctx
['num'] == idx
:
4780 logger
.info("Test: No transform attr for AES and unexpected data after transforms in SAi1")
4784 tlen
= tlen1
+ tlen2
+ tlen3
4785 ike
= struct
.pack(">BBHBBHBBBBBBHBBH3BBBHBBHHHBBHBBHHHB",
4786 0, 0, 4 + 8 + tlen
+ 1,
4787 0, 0, 8 + tlen
+ 1, 1, 1, 0, 3,
4788 3, 0, tlen1
, 1, 0, 12, 1, 2, 3,
4789 3, 0, tlen2
, 1, 0, 12, 0, 128,
4790 0, 0, tlen3
, 1, 0, 12, 0x8000 |
14, 127,
4792 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4794 def build_sa(next
=0):
4796 return struct
.pack(">BBHBBHBBBBBBHBBHBBHBBHBBHBBHBBHBBHBBHBBH",
4797 next
, 0, 4 + 8 + tlen
,
4798 0, 0, 8 + tlen
, 1, 1, 0, 5,
4806 if ctx
['num'] == idx
:
4807 logger
.info("Test: Valid proposal, but no KEi in SAi1")
4809 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4812 if ctx
['num'] == idx
:
4813 logger
.info("Test: Empty KEi in SAi1")
4814 ike
= build_sa(next
=34) + struct
.pack(">BBH", 0, 0, 4)
4815 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4818 if ctx
['num'] == idx
:
4819 logger
.info("Test: Mismatch in DH Group in SAi1")
4820 ike
= build_sa(next
=34)
4821 ike
+= struct
.pack(">BBHHH", 0, 0, 4 + 4 + 96, 12345, 0)
4823 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4825 if ctx
['num'] == idx
:
4826 logger
.info("Test: EAP-Failure")
4827 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4830 if ctx
['num'] == idx
:
4831 logger
.info("Test: Invalid DH public value length in SAi1")
4832 ike
= build_sa(next
=34)
4833 ike
+= struct
.pack(">BBHHH", 0, 0, 4 + 4 + 96, 5, 0)
4835 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4837 def build_ke(next
=0):
4838 ke
= struct
.pack(">BBHHH", next
, 0, 4 + 4 + 192, 5, 0)
4843 if ctx
['num'] == idx
:
4844 logger
.info("Test: Valid proposal and KEi, but no Ni in SAi1")
4845 ike
= build_sa(next
=34)
4847 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4850 if ctx
['num'] == idx
:
4851 logger
.info("Test: Too short Ni in SAi1")
4852 ike
= build_sa(next
=34)
4853 ike
+= build_ke(next
=40)
4854 ike
+= struct
.pack(">BBH", 0, 0, 4)
4855 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4858 if ctx
['num'] == idx
:
4859 logger
.info("Test: Too long Ni in SAi1")
4860 ike
= build_sa(next
=34)
4861 ike
+= build_ke(next
=40)
4862 ike
+= struct
.pack(">BBH", 0, 0, 4 + 257) + 257*'\x00'
4863 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4865 def build_ni(next
=0):
4866 return struct
.pack(">BBH", next
, 0, 4 + 256) + 256*'\x00'
4869 ike
= build_sa(next
=34)
4870 ike
+= build_ke(next
=40)
4872 return build_ike(ctx
['id'], next
=33, ike
=ike
)
4875 if ctx
['num'] == idx
:
4876 logger
.info("Test: Valid proposal, KEi, and Ni in SAi1")
4877 return build_sai1(ctx
['id'])
4879 if ctx
['num'] == idx
:
4880 logger
.info("Test: EAP-Failure")
4881 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
4884 if ctx
['num'] == idx
:
4885 logger
.info("Test: Valid proposal, KEi, and Ni in SAi1")
4886 return build_sai1(ctx
['id'])
4888 if ctx
['num'] == idx
:
4889 logger
.info("Test: No integrity checksum")
4891 return build_ike(ctx
['id'], next
=37, ike
=ike
)
4894 if ctx
['num'] == idx
:
4895 logger
.info("Test: Valid proposal, KEi, and Ni in SAi1")
4896 return build_sai1(ctx
['id'])
4898 if ctx
['num'] == idx
:
4899 logger
.info("Test: Truncated integrity checksum")
4900 return struct
.pack(">BBHBB",
4901 EAP_CODE_REQUEST
, ctx
['id'],
4903 EAP_TYPE_IKEV2
, 0x20)
4906 if ctx
['num'] == idx
:
4907 logger
.info("Test: Valid proposal, KEi, and Ni in SAi1")
4908 return build_sai1(ctx
['id'])
4910 if ctx
['num'] == idx
:
4911 logger
.info("Test: Invalid integrity checksum")
4913 return build_ike(ctx
['id'], next
=37, flags
=0x20, ike
=ike
)
4917 srv
= start_radius_server(ikev2_handler
)
4920 hapd
= start_ap(apdev
[0]['ifname'])
4923 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4924 eap
="IKEV2", identity
="user",
4925 password
="password",
4927 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
4930 raise Exception("Timeout on EAP start")
4932 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
4935 raise Exception("Timeout on EAP failure")
4938 dev
[0].request("REMOVE_NETWORK all")
4940 stop_radius_server(srv
)
4942 def NtPasswordHash(password
):
4943 pw
= password
.encode('utf_16_le')
4944 return hashlib
.new('md4', pw
).digest()
4946 def HashNtPasswordHash(password_hash
):
4947 return hashlib
.new('md4', password_hash
).digest()
4949 def ChallengeHash(peer_challenge
, auth_challenge
, username
):
4950 data
= peer_challenge
+ auth_challenge
+ username
4951 return hashlib
.sha1(data
).digest()[0:8]
4953 def GenerateAuthenticatorResponse(password
, nt_response
, peer_challenge
,
4954 auth_challenge
, username
):
4955 magic1
= binascii
.unhexlify("4D616769632073657276657220746F20636C69656E74207369676E696E6720636F6E7374616E74")
4956 magic2
= binascii
.unhexlify("50616420746F206D616B6520697420646F206D6F7265207468616E206F6E6520697465726174696F6E")
4958 password_hash
= NtPasswordHash(password
)
4959 password_hash_hash
= HashNtPasswordHash(password_hash
)
4960 data
= password_hash_hash
+ nt_response
+ magic1
4961 digest
= hashlib
.sha1(data
).digest()
4963 challenge
= ChallengeHash(peer_challenge
, auth_challenge
, username
)
4965 data
= digest
+ challenge
+ magic2
4966 resp
= hashlib
.sha1(data
).digest()
4969 def test_eap_proto_ikev2_errors(dev
, apdev
):
4970 """EAP-IKEv2 local error cases"""
4971 check_eap_capa(dev
[0], "IKEV2")
4972 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
4973 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
4975 for i
in range(1, 5):
4976 with
alloc_fail(dev
[0], i
, "eap_ikev2_init"):
4977 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
4978 eap
="IKEV2", identity
="ikev2 user",
4979 password
="ike password",
4981 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
4984 raise Exception("Timeout on EAP start")
4985 dev
[0].request("REMOVE_NETWORK all")
4986 dev
[0].wait_disconnected()
4988 tests
= [ (1, "ikev2_encr_encrypt"),
4989 (1, "ikev2_encr_decrypt"),
4990 (1, "ikev2_derive_auth_data"),
4991 (2, "ikev2_derive_auth_data"),
4992 (1, "=ikev2_decrypt_payload"),
4993 (1, "ikev2_encr_decrypt;ikev2_decrypt_payload"),
4994 (1, "ikev2_encr_encrypt;ikev2_build_encrypted"),
4995 (1, "ikev2_derive_sk_keys"),
4996 (2, "ikev2_derive_sk_keys"),
4997 (3, "ikev2_derive_sk_keys"),
4998 (4, "ikev2_derive_sk_keys"),
4999 (5, "ikev2_derive_sk_keys"),
5000 (6, "ikev2_derive_sk_keys"),
5001 (7, "ikev2_derive_sk_keys"),
5002 (8, "ikev2_derive_sk_keys"),
5003 (1, "eap_ikev2_derive_keymat;eap_ikev2_peer_keymat"),
5004 (1, "eap_msg_alloc;eap_ikev2_build_msg"),
5005 (1, "eap_ikev2_getKey"),
5006 (1, "eap_ikev2_get_emsk"),
5007 (1, "eap_ikev2_get_session_id"),
5008 (1, "=ikev2_derive_keys"),
5009 (2, "=ikev2_derive_keys"),
5010 (1, "wpabuf_alloc;ikev2_process_kei"),
5011 (1, "=ikev2_process_idi"),
5012 (1, "ikev2_derive_auth_data;ikev2_build_auth"),
5013 (1, "wpabuf_alloc;ikev2_build_sa_init"),
5014 (2, "wpabuf_alloc;ikev2_build_sa_init"),
5015 (3, "wpabuf_alloc;ikev2_build_sa_init"),
5016 (4, "wpabuf_alloc;ikev2_build_sa_init"),
5017 (5, "wpabuf_alloc;ikev2_build_sa_init"),
5018 (6, "wpabuf_alloc;ikev2_build_sa_init"),
5019 (1, "wpabuf_alloc;ikev2_build_sa_auth"),
5020 (2, "wpabuf_alloc;ikev2_build_sa_auth"),
5021 (1, "ikev2_build_auth;ikev2_build_sa_auth") ]
5022 for count
, func
in tests
:
5023 with
alloc_fail(dev
[0], count
, func
):
5024 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5025 eap
="IKEV2", identity
="ikev2 user",
5026 password
="ike password", erp
="1", wait_connect
=False)
5027 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5030 raise Exception("Timeout on EAP start")
5033 state
= dev
[0].request('GET_ALLOC_FAIL')
5034 if state
.startswith('0:'):
5039 raise Exception("No allocation failure seen for %d:%s" % (count
, func
))
5040 dev
[0].request("REMOVE_NETWORK all")
5041 dev
[0].wait_disconnected()
5043 tests
= [ (1, "wpabuf_alloc;ikev2_build_notify"),
5044 (2, "wpabuf_alloc;ikev2_build_notify"),
5045 (1, "ikev2_build_encrypted;ikev2_build_notify") ]
5046 for count
, func
in tests
:
5047 with
alloc_fail(dev
[0], count
, func
):
5048 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5049 eap
="IKEV2", identity
="ikev2 user",
5050 password
="wrong password", erp
="1",
5052 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5055 raise Exception("Timeout on EAP start")
5058 state
= dev
[0].request('GET_ALLOC_FAIL')
5059 if state
.startswith('0:'):
5064 raise Exception("No allocation failure seen for %d:%s" % (count
, func
))
5065 dev
[0].request("REMOVE_NETWORK all")
5066 dev
[0].wait_disconnected()
5068 tests
= [ (1, "ikev2_integ_hash"),
5069 (1, "ikev2_integ_hash;ikev2_decrypt_payload"),
5070 (1, "os_get_random;ikev2_build_encrypted"),
5071 (1, "ikev2_prf_plus;ikev2_derive_sk_keys"),
5072 (1, "eap_ikev2_derive_keymat;eap_ikev2_peer_keymat"),
5073 (1, "os_get_random;ikev2_build_sa_init"),
5074 (2, "os_get_random;ikev2_build_sa_init"),
5075 (1, "ikev2_integ_hash;eap_ikev2_validate_icv"),
5076 (1, "hmac_sha1_vector;?ikev2_prf_hash;ikev2_derive_keys"),
5077 (1, "hmac_sha1_vector;?ikev2_prf_hash;ikev2_derive_auth_data"),
5078 (2, "hmac_sha1_vector;?ikev2_prf_hash;ikev2_derive_auth_data"),
5079 (3, "hmac_sha1_vector;?ikev2_prf_hash;ikev2_derive_auth_data") ]
5080 for count
, func
in tests
:
5081 with
fail_test(dev
[0], count
, func
):
5082 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5083 eap
="IKEV2", identity
="ikev2 user",
5084 password
="ike password", wait_connect
=False)
5085 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5088 raise Exception("Timeout on EAP start")
5091 state
= dev
[0].request('GET_FAIL')
5092 if state
.startswith('0:'):
5097 raise Exception("No failure seen for %d:%s" % (count
, func
))
5098 dev
[0].request("REMOVE_NETWORK all")
5099 dev
[0].wait_disconnected()
5101 params
= { "ssid": "eap-test2", "wpa": "2", "wpa_key_mgmt": "WPA-EAP",
5102 "rsn_pairwise": "CCMP", "ieee8021x": "1",
5103 "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf",
5104 "fragment_size": "50" }
5105 hostapd
.add_ap(apdev
[1]['ifname'], params
)
5107 tests
= [ (1, "eap_ikev2_build_frag_ack"),
5108 (1, "wpabuf_alloc;eap_ikev2_process_fragment") ]
5109 for count
, func
in tests
:
5110 with
alloc_fail(dev
[0], count
, func
):
5111 dev
[0].connect("eap-test2", key_mgmt
="WPA-EAP", scan_freq
="2412",
5112 eap
="IKEV2", identity
="ikev2 user",
5113 password
="ike password", erp
="1", wait_connect
=False)
5114 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5117 raise Exception("Timeout on EAP start")
5120 state
= dev
[0].request('GET_ALLOC_FAIL')
5121 if state
.startswith('0:'):
5126 raise Exception("No allocation failure seen for %d:%s" % (count
, func
))
5127 dev
[0].request("REMOVE_NETWORK all")
5128 dev
[0].wait_disconnected()
5130 def test_eap_proto_mschapv2(dev
, apdev
):
5131 """EAP-MSCHAPv2 protocol tests"""
5132 check_eap_capa(dev
[0], "MSCHAPV2")
5134 def mschapv2_handler(ctx
, req
):
5135 logger
.info("mschapv2_handler - RX " + req
.encode("hex"))
5136 if 'num' not in ctx
:
5138 ctx
['num'] = ctx
['num'] + 1
5141 ctx
['id'] = (ctx
['id'] + 1) % 256
5145 if ctx
['num'] == idx
:
5146 logger
.info("Test: Missing payload")
5147 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5152 if ctx
['num'] == idx
:
5153 logger
.info("Test: Unknown MSCHAPv2 op_code")
5154 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5160 if ctx
['num'] == idx
:
5161 logger
.info("Test: Invalid ms_len and unknown MSCHAPv2 op_code")
5162 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5168 if ctx
['num'] == idx
:
5169 logger
.info("Test: Success before challenge")
5170 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5176 if ctx
['num'] == idx
:
5177 logger
.info("Test: Failure before challenge - required challenge field not present")
5178 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5183 if ctx
['num'] == idx
:
5184 logger
.info("Test: Failure")
5185 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
5188 if ctx
['num'] == idx
:
5189 logger
.info("Test: Failure before challenge - invalid failure challenge len")
5191 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5192 4 + 1 + 4 + len(payload
),
5194 4, 0, 4 + len(payload
)) + payload
5196 if ctx
['num'] == idx
:
5197 logger
.info("Test: Failure")
5198 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
5201 if ctx
['num'] == idx
:
5202 logger
.info("Test: Failure before challenge - invalid failure challenge len")
5203 payload
= 'C=12 V=3'
5204 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5205 4 + 1 + 4 + len(payload
),
5207 4, 0, 4 + len(payload
)) + payload
5209 if ctx
['num'] == idx
:
5210 logger
.info("Test: Failure")
5211 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
5214 if ctx
['num'] == idx
:
5215 logger
.info("Test: Failure before challenge - invalid failure challenge")
5216 payload
= 'C=00112233445566778899aabbccddeefQ '
5217 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5218 4 + 1 + 4 + len(payload
),
5220 4, 0, 4 + len(payload
)) + payload
5222 if ctx
['num'] == idx
:
5223 logger
.info("Test: Failure")
5224 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
5227 if ctx
['num'] == idx
:
5228 logger
.info("Test: Failure before challenge - password expired")
5229 payload
= 'E=648 R=1 C=00112233445566778899aabbccddeeff V=3 M=Password expired'
5230 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5231 4 + 1 + 4 + len(payload
),
5233 4, 0, 4 + len(payload
)) + payload
5235 if ctx
['num'] == idx
:
5236 logger
.info("Test: Success after password change")
5237 payload
= "S=1122334455667788990011223344556677889900"
5238 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5239 4 + 1 + 4 + len(payload
),
5241 3, 0, 4 + len(payload
)) + payload
5244 if ctx
['num'] == idx
:
5245 logger
.info("Test: Invalid challenge length")
5246 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5252 if ctx
['num'] == idx
:
5253 logger
.info("Test: Too short challenge packet")
5254 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5260 if ctx
['num'] == idx
:
5261 logger
.info("Test: Challenge")
5262 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5263 4 + 1 + 4 + 1 + 16 + 6,
5265 1, 0, 4 + 1 + 16 + 6, 16) + 16*'A' + 'foobar'
5267 if ctx
['num'] == idx
:
5268 logger
.info("Test: Failure - password expired")
5269 payload
= 'E=648 R=1 C=00112233445566778899aabbccddeeff V=3 M=Password expired'
5270 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5271 4 + 1 + 4 + len(payload
),
5273 4, 0, 4 + len(payload
)) + payload
5275 if ctx
['num'] == idx
:
5276 logger
.info("Test: Success after password change")
5278 logger
.info("Unexpected Change-Password packet length: %s" % len(req
))
5281 enc_pw
= data
[0:516]
5283 enc_hash
= data
[0:16]
5285 peer_challenge
= data
[0:16]
5289 nt_response
= data
[0:24]
5292 logger
.info("enc_hash: " + enc_hash
.encode("hex"))
5293 logger
.info("peer_challenge: " + peer_challenge
.encode("hex"))
5294 logger
.info("nt_response: " + nt_response
.encode("hex"))
5295 logger
.info("flags: " + flags
.encode("hex"))
5297 auth_challenge
= binascii
.unhexlify("00112233445566778899aabbccddeeff")
5298 logger
.info("auth_challenge: " + auth_challenge
.encode("hex"))
5300 auth_resp
= GenerateAuthenticatorResponse("new-pw", nt_response
,
5302 auth_challenge
, "user")
5303 payload
= "S=" + auth_resp
.encode('hex').upper()
5304 logger
.info("Success message payload: " + payload
)
5305 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5306 4 + 1 + 4 + len(payload
),
5308 3, 0, 4 + len(payload
)) + payload
5310 if ctx
['num'] == idx
:
5311 logger
.info("Test: EAP-Success")
5312 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'], 4)
5315 if ctx
['num'] == idx
:
5316 logger
.info("Test: Failure - password expired")
5317 payload
= 'E=648 R=1 C=00112233445566778899aabbccddeeff V=3 M=Password expired'
5318 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5319 4 + 1 + 4 + len(payload
),
5321 4, 0, 4 + len(payload
)) + payload
5323 if ctx
['num'] == idx
:
5324 logger
.info("Test: Success after password change")
5326 logger
.info("Unexpected Change-Password packet length: %s" % len(req
))
5329 enc_pw
= data
[0:516]
5331 enc_hash
= data
[0:16]
5333 peer_challenge
= data
[0:16]
5337 nt_response
= data
[0:24]
5340 logger
.info("enc_hash: " + enc_hash
.encode("hex"))
5341 logger
.info("peer_challenge: " + peer_challenge
.encode("hex"))
5342 logger
.info("nt_response: " + nt_response
.encode("hex"))
5343 logger
.info("flags: " + flags
.encode("hex"))
5345 auth_challenge
= binascii
.unhexlify("00112233445566778899aabbccddeeff")
5346 logger
.info("auth_challenge: " + auth_challenge
.encode("hex"))
5348 auth_resp
= GenerateAuthenticatorResponse("new-pw", nt_response
,
5350 auth_challenge
, "user")
5351 payload
= "S=" + auth_resp
.encode('hex').upper()
5352 logger
.info("Success message payload: " + payload
)
5353 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5354 4 + 1 + 4 + len(payload
),
5356 3, 0, 4 + len(payload
)) + payload
5358 if ctx
['num'] == idx
:
5359 logger
.info("Test: EAP-Success")
5360 return struct
.pack(">BBH", EAP_CODE_SUCCESS
, ctx
['id'], 4)
5363 if ctx
['num'] == idx
:
5364 logger
.info("Test: Challenge")
5365 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5366 4 + 1 + 4 + 1 + 16 + 6,
5368 1, 0, 4 + 1 + 16 + 6, 16) + 16*'A' + 'foobar'
5370 if ctx
['num'] == idx
:
5371 logger
.info("Test: Failure - authentication failure")
5372 payload
= 'E=691 R=1 C=00112233445566778899aabbccddeeff V=3 M=Authentication failed'
5373 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5374 4 + 1 + 4 + len(payload
),
5376 4, 0, 4 + len(payload
)) + payload
5379 if ctx
['num'] == idx
:
5380 logger
.info("Test: Challenge")
5381 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
5382 4 + 1 + 4 + 1 + 16 + 6,
5384 1, 0, 4 + 1 + 16 + 6, 16) + 16*'A' + 'foobar'
5386 if ctx
['num'] == idx
:
5387 logger
.info("Test: Failure - authentication failure")
5388 payload
= 'E=691 R=1 C=00112233445566778899aabbccddeeff V=3 M=Authentication failed (2)'
5389 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5390 4 + 1 + 4 + len(payload
),
5392 4, 0, 4 + len(payload
)) + payload
5394 if ctx
['num'] == idx
:
5395 logger
.info("Test: Failure")
5396 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
5400 srv
= start_radius_server(mschapv2_handler
)
5403 hapd
= start_ap(apdev
[0]['ifname'])
5405 for i
in range(0, 15):
5406 logger
.info("RUN: %d" % i
)
5408 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5409 eap
="MSCHAPV2", identity
="user",
5410 password_hex
="hash:8846f7eaee8fb117ad06bdd830b7586c",
5413 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5414 eap
="MSCHAPV2", identity
="user",
5415 phase2
="mschapv2_retry=0",
5416 password
="password", wait_connect
=False)
5418 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5419 eap
="MSCHAPV2", identity
="user",
5420 password
="password", wait_connect
=False)
5421 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=15)
5423 raise Exception("Timeout on EAP start")
5425 if i
in [ 8, 11, 12 ]:
5426 ev
= dev
[0].wait_event(["CTRL-REQ-NEW_PASSWORD"],
5429 raise Exception("Timeout on new password request")
5430 id = ev
.split(':')[0].split('-')[-1]
5431 dev
[0].request("CTRL-RSP-NEW_PASSWORD-" + id + ":new-pw")
5433 ev
= dev
[0].wait_event(["CTRL-EVENT-PASSWORD-CHANGED"],
5436 raise Exception("Timeout on password change")
5437 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"],
5440 raise Exception("Timeout on EAP success")
5442 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
5445 raise Exception("Timeout on EAP failure")
5448 ev
= dev
[0].wait_event(["CTRL-REQ-IDENTITY"],
5451 raise Exception("Timeout on identity request")
5452 id = ev
.split(':')[0].split('-')[-1]
5453 dev
[0].request("CTRL-RSP-IDENTITY-" + id + ":user")
5455 ev
= dev
[0].wait_event(["CTRL-REQ-PASSWORD"],
5458 raise Exception("Timeout on password request")
5459 id = ev
.split(':')[0].split('-')[-1]
5460 dev
[0].request("CTRL-RSP-PASSWORD-" + id + ":password")
5462 # TODO: Does this work correctly?
5464 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
5467 raise Exception("Timeout on EAP failure")
5469 if i
in [ 4, 5, 6, 7, 14 ]:
5470 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
5473 raise Exception("Timeout on EAP failure")
5476 dev
[0].request("REMOVE_NETWORK all")
5477 dev
[0].wait_disconnected(timeout
=1)
5479 stop_radius_server(srv
)
5481 def test_eap_proto_mschapv2_errors(dev
, apdev
):
5482 """EAP-MSCHAPv2 protocol tests (error paths)"""
5483 check_eap_capa(dev
[0], "MSCHAPV2")
5485 def mschapv2_handler(ctx
, req
):
5486 logger
.info("mschapv2_handler - RX " + req
.encode("hex"))
5487 if 'num' not in ctx
:
5489 ctx
['num'] = ctx
['num'] + 1
5492 ctx
['id'] = (ctx
['id'] + 1) % 256
5496 if ctx
['num'] == idx
:
5497 logger
.info("Test: Failure before challenge - password expired")
5498 payload
= 'E=648 R=1 C=00112233445566778899aabbccddeeff V=3 M=Password expired'
5499 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5500 4 + 1 + 4 + len(payload
),
5502 4, 0, 4 + len(payload
)) + payload
5504 if ctx
['num'] == idx
:
5505 logger
.info("Test: Success after password change")
5506 payload
= "S=1122334455667788990011223344556677889900"
5507 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5508 4 + 1 + 4 + len(payload
),
5510 3, 0, 4 + len(payload
)) + payload
5513 if ctx
['num'] == idx
:
5514 logger
.info("Test: Failure before challenge - password expired")
5515 payload
= 'E=648 R=1 C=00112233445566778899aabbccddeeff V=3 M=Password expired'
5516 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5517 4 + 1 + 4 + len(payload
),
5519 4, 0, 4 + len(payload
)) + payload
5521 if ctx
['num'] == idx
:
5522 logger
.info("Test: Success after password change")
5523 payload
= "S=1122334455667788990011223344556677889900"
5524 return struct
.pack(">BBHBBBH", EAP_CODE_REQUEST
, ctx
['id'],
5525 4 + 1 + 4 + len(payload
),
5527 3, 0, 4 + len(payload
)) + payload
5531 srv
= start_radius_server(mschapv2_handler
)
5534 hapd
= start_ap(apdev
[0]['ifname'])
5536 with
fail_test(dev
[0], 1, "eap_mschapv2_change_password"):
5537 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5538 eap
="MSCHAPV2", identity
="user",
5539 password
="password", wait_connect
=False)
5540 ev
= dev
[0].wait_event(["CTRL-REQ-NEW_PASSWORD"], timeout
=10)
5542 raise Exception("Timeout on new password request")
5543 id = ev
.split(':')[0].split('-')[-1]
5544 dev
[0].request("CTRL-RSP-NEW_PASSWORD-" + id + ":new-pw")
5545 wait_fail_trigger(dev
[0], "GET_FAIL")
5546 dev
[0].request("REMOVE_NETWORK all")
5547 dev
[0].wait_disconnected(timeout
=1)
5549 with
fail_test(dev
[0], 1, "get_master_key;eap_mschapv2_change_password"):
5550 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5551 eap
="MSCHAPV2", identity
="user",
5552 password
="password", wait_connect
=False)
5553 ev
= dev
[0].wait_event(["CTRL-REQ-NEW_PASSWORD"], timeout
=10)
5555 raise Exception("Timeout on new password request")
5556 id = ev
.split(':')[0].split('-')[-1]
5557 dev
[0].request("CTRL-RSP-NEW_PASSWORD-" + id + ":new-pw")
5558 wait_fail_trigger(dev
[0], "GET_FAIL")
5559 dev
[0].request("REMOVE_NETWORK all")
5560 dev
[0].wait_disconnected(timeout
=1)
5562 stop_radius_server(srv
)
5564 def test_eap_proto_pwd(dev
, apdev
):
5565 """EAP-pwd protocol tests"""
5566 check_eap_capa(dev
[0], "PWD")
5568 global eap_proto_pwd_test_done
, eap_proto_pwd_test_wait
5569 eap_proto_pwd_test_done
= False
5570 eap_proto_pwd_test_wait
= False
5572 def pwd_handler(ctx
, req
):
5573 logger
.info("pwd_handler - RX " + req
.encode("hex"))
5574 if 'num' not in ctx
:
5576 ctx
['num'] = ctx
['num'] + 1
5579 ctx
['id'] = (ctx
['id'] + 1) % 256
5582 global eap_proto_pwd_test_wait
5583 eap_proto_pwd_test_wait
= False
5586 if ctx
['num'] == idx
:
5587 logger
.info("Test: Missing payload")
5588 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'], 4 + 1,
5592 if ctx
['num'] == idx
:
5593 logger
.info("Test: Missing Total-Length field")
5594 payload
= struct
.pack("B", 0x80)
5595 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5596 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5599 if ctx
['num'] == idx
:
5600 logger
.info("Test: Too large Total-Length")
5601 payload
= struct
.pack(">BH", 0x80, 65535)
5602 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5603 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5606 if ctx
['num'] == idx
:
5607 eap_proto_pwd_test_wait
= True
5608 logger
.info("Test: First fragment")
5609 payload
= struct
.pack(">BH", 0xc0, 10)
5610 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5611 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5613 if ctx
['num'] == idx
:
5614 logger
.info("Test: Unexpected Total-Length value in the second fragment")
5615 payload
= struct
.pack(">BH", 0x80, 0)
5616 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5617 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5620 if ctx
['num'] == idx
:
5621 logger
.info("Test: First and only fragment")
5622 payload
= struct
.pack(">BH", 0x80, 0)
5623 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5624 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5627 if ctx
['num'] == idx
:
5628 logger
.info("Test: First and only fragment with extra data")
5629 payload
= struct
.pack(">BHB", 0x80, 0, 0)
5630 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5631 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5634 if ctx
['num'] == idx
:
5635 eap_proto_pwd_test_wait
= True
5636 logger
.info("Test: First fragment")
5637 payload
= struct
.pack(">BHB", 0xc0, 2, 1)
5638 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5639 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5641 if ctx
['num'] == idx
:
5642 logger
.info("Test: Extra data in the second fragment")
5643 payload
= struct
.pack(">BBB", 0x0, 2, 3)
5644 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5645 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5648 if ctx
['num'] == idx
:
5649 logger
.info("Test: Too short id exchange")
5650 payload
= struct
.pack(">B", 0x01)
5651 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5652 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5655 if ctx
['num'] == idx
:
5656 logger
.info("Test: Unsupported rand func in id exchange")
5657 payload
= struct
.pack(">BHBBLB", 0x01, 0, 0, 0, 0, 0)
5658 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5659 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5662 if ctx
['num'] == idx
:
5663 logger
.info("Test: Unsupported prf in id exchange")
5664 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 0, 0, 0)
5665 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5666 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5669 if ctx
['num'] == idx
:
5670 logger
.info("Test: Unsupported password pre-processing technique in id exchange")
5671 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 255)
5672 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5673 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5676 if ctx
['num'] == idx
:
5677 eap_proto_pwd_test_wait
= True
5678 logger
.info("Test: Valid id exchange")
5679 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
5680 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5681 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5683 if ctx
['num'] == idx
:
5684 logger
.info("Test: Unexpected id exchange")
5685 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
5686 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5687 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5690 if ctx
['num'] == idx
:
5691 logger
.info("Test: Unexpected commit exchange")
5692 payload
= struct
.pack(">B", 0x02)
5693 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5694 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5697 if ctx
['num'] == idx
:
5698 eap_proto_pwd_test_wait
= True
5699 logger
.info("Test: Valid id exchange")
5700 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
5701 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5702 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5704 if ctx
['num'] == idx
:
5705 logger
.info("Test: Unexpected Commit payload length")
5706 payload
= struct
.pack(">B", 0x02)
5707 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5708 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5711 if ctx
['num'] == idx
:
5712 eap_proto_pwd_test_wait
= True
5713 logger
.info("Test: Valid id exchange")
5714 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
5715 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5716 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5718 if ctx
['num'] == idx
:
5719 logger
.info("Test: Commit payload with all zeros values --> Shared key at infinity")
5720 payload
= struct
.pack(">B", 0x02) + 96*'\0'
5721 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5722 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5725 if ctx
['num'] == idx
:
5726 eap_proto_pwd_test_wait
= True
5727 logger
.info("Test: Valid id exchange")
5728 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
5729 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5730 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5732 if ctx
['num'] == idx
:
5733 eap_proto_pwd_test_wait
= True
5734 logger
.info("Test: Commit payload with valid values")
5735 element
= binascii
.unhexlify("8dcab2862c5396839a6bac0c689ff03d962863108e7c275bbf1d6eedf634ee832a214db99f0d0a1a6317733eecdd97f0fc4cda19f57e1bb9bb9c8dcf8c60ba6f")
5736 scalar
= binascii
.unhexlify("450f31e058cf2ac2636a5d6e2b3c70b1fcc301957f0716e77f13aa69f9a2e5bd")
5737 payload
= struct
.pack(">B", 0x02) + element
+ scalar
5738 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5739 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5741 if ctx
['num'] == idx
:
5742 logger
.info("Test: Unexpected Confirm payload length 0")
5743 payload
= struct
.pack(">B", 0x03)
5744 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5745 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5748 if ctx
['num'] == idx
:
5749 eap_proto_pwd_test_wait
= True
5750 logger
.info("Test: Valid id exchange")
5751 payload
= struct
.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
5752 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5753 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5755 if ctx
['num'] == idx
:
5756 eap_proto_pwd_test_wait
= True
5757 logger
.info("Test: Commit payload with valid values")
5758 element
= binascii
.unhexlify("8dcab2862c5396839a6bac0c689ff03d962863108e7c275bbf1d6eedf634ee832a214db99f0d0a1a6317733eecdd97f0fc4cda19f57e1bb9bb9c8dcf8c60ba6f")
5759 scalar
= binascii
.unhexlify("450f31e058cf2ac2636a5d6e2b3c70b1fcc301957f0716e77f13aa69f9a2e5bd")
5760 payload
= struct
.pack(">B", 0x02) + element
+ scalar
5761 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5762 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5764 if ctx
['num'] == idx
:
5765 logger
.info("Test: Confirm payload with incorrect value")
5766 payload
= struct
.pack(">B", 0x03) + 32*'\0'
5767 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5768 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5771 if ctx
['num'] == idx
:
5772 logger
.info("Test: Unexpected confirm exchange")
5773 payload
= struct
.pack(">B", 0x03)
5774 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
5775 4 + 1 + len(payload
), EAP_TYPE_PWD
) + payload
5777 logger
.info("No more test responses available - test case completed")
5778 global eap_proto_pwd_test_done
5779 eap_proto_pwd_test_done
= True
5780 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
5782 srv
= start_radius_server(pwd_handler
)
5785 hapd
= start_ap(apdev
[0]['ifname'])
5788 while not eap_proto_pwd_test_done
:
5790 logger
.info("Running connection iteration %d" % i
)
5791 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5792 eap
="PWD", identity
="pwd user",
5793 password
="secret password",
5797 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STATUS",
5798 "CTRL-EVENT-EAP-PROPOSED-METHOD"],
5801 raise Exception("Timeout on EAP start")
5802 if "CTRL-EVENT-EAP-PROPOSED-METHOD" in ev
:
5805 if "CTRL-EVENT-EAP-STATUS" in ev
and "status='completion' parameter='failure'" in ev
:
5809 raise Exception("Expected EAP event not seen")
5810 if eap_proto_pwd_test_wait
:
5813 if not eap_proto_pwd_test_wait
:
5815 dev
[0].request("REMOVE_NETWORK all")
5816 dev
[0].wait_disconnected(timeout
=1)
5817 dev
[0].dump_monitor()
5819 stop_radius_server(srv
)
5821 def test_eap_proto_pwd_errors(dev
, apdev
):
5822 """EAP-pwd local error cases"""
5823 check_eap_capa(dev
[0], "PWD")
5824 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
5825 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
5827 for i
in range(1, 4):
5828 with
alloc_fail(dev
[0], i
, "eap_pwd_init"):
5829 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5830 eap
="PWD", identity
="pwd user",
5831 password
="secret password",
5833 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
5836 raise Exception("Timeout on EAP start")
5837 dev
[0].request("REMOVE_NETWORK all")
5838 dev
[0].wait_disconnected()
5840 with
alloc_fail(dev
[0], 1, "eap_pwd_get_session_id"):
5841 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5842 eap
="PWD", identity
="pwd user",
5843 password
="secret password")
5844 dev
[0].request("REMOVE_NETWORK all")
5845 dev
[0].wait_disconnected()
5847 for i
in range(1, 7):
5848 with
alloc_fail(dev
[0], i
, "eap_pwd_perform_id_exchange"):
5849 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5850 eap
="PWD", identity
="pwd user",
5851 password
="secret password",
5853 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5856 raise Exception("Timeout on EAP start")
5859 state
= dev
[0].request('GET_ALLOC_FAIL')
5860 if state
.startswith('0:'):
5865 raise Exception("No allocation failure seen")
5866 dev
[0].request("REMOVE_NETWORK all")
5867 dev
[0].wait_disconnected()
5869 with
alloc_fail(dev
[0], 1, "wpabuf_alloc;eap_pwd_perform_id_exchange"):
5870 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5871 eap
="PWD", identity
="pwd user",
5872 password
="secret password",
5874 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5877 raise Exception("Timeout on EAP start")
5878 dev
[0].request("REMOVE_NETWORK all")
5879 dev
[0].wait_disconnected()
5881 for i
in range(1, 4):
5882 with
alloc_fail(dev
[0], i
, "eap_pwd_perform_commit_exchange"):
5883 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5884 eap
="PWD", identity
="pwd user",
5885 password
="secret password",
5887 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5890 raise Exception("Timeout on EAP start")
5893 state
= dev
[0].request('GET_ALLOC_FAIL')
5894 if state
.startswith('0:'):
5899 raise Exception("No allocation failure seen")
5900 dev
[0].request("REMOVE_NETWORK all")
5901 dev
[0].wait_disconnected()
5903 for i
in range(1, 12):
5904 with
alloc_fail(dev
[0], i
, "eap_pwd_perform_confirm_exchange"):
5905 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5906 eap
="PWD", identity
="pwd user",
5907 password
="secret password",
5909 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5912 raise Exception("Timeout on EAP start")
5915 state
= dev
[0].request('GET_ALLOC_FAIL')
5916 if state
.startswith('0:'):
5921 raise Exception("No allocation failure seen")
5922 dev
[0].request("REMOVE_NETWORK all")
5923 dev
[0].wait_disconnected()
5925 for i
in range(1, 4):
5926 with
alloc_fail(dev
[0], i
, "eap_msg_alloc;=eap_pwd_process"):
5927 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5928 eap
="PWD", identity
="pwd user",
5929 password
="secret password",
5931 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
5934 raise Exception("Timeout on EAP start")
5937 state
= dev
[0].request('GET_ALLOC_FAIL')
5938 if state
.startswith('0:'):
5943 raise Exception("No allocation failure seen")
5944 dev
[0].request("REMOVE_NETWORK all")
5945 dev
[0].wait_disconnected()
5947 # No password configured
5948 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
5949 eap
="PWD", identity
="pwd user",
5951 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=52"],
5954 raise Exception("EAP-pwd not started")
5955 dev
[0].request("REMOVE_NETWORK all")
5956 dev
[0].wait_disconnected()
5958 def test_eap_proto_erp(dev
, apdev
):
5959 """ERP protocol tests"""
5960 check_erp_capa(dev
[0])
5962 global eap_proto_erp_test_done
5963 eap_proto_erp_test_done
= False
5965 def erp_handler(ctx
, req
):
5966 logger
.info("erp_handler - RX " + req
.encode("hex"))
5967 if 'num' not in ctx
:
5972 ctx
['id'] = (ctx
['id'] + 1) % 256
5976 if ctx
['num'] == idx
:
5977 logger
.info("Test: Missing type")
5978 return struct
.pack(">BBH", EAP_CODE_INITIATE
, ctx
['id'], 4)
5981 if ctx
['num'] == idx
:
5982 logger
.info("Test: Unexpected type")
5983 return struct
.pack(">BBHB", EAP_CODE_INITIATE
, ctx
['id'], 4 + 1,
5987 if ctx
['num'] == idx
:
5988 logger
.info("Test: Missing Reserved field")
5989 return struct
.pack(">BBHB", EAP_CODE_INITIATE
, ctx
['id'], 4 + 1,
5990 EAP_ERP_TYPE_REAUTH_START
)
5993 if ctx
['num'] == idx
:
5994 logger
.info("Test: Zero-length TVs/TLVs")
5996 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
5997 4 + 1 + 1 + len(payload
),
5998 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6001 if ctx
['num'] == idx
:
6002 logger
.info("Test: Too short TLV")
6003 payload
= struct
.pack("B", 191)
6004 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
6005 4 + 1 + 1 + len(payload
),
6006 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6009 if ctx
['num'] == idx
:
6010 logger
.info("Test: Truncated TLV")
6011 payload
= struct
.pack("BB", 191, 1)
6012 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
6013 4 + 1 + 1 + len(payload
),
6014 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6017 if ctx
['num'] == idx
:
6018 logger
.info("Test: Ignored unknown TLV and unknown TV/TLV terminating parsing")
6019 payload
= struct
.pack("BBB", 191, 0, 192)
6020 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
6021 4 + 1 + 1 + len(payload
),
6022 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6025 if ctx
['num'] == idx
:
6026 logger
.info("Test: More than one keyName-NAI")
6027 payload
= struct
.pack("BBBB", EAP_ERP_TLV_KEYNAME_NAI
, 0,
6028 EAP_ERP_TLV_KEYNAME_NAI
, 0)
6029 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
6030 4 + 1 + 1 + len(payload
),
6031 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6034 if ctx
['num'] == idx
:
6035 logger
.info("Test: Too short TLV keyName-NAI")
6036 payload
= struct
.pack("B", EAP_ERP_TLV_KEYNAME_NAI
)
6037 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
6038 4 + 1 + 1 + len(payload
),
6039 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6042 if ctx
['num'] == idx
:
6043 logger
.info("Test: Truncated TLV keyName-NAI")
6044 payload
= struct
.pack("BB", EAP_ERP_TLV_KEYNAME_NAI
, 1)
6045 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
6046 4 + 1 + 1 + len(payload
),
6047 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6050 if ctx
['num'] == idx
:
6051 logger
.info("Test: Valid rRK lifetime TV followed by too short rMSK lifetime TV")
6052 payload
= struct
.pack(">BLBH", EAP_ERP_TV_RRK_LIFETIME
, 0,
6053 EAP_ERP_TV_RMSK_LIFETIME
, 0)
6054 return struct
.pack(">BBHBB", EAP_CODE_INITIATE
, ctx
['id'],
6055 4 + 1 + 1 + len(payload
),
6056 EAP_ERP_TYPE_REAUTH_START
, 0) + payload
6059 if ctx
['num'] == idx
:
6060 logger
.info("Test: Missing type (Finish)")
6061 return struct
.pack(">BBH", EAP_CODE_FINISH
, ctx
['id'], 4)
6064 if ctx
['num'] == idx
:
6065 logger
.info("Test: Unexpected type (Finish)")
6066 return struct
.pack(">BBHB", EAP_CODE_FINISH
, ctx
['id'], 4 + 1,
6070 if ctx
['num'] == idx
:
6071 logger
.info("Test: Missing fields (Finish)")
6072 return struct
.pack(">BBHB", EAP_CODE_FINISH
, ctx
['id'], 4 + 1,
6073 EAP_ERP_TYPE_REAUTH
)
6076 if ctx
['num'] == idx
:
6077 logger
.info("Test: Unexpected SEQ (Finish)")
6078 return struct
.pack(">BBHBBHB", EAP_CODE_FINISH
, ctx
['id'],
6080 EAP_ERP_TYPE_REAUTH
, 0, 0xffff, 0)
6082 logger
.info("No more test responses available - test case completed")
6083 global eap_proto_erp_test_done
6084 eap_proto_erp_test_done
= True
6085 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6087 srv
= start_radius_server(erp_handler
)
6090 hapd
= start_ap(apdev
[0]['ifname'])
6093 while not eap_proto_erp_test_done
:
6095 logger
.info("Running connection iteration %d" % i
)
6096 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6097 eap
="PAX", identity
="pax.user@example.com",
6098 password_hex
="0123456789abcdef0123456789abcdef",
6100 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
6102 raise Exception("Timeout on EAP start")
6104 dev
[0].request("REMOVE_NETWORK all")
6105 dev
[0].wait_disconnected(timeout
=1)
6106 dev
[0].dump_monitor()
6108 stop_radius_server(srv
)
6110 def test_eap_proto_fast_errors(dev
, apdev
):
6111 """EAP-FAST local error cases"""
6112 check_eap_capa(dev
[0], "FAST")
6113 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
6114 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
6116 for i
in range(1, 5):
6117 with
alloc_fail(dev
[0], i
, "eap_fast_init"):
6118 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6119 eap
="FAST", anonymous_identity
="FAST",
6120 identity
="user", password
="password",
6121 ca_cert
="auth_serv/ca.pem", phase2
="auth=GTC",
6122 phase1
="fast_provisioning=2",
6123 pac_file
="blob://fast_pac_auth",
6125 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
6128 raise Exception("Timeout on EAP start")
6129 dev
[0].request("REMOVE_NETWORK all")
6130 dev
[0].wait_disconnected()
6132 tests
= [ (1, "wpabuf_alloc;eap_fast_tlv_eap_payload"),
6133 (1, "eap_fast_derive_key;eap_fast_derive_key_auth"),
6134 (1, "eap_msg_alloc;eap_peer_tls_phase2_nak"),
6135 (1, "wpabuf_alloc;eap_fast_tlv_result"),
6136 (1, "wpabuf_alloc;eap_fast_tlv_pac_ack"),
6137 (1, "=eap_peer_tls_derive_session_id;eap_fast_process_crypto_binding"),
6138 (1, "eap_peer_tls_decrypt;eap_fast_decrypt"),
6139 (1, "eap_fast_getKey"),
6140 (1, "eap_fast_get_session_id"),
6141 (1, "eap_fast_get_emsk") ]
6142 for count
, func
in tests
:
6143 dev
[0].request("SET blob fast_pac_auth_errors ")
6144 with
alloc_fail(dev
[0], count
, func
):
6145 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6146 eap
="FAST", anonymous_identity
="FAST",
6147 identity
="user", password
="password",
6148 ca_cert
="auth_serv/ca.pem", phase2
="auth=GTC",
6149 phase1
="fast_provisioning=2",
6150 pac_file
="blob://fast_pac_auth_errors",
6153 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6156 raise Exception("Timeout on EAP start")
6157 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
6158 dev
[0].request("REMOVE_NETWORK all")
6159 dev
[0].wait_disconnected()
6161 tests
= [ (1, "eap_fast_derive_key;eap_fast_derive_key_provisioning"),
6162 (1, "eap_mschapv2_getKey;eap_fast_get_phase2_key"),
6163 (1, "=eap_fast_use_pac_opaque"),
6164 (1, "eap_fast_copy_buf"),
6165 (1, "=eap_fast_add_pac"),
6166 (1, "=eap_fast_init_pac_data"),
6167 (1, "=eap_fast_write_pac"),
6168 (2, "=eap_fast_write_pac") ]
6169 for count
, func
in tests
:
6170 dev
[0].request("SET blob fast_pac_errors ")
6171 with
alloc_fail(dev
[0], count
, func
):
6172 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6173 eap
="FAST", anonymous_identity
="FAST",
6174 identity
="user", password
="password",
6175 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
6176 phase1
="fast_provisioning=1",
6177 pac_file
="blob://fast_pac_errors",
6180 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6183 raise Exception("Timeout on EAP start")
6184 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
6185 dev
[0].request("REMOVE_NETWORK all")
6186 dev
[0].wait_disconnected()
6188 tests
= [ (1, "eap_fast_get_cmk;eap_fast_process_crypto_binding"),
6189 (1, "eap_fast_derive_eap_msk;eap_fast_process_crypto_binding"),
6190 (1, "eap_fast_derive_eap_emsk;eap_fast_process_crypto_binding") ]
6191 for count
, func
in tests
:
6192 dev
[0].request("SET blob fast_pac_auth_errors ")
6193 with
fail_test(dev
[0], count
, func
):
6194 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6195 eap
="FAST", anonymous_identity
="FAST",
6196 identity
="user", password
="password",
6197 ca_cert
="auth_serv/ca.pem", phase2
="auth=GTC",
6198 phase1
="fast_provisioning=2",
6199 pac_file
="blob://fast_pac_auth_errors",
6202 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6205 raise Exception("Timeout on EAP start")
6206 wait_fail_trigger(dev
[0], "GET_FAIL")
6207 dev
[0].request("REMOVE_NETWORK all")
6208 dev
[0].wait_disconnected()
6210 dev
[0].request("SET blob fast_pac_errors ")
6211 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6212 eap
="FAST", anonymous_identity
="FAST",
6213 identity
="user", password
="password",
6214 ca_cert
="auth_serv/ca.pem", phase2
="auth=GTC",
6215 phase1
="fast_provisioning=1",
6216 pac_file
="blob://fast_pac_errors",
6218 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout
=5)
6220 raise Exception("Timeout on EAP start")
6221 # EAP-FAST: Only EAP-MSCHAPv2 is allowed during unauthenticated
6222 # provisioning; reject phase2 type 6
6223 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
6225 raise Exception("Timeout on EAP failure")
6226 dev
[0].request("REMOVE_NETWORK all")
6227 dev
[0].wait_disconnected()
6229 logger
.info("Wrong password in Phase 2")
6230 dev
[0].request("SET blob fast_pac_errors ")
6231 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6232 eap
="FAST", anonymous_identity
="FAST",
6233 identity
="user", password
="wrong password",
6234 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
6235 phase1
="fast_provisioning=1",
6236 pac_file
="blob://fast_pac_errors",
6238 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout
=5)
6240 raise Exception("Timeout on EAP start")
6241 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
6243 raise Exception("Timeout on EAP failure")
6244 dev
[0].request("REMOVE_NETWORK all")
6245 dev
[0].wait_disconnected()
6247 tests
= [ "FOOBAR\n",
6248 "wpa_supplicant EAP-FAST PAC file - version 1\nFOOBAR\n",
6249 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\n",
6250 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nSTART\n",
6251 "wpa_supplicant EAP-FAST PAC file - version 1\nEND\n",
6252 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nPAC-Type=12345\nEND\n"
6253 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nPAC-Key=12\nEND\n",
6254 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nPAC-Key=1\nEND\n",
6255 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nPAC-Key=1q\nEND\n",
6256 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nPAC-Opaque=1\nEND\n",
6257 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nA-ID=1\nEND\n",
6258 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nI-ID=1\nEND\n",
6259 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nA-ID-Info=1\nEND\n" ]
6261 blob
= binascii
.hexlify(pac
)
6262 dev
[0].request("SET blob fast_pac_errors " + blob
)
6263 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6264 eap
="FAST", anonymous_identity
="FAST",
6265 identity
="user", password
="password",
6266 ca_cert
="auth_serv/ca.pem", phase2
="auth=GTC",
6267 phase1
="fast_provisioning=2",
6268 pac_file
="blob://fast_pac_errors",
6270 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
6273 raise Exception("Timeout on EAP start")
6274 dev
[0].request("REMOVE_NETWORK all")
6275 dev
[0].wait_disconnected()
6277 tests
= [ "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nEND\n",
6278 "wpa_supplicant EAP-FAST PAC file - version 1\nSTART\nEND\nSTART\nEND\nSTART\nEND\n" ]
6280 blob
= binascii
.hexlify(pac
)
6281 dev
[0].request("SET blob fast_pac_errors " + blob
)
6282 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6283 eap
="FAST", anonymous_identity
="FAST",
6284 identity
="user", password
="password",
6285 ca_cert
="auth_serv/ca.pem", phase2
="auth=GTC",
6286 phase1
="fast_provisioning=2",
6287 pac_file
="blob://fast_pac_errors")
6288 dev
[0].request("REMOVE_NETWORK all")
6289 dev
[0].wait_disconnected()
6291 dev
[0].request("SET blob fast_pac_errors ")
6293 def test_eap_proto_peap_errors(dev
, apdev
):
6294 """EAP-PEAP local error cases"""
6295 check_eap_capa(dev
[0], "PEAP")
6296 check_eap_capa(dev
[0], "MSCHAPV2")
6297 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
6298 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
6300 for i
in range(1, 5):
6301 with
alloc_fail(dev
[0], i
, "eap_peap_init"):
6302 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6303 eap
="PEAP", anonymous_identity
="peap",
6304 identity
="user", password
="password",
6305 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
6307 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
6310 raise Exception("Timeout on EAP start")
6311 dev
[0].request("REMOVE_NETWORK all")
6312 dev
[0].wait_disconnected()
6314 tests
= [ (1, "eap_mschapv2_getKey;eap_peap_get_isk;eap_peap_derive_cmk"),
6315 (1, "eap_msg_alloc;eap_tlv_build_result"),
6316 (1, "eap_mschapv2_init;eap_peap_phase2_request"),
6317 (1, "eap_peer_tls_decrypt;eap_peap_decrypt"),
6318 (1, "wpabuf_alloc;=eap_peap_decrypt"),
6319 (1, "eap_peer_tls_encrypt;eap_peap_decrypt"),
6320 (1, "eap_peer_tls_process_helper;eap_peap_process"),
6321 (1, "eap_peer_tls_derive_key;eap_peap_process"),
6322 (1, "eap_peer_tls_derive_session_id;eap_peap_process"),
6323 (1, "eap_peap_getKey"),
6324 (1, "eap_peap_get_session_id") ]
6325 for count
, func
in tests
:
6326 with
alloc_fail(dev
[0], count
, func
):
6327 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6328 eap
="PEAP", anonymous_identity
="peap",
6329 identity
="user", password
="password",
6330 phase1
="peapver=0 crypto_binding=2",
6331 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
6332 erp
="1", wait_connect
=False)
6333 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6336 raise Exception("Timeout on EAP start")
6337 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
6338 dev
[0].request("REMOVE_NETWORK all")
6339 dev
[0].wait_disconnected()
6341 tests
= [ (1, "peap_prfplus;eap_peap_derive_cmk"),
6342 (1, "eap_tlv_add_cryptobinding;eap_tlv_build_result"),
6343 (1, "peap_prfplus;eap_peap_getKey") ]
6344 for count
, func
in tests
:
6345 with
fail_test(dev
[0], count
, func
):
6346 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6347 eap
="PEAP", anonymous_identity
="peap",
6348 identity
="user", password
="password",
6349 phase1
="peapver=0 crypto_binding=2",
6350 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
6351 erp
="1", wait_connect
=False)
6352 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6355 raise Exception("Timeout on EAP start")
6356 wait_fail_trigger(dev
[0], "GET_FAIL")
6357 dev
[0].request("REMOVE_NETWORK all")
6358 dev
[0].wait_disconnected()
6360 with
alloc_fail(dev
[0], 1,
6361 "eap_peer_tls_phase2_nak;eap_peap_phase2_request"):
6362 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6363 eap
="PEAP", anonymous_identity
="peap",
6364 identity
="cert user", password
="password",
6365 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
6367 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
6368 dev
[0].request("REMOVE_NETWORK all")
6369 dev
[0].wait_disconnected()
6371 def test_eap_proto_ttls_errors(dev
, apdev
):
6372 """EAP-TTLS local error cases"""
6373 check_eap_capa(dev
[0], "TTLS")
6374 check_eap_capa(dev
[0], "MSCHAPV2")
6375 params
= hostapd
.wpa2_eap_params(ssid
="eap-test")
6376 hapd
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
6378 for i
in range(1, 5):
6379 with
alloc_fail(dev
[0], i
, "eap_ttls_init"):
6380 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6381 eap
="TTLS", anonymous_identity
="ttls",
6382 identity
="user", password
="password",
6383 ca_cert
="auth_serv/ca.pem",
6384 phase2
="autheap=MSCHAPV2",
6386 ev
= dev
[0].wait_event(["EAP: Failed to initialize EAP method"],
6389 raise Exception("Timeout on EAP start")
6390 dev
[0].request("REMOVE_NETWORK all")
6391 dev
[0].wait_disconnected()
6393 tests
= [ (1, "eap_peer_tls_derive_key;eap_ttls_v0_derive_key",
6394 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6395 (1, "eap_peer_tls_derive_session_id;eap_ttls_v0_derive_key",
6396 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6397 (1, "wpabuf_alloc;eap_ttls_phase2_request_mschapv2",
6398 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6399 (1, "eap_peer_tls_derive_key;eap_ttls_phase2_request_mschapv2",
6400 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6401 (1, "eap_peer_tls_encrypt;eap_ttls_encrypt_response;eap_ttls_implicit_identity_request",
6402 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6403 (1, "eap_peer_tls_decrypt;eap_ttls_decrypt",
6404 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6405 (1, "eap_ttls_getKey",
6406 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6407 (1, "eap_ttls_get_session_id",
6408 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6409 (1, "eap_ttls_get_emsk",
6410 "DOMAIN\mschapv2 user", "auth=MSCHAPV2"),
6411 (1, "wpabuf_alloc;eap_ttls_phase2_request_mschap",
6412 "mschap user", "auth=MSCHAP"),
6413 (1, "eap_peer_tls_derive_key;eap_ttls_phase2_request_mschap",
6414 "mschap user", "auth=MSCHAP"),
6415 (1, "wpabuf_alloc;eap_ttls_phase2_request_chap",
6416 "chap user", "auth=CHAP"),
6417 (1, "eap_peer_tls_derive_key;eap_ttls_phase2_request_chap",
6418 "chap user", "auth=CHAP"),
6419 (1, "wpabuf_alloc;eap_ttls_phase2_request_pap",
6420 "pap user", "auth=PAP"),
6421 (1, "wpabuf_alloc;eap_ttls_avp_encapsulate",
6422 "user", "autheap=MSCHAPV2"),
6423 (1, "eap_mschapv2_init;eap_ttls_phase2_request_eap_method",
6424 "user", "autheap=MSCHAPV2"),
6425 (1, "eap_sm_buildIdentity;eap_ttls_phase2_request_eap",
6426 "user", "autheap=MSCHAPV2"),
6427 (1, "eap_ttls_avp_encapsulate;eap_ttls_phase2_request_eap",
6428 "user", "autheap=MSCHAPV2"),
6429 (1, "eap_ttls_parse_attr_eap",
6430 "user", "autheap=MSCHAPV2"),
6431 (1, "eap_peer_tls_encrypt;eap_ttls_encrypt_response;eap_ttls_process_decrypted",
6432 "user", "autheap=MSCHAPV2"),
6433 (1, "eap_ttls_fake_identity_request",
6434 "user", "autheap=MSCHAPV2"),
6435 (1, "eap_msg_alloc;eap_tls_process_output",
6436 "user", "autheap=MSCHAPV2"),
6437 (1, "eap_msg_alloc;eap_peer_tls_build_ack",
6438 "user", "autheap=MSCHAPV2"),
6439 (1, "tls_connection_decrypt;eap_peer_tls_decrypt",
6440 "user", "autheap=MSCHAPV2"),
6441 (1, "eap_peer_tls_phase2_nak;eap_ttls_phase2_request_eap_method",
6442 "cert user", "autheap=MSCHAPV2") ]
6443 for count
, func
, identity
, phase2
in tests
:
6444 with
alloc_fail(dev
[0], count
, func
):
6445 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6446 eap
="TTLS", anonymous_identity
="ttls",
6447 identity
=identity
, password
="password",
6448 ca_cert
="auth_serv/ca.pem", phase2
=phase2
,
6449 erp
="1", wait_connect
=False)
6450 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6453 raise Exception("Timeout on EAP start")
6454 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL",
6455 note
="Allocation failure not triggered for: %d:%s" % (count
, func
))
6456 dev
[0].request("REMOVE_NETWORK all")
6457 dev
[0].wait_disconnected()
6459 tests
= [ (1, "os_get_random;eap_ttls_phase2_request_mschapv2"),
6460 (1, "mschapv2_derive_response;eap_ttls_phase2_request_mschapv2") ]
6461 for count
, func
in tests
:
6462 with
fail_test(dev
[0], count
, func
):
6463 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6464 eap
="TTLS", anonymous_identity
="ttls",
6465 identity
="DOMAIN\mschapv2 user", password
="password",
6466 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
6467 erp
="1", wait_connect
=False)
6468 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6471 raise Exception("Timeout on EAP start")
6472 wait_fail_trigger(dev
[0], "GET_FAIL",
6473 note
="Test failure not triggered for: %d:%s" % (count
, func
))
6474 dev
[0].request("REMOVE_NETWORK all")
6475 dev
[0].wait_disconnected()
6477 def test_eap_proto_expanded(dev
, apdev
):
6478 """EAP protocol tests with expanded header"""
6479 global eap_proto_expanded_test_done
6480 eap_proto_expanded_test_done
= False
6482 def expanded_handler(ctx
, req
):
6483 logger
.info("expanded_handler - RX " + req
.encode("hex"))
6484 if 'num' not in ctx
:
6489 ctx
['id'] = (ctx
['id'] + 1) % 256
6493 if ctx
['num'] == idx
:
6494 logger
.info("Test: MD5 challenge in expanded header")
6495 return struct
.pack(">BBHB3BLBBB", EAP_CODE_REQUEST
, ctx
['id'],
6497 EAP_TYPE_EXPANDED
, 0, 0, 0, EAP_TYPE_MD5
,
6500 if ctx
['num'] == idx
:
6501 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6504 if ctx
['num'] == idx
:
6505 logger
.info("Test: Invalid expanded EAP length")
6506 return struct
.pack(">BBHB3BH", EAP_CODE_REQUEST
, ctx
['id'],
6508 EAP_TYPE_EXPANDED
, 0, 0, 0, EAP_TYPE_MD5
)
6510 if ctx
['num'] == idx
:
6511 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6514 if ctx
['num'] == idx
:
6515 logger
.info("Test: Invalid expanded frame type")
6516 return struct
.pack(">BBHB3BL", EAP_CODE_REQUEST
, ctx
['id'],
6518 EAP_TYPE_EXPANDED
, 0, 0, 1, EAP_TYPE_MD5
)
6520 if ctx
['num'] == idx
:
6521 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6524 if ctx
['num'] == idx
:
6525 logger
.info("Test: MSCHAPv2 Challenge")
6526 return struct
.pack(">BBHBBBHB", EAP_CODE_REQUEST
, ctx
['id'],
6527 4 + 1 + 4 + 1 + 16 + 6,
6529 1, 0, 4 + 1 + 16 + 6, 16) + 16*'A' + 'foobar'
6531 if ctx
['num'] == idx
:
6532 logger
.info("Test: Invalid expanded frame type")
6533 return struct
.pack(">BBHB3BL", EAP_CODE_REQUEST
, ctx
['id'],
6535 EAP_TYPE_EXPANDED
, 0, 0, 1, EAP_TYPE_MSCHAPV2
)
6537 logger
.info("No more test responses available - test case completed")
6538 global eap_proto_expanded_test_done
6539 eap_proto_expanded_test_done
= True
6540 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6542 srv
= start_radius_server(expanded_handler
)
6545 hapd
= start_ap(apdev
[0]['ifname'])
6548 while not eap_proto_expanded_test_done
:
6550 logger
.info("Running connection iteration %d" % i
)
6552 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6553 eap
="MSCHAPV2", identity
="user",
6554 password
="password",
6557 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6558 eap
="MD5", identity
="user", password
="password",
6560 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
6562 raise Exception("Timeout on EAP start")
6564 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout
=5)
6566 raise Exception("Timeout on EAP method start")
6567 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
6569 raise Exception("Timeout on EAP failure")
6571 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
6574 raise Exception("Timeout on EAP proposed method")
6575 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout
=5)
6577 raise Exception("Timeout on EAP failure")
6580 dev
[0].request("REMOVE_NETWORK all")
6581 dev
[0].wait_disconnected(timeout
=1)
6582 dev
[0].dump_monitor()
6584 stop_radius_server(srv
)
6586 def test_eap_proto_tnc(dev
, apdev
):
6587 """EAP-TNC protocol tests"""
6588 check_eap_capa(dev
[0], "TNC")
6589 global eap_proto_tnc_test_done
6590 eap_proto_tnc_test_done
= False
6592 def tnc_handler(ctx
, req
):
6593 logger
.info("tnc_handler - RX " + req
.encode("hex"))
6594 if 'num' not in ctx
:
6599 ctx
['id'] = (ctx
['id'] + 1) % 256
6603 if ctx
['num'] == idx
:
6604 logger
.info("Test: TNC start with unsupported version")
6605 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6610 if ctx
['num'] == idx
:
6611 logger
.info("Test: TNC without Flags field")
6612 return struct
.pack(">BBHB", EAP_CODE_REQUEST
, ctx
['id'],
6617 if ctx
['num'] == idx
:
6618 logger
.info("Test: Message underflow due to missing Message Length")
6619 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6624 if ctx
['num'] == idx
:
6625 logger
.info("Test: Invalid Message Length")
6626 return struct
.pack(">BBHBBLB", EAP_CODE_REQUEST
, ctx
['id'],
6628 EAP_TYPE_TNC
, 0xa1, 0, 0)
6631 if ctx
['num'] == idx
:
6632 logger
.info("Test: Invalid Message Length")
6633 return struct
.pack(">BBHBBL", EAP_CODE_REQUEST
, ctx
['id'],
6635 EAP_TYPE_TNC
, 0xe1, 75001)
6638 if ctx
['num'] == idx
:
6639 logger
.info("Test: Start with Message Length")
6640 return struct
.pack(">BBHBBL", EAP_CODE_REQUEST
, ctx
['id'],
6642 EAP_TYPE_TNC
, 0xa1, 1)
6644 if ctx
['num'] == idx
:
6645 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6648 if ctx
['num'] == idx
:
6649 logger
.info("Test: Server used start flag again")
6650 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6654 if ctx
['num'] == idx
:
6655 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6660 if ctx
['num'] == idx
:
6661 logger
.info("Test: Fragmentation and unexpected payload in ack")
6662 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6666 if ctx
['num'] == idx
:
6667 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6671 if ctx
['num'] == idx
:
6672 return struct
.pack(">BBHBBB", EAP_CODE_REQUEST
, ctx
['id'],
6674 EAP_TYPE_TNC
, 0x01, 0)
6677 if ctx
['num'] == idx
:
6678 logger
.info("Test: Server fragmenting and fragment overflow")
6679 return struct
.pack(">BBHBBLB", EAP_CODE_REQUEST
, ctx
['id'],
6681 EAP_TYPE_TNC
, 0xe1, 2, 1)
6683 if ctx
['num'] == idx
:
6684 return struct
.pack(">BBHBBBB", EAP_CODE_REQUEST
, ctx
['id'],
6686 EAP_TYPE_TNC
, 0x01, 2, 3)
6689 if ctx
['num'] == idx
:
6690 logger
.info("Test: Server fragmenting and no message length in a fragment")
6691 return struct
.pack(">BBHBBB", EAP_CODE_REQUEST
, ctx
['id'],
6693 EAP_TYPE_TNC
, 0x61, 2)
6696 if ctx
['num'] == idx
:
6697 logger
.info("Test: TNC start followed by invalid TNCCS-Batch")
6698 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6702 if ctx
['num'] == idx
:
6703 logger
.info("Received TNCCS-Batch: " + req
[6:])
6705 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6706 4 + 1 + 1 + len(resp
),
6707 EAP_TYPE_TNC
, 0x01) + resp
6710 if ctx
['num'] == idx
:
6711 logger
.info("Test: TNC start followed by invalid TNCCS-Batch (2)")
6712 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6716 if ctx
['num'] == idx
:
6717 logger
.info("Received TNCCS-Batch: " + req
[6:])
6718 resp
= "</TNCCS-Batch><TNCCS-Batch>"
6719 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6720 4 + 1 + 1 + len(resp
),
6721 EAP_TYPE_TNC
, 0x01) + resp
6724 if ctx
['num'] == idx
:
6725 logger
.info("Test: TNCCS-Batch missing BatchId attribute")
6726 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6730 if ctx
['num'] == idx
:
6731 logger
.info("Received TNCCS-Batch: " + req
[6:])
6732 resp
= "<TNCCS-Batch foo=3></TNCCS-Batch>"
6733 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6734 4 + 1 + 1 + len(resp
),
6735 EAP_TYPE_TNC
, 0x01) + resp
6738 if ctx
['num'] == idx
:
6739 logger
.info("Test: Unexpected IF-TNCCS BatchId")
6740 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6744 if ctx
['num'] == idx
:
6745 logger
.info("Received TNCCS-Batch: " + req
[6:])
6746 resp
= "<TNCCS-Batch BatchId=123456789></TNCCS-Batch>"
6747 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6748 4 + 1 + 1 + len(resp
),
6749 EAP_TYPE_TNC
, 0x01) + resp
6752 if ctx
['num'] == idx
:
6753 logger
.info("Test: Missing IMC-IMV-Message and TNCC-TNCS-Message end tags")
6754 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6758 if ctx
['num'] == idx
:
6759 logger
.info("Received TNCCS-Batch: " + req
[6:])
6760 resp
= "<TNCCS-Batch BatchId=2><IMC-IMV-Message><TNCC-TNCS-Message></TNCCS-Batch>"
6761 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6762 4 + 1 + 1 + len(resp
),
6763 EAP_TYPE_TNC
, 0x01) + resp
6765 if ctx
['num'] == idx
:
6766 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6769 if ctx
['num'] == idx
:
6770 logger
.info("Test: Missing IMC-IMV-Message and TNCC-TNCS-Message Type")
6771 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6775 if ctx
['num'] == idx
:
6776 logger
.info("Received TNCCS-Batch: " + req
[6:])
6777 resp
= "<TNCCS-Batch BatchId=2><IMC-IMV-Message></IMC-IMV-Message><TNCC-TNCS-Message></TNCC-TNCS-Message></TNCCS-Batch>"
6778 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6779 4 + 1 + 1 + len(resp
),
6780 EAP_TYPE_TNC
, 0x01) + resp
6782 if ctx
['num'] == idx
:
6783 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6786 if ctx
['num'] == idx
:
6787 logger
.info("Test: Missing TNCC-TNCS-Message XML end tag")
6788 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6792 if ctx
['num'] == idx
:
6793 logger
.info("Received TNCCS-Batch: " + req
[6:])
6794 resp
= "<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><XML></TNCC-TNCS-Message></TNCCS-Batch>"
6795 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6796 4 + 1 + 1 + len(resp
),
6797 EAP_TYPE_TNC
, 0x01) + resp
6799 if ctx
['num'] == idx
:
6800 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6803 if ctx
['num'] == idx
:
6804 logger
.info("Test: Missing TNCC-TNCS-Message Base64 start tag")
6805 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6809 if ctx
['num'] == idx
:
6810 logger
.info("Received TNCCS-Batch: " + req
[6:])
6811 resp
= "<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type></TNCC-TNCS-Message></TNCCS-Batch>"
6812 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6813 4 + 1 + 1 + len(resp
),
6814 EAP_TYPE_TNC
, 0x01) + resp
6816 if ctx
['num'] == idx
:
6817 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6820 if ctx
['num'] == idx
:
6821 logger
.info("Test: Missing TNCC-TNCS-Message Base64 end tag")
6822 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6826 if ctx
['num'] == idx
:
6827 logger
.info("Received TNCCS-Batch: " + req
[6:])
6828 resp
= "<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><Base64>abc</TNCC-TNCS-Message></TNCCS-Batch>"
6829 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6830 4 + 1 + 1 + len(resp
),
6831 EAP_TYPE_TNC
, 0x01) + resp
6833 if ctx
['num'] == idx
:
6834 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6837 if ctx
['num'] == idx
:
6838 logger
.info("Test: TNCC-TNCS-Message Base64 message")
6839 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6843 if ctx
['num'] == idx
:
6844 logger
.info("Received TNCCS-Batch: " + req
[6:])
6845 resp
= "<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><Base64>aGVsbG8=</Base64></TNCC-TNCS-Message></TNCCS-Batch>"
6846 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6847 4 + 1 + 1 + len(resp
),
6848 EAP_TYPE_TNC
, 0x01) + resp
6850 if ctx
['num'] == idx
:
6851 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6854 if ctx
['num'] == idx
:
6855 logger
.info("Test: Invalid TNCC-TNCS-Message XML message")
6856 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6860 if ctx
['num'] == idx
:
6861 logger
.info("Received TNCCS-Batch: " + req
[6:])
6862 resp
= "<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><XML>hello</XML></TNCC-TNCS-Message></TNCCS-Batch>"
6863 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6864 4 + 1 + 1 + len(resp
),
6865 EAP_TYPE_TNC
, 0x01) + resp
6867 if ctx
['num'] == idx
:
6868 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6871 if ctx
['num'] == idx
:
6872 logger
.info("Test: Missing TNCCS-Recommendation type")
6873 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6877 if ctx
['num'] == idx
:
6878 logger
.info("Received TNCCS-Batch: " + req
[6:])
6879 resp
= '<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><XML><TNCCS-Recommendation foo=1></TNCCS-Recommendation></XML></TNCC-TNCS-Message></TNCCS-Batch>'
6880 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6881 4 + 1 + 1 + len(resp
),
6882 EAP_TYPE_TNC
, 0x01) + resp
6884 if ctx
['num'] == idx
:
6885 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6888 if ctx
['num'] == idx
:
6889 logger
.info("Test: TNCCS-Recommendation type=none")
6890 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6894 if ctx
['num'] == idx
:
6895 logger
.info("Received TNCCS-Batch: " + req
[6:])
6896 resp
= '<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><XML><TNCCS-Recommendation type="none"></TNCCS-Recommendation></XML></TNCC-TNCS-Message></TNCCS-Batch>'
6897 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6898 4 + 1 + 1 + len(resp
),
6899 EAP_TYPE_TNC
, 0x01) + resp
6901 if ctx
['num'] == idx
:
6902 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6905 if ctx
['num'] == idx
:
6906 logger
.info("Test: TNCCS-Recommendation type=isolate")
6907 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6911 if ctx
['num'] == idx
:
6912 logger
.info("Received TNCCS-Batch: " + req
[6:])
6913 resp
= '<TNCCS-Batch BatchId=2><TNCC-TNCS-Message><Type>00000001</Type><XML><TNCCS-Recommendation type="isolate"></TNCCS-Recommendation></XML></TNCC-TNCS-Message></TNCCS-Batch>'
6914 return struct
.pack(">BBHBB", EAP_CODE_REQUEST
, ctx
['id'],
6915 4 + 1 + 1 + len(resp
),
6916 EAP_TYPE_TNC
, 0x01) + resp
6918 if ctx
['num'] == idx
:
6919 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6921 logger
.info("No more test responses available - test case completed")
6922 global eap_proto_tnc_test_done
6923 eap_proto_tnc_test_done
= True
6924 return struct
.pack(">BBH", EAP_CODE_FAILURE
, ctx
['id'], 4)
6926 srv
= start_radius_server(tnc_handler
)
6929 hapd
= start_ap(apdev
[0]['ifname'])
6932 while not eap_proto_tnc_test_done
:
6934 logger
.info("Running connection iteration %d" % i
)
6938 dev
[0].connect("eap-test", key_mgmt
="WPA-EAP", scan_freq
="2412",
6939 eap
="TNC", identity
="tnc", fragment_size
=str(frag
),
6941 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
6943 raise Exception("Timeout on EAP start")
6944 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-METHOD",
6945 "CTRL-EVENT-EAP-STATUS"], timeout
=5)
6947 raise Exception("Timeout on EAP method start")
6949 dev
[0].request("REMOVE_NETWORK all")
6950 dev
[0].wait_disconnected(timeout
=1)
6951 dev
[0].dump_monitor()
6953 stop_radius_server(srv
)