]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ieee8021x.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Mark 525 tests as remote compatible
[thirdparty/hostap.git] / tests / hwsim / test_ieee8021x.py
1 # IEEE 802.1X tests
2 # Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 from remotehost import remote_compatible
8 import binascii
9 import hmac
10 import logging
11 import time
12
13 import hostapd
14 import hwsim_utils
15 from utils import skip_with_fips
16
17 logger = logging.getLogger()
18
19 def test_ieee8021x_wep104(dev, apdev):
20 """IEEE 802.1X connection using dynamic WEP104"""
21 skip_with_fips(dev[0])
22 params = hostapd.radius_params()
23 params["ssid"] = "ieee8021x-wep"
24 params["ieee8021x"] = "1"
25 params["wep_key_len_broadcast"] = "13"
26 params["wep_key_len_unicast"] = "13"
27 hapd = hostapd.add_ap(apdev[0], params)
28
29 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
30 identity="psk.user@example.com",
31 password_hex="0123456789abcdef0123456789abcdef",
32 scan_freq="2412")
33 hwsim_utils.test_connectivity(dev[0], hapd)
34
35 def test_ieee8021x_wep40(dev, apdev):
36 """IEEE 802.1X connection using dynamic WEP40"""
37 skip_with_fips(dev[0])
38 params = hostapd.radius_params()
39 params["ssid"] = "ieee8021x-wep"
40 params["ieee8021x"] = "1"
41 params["wep_key_len_broadcast"] = "5"
42 params["wep_key_len_unicast"] = "5"
43 hapd = hostapd.add_ap(apdev[0], params)
44
45 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
46 identity="psk.user@example.com",
47 password_hex="0123456789abcdef0123456789abcdef",
48 scan_freq="2412")
49 hwsim_utils.test_connectivity(dev[0], hapd)
50
51 def test_ieee8021x_open(dev, apdev):
52 """IEEE 802.1X connection using open network"""
53 params = hostapd.radius_params()
54 params["ssid"] = "ieee8021x-open"
55 params["ieee8021x"] = "1"
56 hapd = hostapd.add_ap(apdev[0], params)
57
58 id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
59 eap="PSK", identity="psk.user@example.com",
60 password_hex="0123456789abcdef0123456789abcdef",
61 scan_freq="2412")
62 hwsim_utils.test_connectivity(dev[0], hapd)
63
64 logger.info("Test EAPOL-Logoff")
65 dev[0].request("LOGOFF")
66 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
67 if ev is None:
68 raise Exception("Did not get disconnected")
69 if "reason=23" not in ev:
70 raise Exception("Unexpected disconnection reason")
71
72 dev[0].request("LOGON")
73 dev[0].connect_network(id)
74 hwsim_utils.test_connectivity(dev[0], hapd)
75
76 def test_ieee8021x_static_wep40(dev, apdev):
77 """IEEE 802.1X connection using static WEP40"""
78 params = hostapd.radius_params()
79 params["ssid"] = "ieee8021x-wep"
80 params["ieee8021x"] = "1"
81 params["wep_key0"] = '"hello"'
82 hapd = hostapd.add_ap(apdev[0], params)
83
84 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
85 identity="psk.user@example.com",
86 password_hex="0123456789abcdef0123456789abcdef",
87 wep_key0='"hello"', eapol_flags="0",
88 scan_freq="2412")
89 hwsim_utils.test_connectivity(dev[0], hapd)
90
91 def test_ieee8021x_proto(dev, apdev):
92 """IEEE 802.1X and EAPOL supplicant protocol testing"""
93 params = hostapd.radius_params()
94 params["ssid"] = "ieee8021x-open"
95 params["ieee8021x"] = "1"
96 hapd = hostapd.add_ap(apdev[0], params)
97 bssid = apdev[0]['bssid']
98
99 dev[1].request("SET ext_eapol_frame_io 1")
100 dev[1].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
101 eap="PSK", identity="psk.user@example.com",
102 password_hex="0123456789abcdef0123456789abcdef",
103 scan_freq="2412", wait_connect=False)
104 id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
105 eap="PSK", identity="psk.user@example.com",
106 password_hex="0123456789abcdef0123456789abcdef",
107 scan_freq="2412")
108 ev = dev[1].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
109
110 start = dev[0].get_mib()
111
112 tests = [ "11",
113 "11223344",
114 "020000050a93000501",
115 "020300050a93000501",
116 "0203002c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
117 "0203002c0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
118 "0203002c0100050000000000000000000000000000000000000000000000000000000000000000000000000000000000",
119 "02aa00050a93000501" ]
120 for frame in tests:
121 res = dev[0].request("EAPOL_RX " + bssid + " " + frame)
122 if "OK" not in res:
123 raise Exception("EAPOL_RX to wpa_supplicant failed")
124 dev[1].request("EAPOL_RX " + bssid + " " + frame)
125
126 stop = dev[0].get_mib()
127
128 logger.info("MIB before test frames: " + str(start))
129 logger.info("MIB after test frames: " + str(stop))
130
131 vals = [ 'dot1xSuppInvalidEapolFramesRx',
132 'dot1xSuppEapLengthErrorFramesRx' ]
133 for val in vals:
134 if int(stop[val]) <= int(start[val]):
135 raise Exception(val + " did not increase")
136
137 @remote_compatible
138 def test_ieee8021x_eapol_start(dev, apdev):
139 """IEEE 802.1X and EAPOL-Start retransmissions"""
140 params = hostapd.radius_params()
141 params["ssid"] = "ieee8021x-open"
142 params["ieee8021x"] = "1"
143 hapd = hostapd.add_ap(apdev[0], params)
144 bssid = apdev[0]['bssid']
145 addr0 = dev[0].own_addr()
146
147 hapd.set("ext_eapol_frame_io", "1")
148 try:
149 dev[0].request("SET EAPOL::startPeriod 1")
150 dev[0].request("SET EAPOL::maxStart 1")
151 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
152 eap="PSK", identity="psk.user@example.com",
153 password_hex="0123456789abcdef0123456789abcdef",
154 scan_freq="2412", wait_connect=False)
155 held = False
156 for i in range(30):
157 pae = dev[0].get_status_field('Supplicant PAE state')
158 if pae == "HELD":
159 mib = hapd.get_sta(addr0, info="eapol")
160 if mib['auth_pae_state'] != 'AUTHENTICATING':
161 raise Exception("Unexpected Auth PAE state: " + mib['auth_pae_state'])
162 held = True
163 break
164 time.sleep(0.25)
165 if not held:
166 raise Exception("PAE state HELD not reached")
167 dev[0].wait_disconnected()
168 finally:
169 dev[0].request("SET EAPOL::startPeriod 30")
170 dev[0].request("SET EAPOL::maxStart 3")
171
172 def test_ieee8021x_held(dev, apdev):
173 """IEEE 802.1X and HELD state"""
174 params = hostapd.radius_params()
175 params["ssid"] = "ieee8021x-open"
176 params["ieee8021x"] = "1"
177 hapd = hostapd.add_ap(apdev[0], params)
178 bssid = apdev[0]['bssid']
179
180 hapd.set("ext_eapol_frame_io", "1")
181 try:
182 dev[0].request("SET EAPOL::startPeriod 1")
183 dev[0].request("SET EAPOL::maxStart 0")
184 dev[0].request("SET EAPOL::heldPeriod 1")
185 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
186 eap="PSK", identity="psk.user@example.com",
187 password_hex="0123456789abcdef0123456789abcdef",
188 scan_freq="2412", wait_connect=False)
189 held = False
190 for i in range(30):
191 pae = dev[0].get_status_field('Supplicant PAE state')
192 if pae == "HELD":
193 held = True
194 break
195 time.sleep(0.25)
196 if not held:
197 raise Exception("PAE state HELD not reached")
198
199 hapd.set("ext_eapol_frame_io", "0")
200 for i in range(30):
201 pae = dev[0].get_status_field('Supplicant PAE state')
202 if pae != "HELD":
203 held = False
204 break
205 time.sleep(0.25)
206 if held:
207 raise Exception("PAE state HELD not left")
208 ev = dev[0].wait_event([ "CTRL-EVENT-CONNECTED",
209 "CTRL-EVENT-DISCONNECTED" ], timeout=10)
210 if ev is None:
211 raise Exception("Connection timed out")
212 if "CTRL-EVENT-DISCONNECTED" in ev:
213 raise Exception("Unexpected disconnection")
214 finally:
215 dev[0].request("SET EAPOL::startPeriod 30")
216 dev[0].request("SET EAPOL::maxStart 3")
217 dev[0].request("SET EAPOL::heldPeriod 60")
218
219 def send_eapol_key(dev, bssid, signkey, frame_start, frame_end):
220 zero_sign = "00000000000000000000000000000000"
221 frame = frame_start + zero_sign + frame_end
222 hmac_obj = hmac.new(binascii.unhexlify(signkey))
223 hmac_obj.update(binascii.unhexlify(frame))
224 sign = hmac_obj.digest()
225 frame = frame_start + binascii.hexlify(sign) + frame_end
226 dev.request("EAPOL_RX " + bssid + " " + frame)
227
228 def test_ieee8021x_eapol_key(dev, apdev):
229 """IEEE 802.1X connection and EAPOL-Key protocol tests"""
230 skip_with_fips(dev[0])
231 params = hostapd.radius_params()
232 params["ssid"] = "ieee8021x-wep"
233 params["ieee8021x"] = "1"
234 params["wep_key_len_broadcast"] = "5"
235 params["wep_key_len_unicast"] = "5"
236 hapd = hostapd.add_ap(apdev[0], params)
237 bssid = apdev[0]['bssid']
238
239 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="VENDOR-TEST",
240 identity="vendor-test", scan_freq="2412")
241
242 # Hardcoded MSK from VENDOR-TEST
243 encrkey = "1111111111111111111111111111111111111111111111111111111111111111"
244 signkey = "2222222222222222222222222222222222222222222222222222222222222222"
245
246 # EAPOL-Key replay counter does not increase
247 send_eapol_key(dev[0], bssid, signkey,
248 "02030031" + "010005" + "0000000000000000" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
249 "1c636a30a4")
250
251 # EAPOL-Key too large Key Length field value
252 send_eapol_key(dev[0], bssid, signkey,
253 "02030031" + "010021" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
254 "1c636a30a4")
255
256 # EAPOL-Key too much key data
257 send_eapol_key(dev[0], bssid, signkey,
258 "0203004d" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
259 33*"ff")
260
261 # EAPOL-Key too little key data
262 send_eapol_key(dev[0], bssid, signkey,
263 "02030030" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
264 "1c636a30")
265
266 # EAPOL-Key with no key data and too long WEP key length
267 send_eapol_key(dev[0], bssid, signkey,
268 "0203002c" + "010020" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
269 "")
270
271 def test_ieee8021x_reauth(dev, apdev):
272 """IEEE 802.1X and EAPOL_REAUTH request"""
273 params = hostapd.radius_params()
274 params["ssid"] = "ieee8021x-open"
275 params["ieee8021x"] = "1"
276 hapd = hostapd.add_ap(apdev[0], params)
277
278 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
279 eap="PSK", identity="psk.user@example.com",
280 password_hex="0123456789abcdef0123456789abcdef",
281 scan_freq="2412")
282
283 hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
284 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
285 if ev is None:
286 raise Exception("EAP authentication did not start")
287 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
288 if ev is None:
289 raise Exception("EAP authentication did not succeed")
290 time.sleep(0.1)
291 hwsim_utils.test_connectivity(dev[0], hapd)
292
293 def test_ieee8021x_set_conf(dev, apdev):
294 """IEEE 802.1X and EAPOL_SET command"""
295 params = hostapd.radius_params()
296 params["ssid"] = "ieee8021x-open"
297 params["ieee8021x"] = "1"
298 hapd = hostapd.add_ap(apdev[0], params)
299
300 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
301 eap="PSK", identity="psk.user@example.com",
302 password_hex="0123456789abcdef0123456789abcdef",
303 scan_freq="2412")
304
305 addr0 = dev[0].own_addr()
306 tests = [ "EAPOL_SET 1",
307 "EAPOL_SET %sfoo bar" % addr0,
308 "EAPOL_SET %s foo" % addr0,
309 "EAPOL_SET %s foo bar" % addr0,
310 "EAPOL_SET %s AdminControlledDirections bar" % addr0,
311 "EAPOL_SET %s AdminControlledPortControl bar" % addr0,
312 "EAPOL_SET %s reAuthEnabled bar" % addr0,
313 "EAPOL_SET %s KeyTransmissionEnabled bar" % addr0,
314 "EAPOL_SET 11:22:33:44:55:66 AdminControlledDirections Both" ]
315 for t in tests:
316 if "FAIL" not in hapd.request(t):
317 raise Exception("Invalid EAPOL_SET command accepted: " + t)
318
319 tests = [ ("AdminControlledDirections", "adminControlledDirections", "In"),
320 ("AdminControlledDirections", "adminControlledDirections",
321 "Both"),
322 ("quietPeriod", "quietPeriod", "13"),
323 ("serverTimeout", "serverTimeout", "7"),
324 ("reAuthPeriod", "reAuthPeriod", "1234"),
325 ("reAuthEnabled", "reAuthEnabled", "FALSE"),
326 ("reAuthEnabled", "reAuthEnabled", "TRUE"),
327 ("KeyTransmissionEnabled", "keyTxEnabled", "TRUE"),
328 ("KeyTransmissionEnabled", "keyTxEnabled", "FALSE"),
329 ("AdminControlledPortControl", "portControl", "ForceAuthorized"),
330 ("AdminControlledPortControl", "portControl",
331 "ForceUnauthorized"),
332 ("AdminControlledPortControl", "portControl", "Auto") ]
333 for param,mibparam,val in tests:
334 if "OK" not in hapd.request("EAPOL_SET %s %s %s" % (addr0, param, val)):
335 raise Exception("Failed to set %s %s" % (param, val))
336 mib = hapd.get_sta(addr0, info="eapol")
337 if mib[mibparam] != val:
338 raise Exception("Unexpected %s value: %s (expected %s)" % (param, mib[mibparam], val))
339 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
340 if ev is None:
341 raise Exception("EAP authentication did not succeed")
342 time.sleep(0.1)
343 hwsim_utils.test_connectivity(dev[0], hapd)
344
345 def test_ieee8021x_auth_awhile(dev, apdev):
346 """IEEE 802.1X and EAPOL Authenticator aWhile handling"""
347 params = hostapd.radius_params()
348 params["ssid"] = "ieee8021x-open"
349 params["ieee8021x"] = "1"
350 params['auth_server_port'] = "18129"
351 hapd = hostapd.add_ap(apdev[0], params)
352 bssid = apdev[0]['bssid']
353 addr0 = dev[0].own_addr()
354
355 params = {}
356 params['ssid'] = 'as'
357 params['beacon_int'] = '2000'
358 params['radius_server_clients'] = 'auth_serv/radius_clients.conf'
359 params['radius_server_auth_port'] = '18129'
360 params['eap_server'] = '1'
361 params['eap_user_file'] = 'auth_serv/eap_user.conf'
362 params['ca_cert'] = 'auth_serv/ca.pem'
363 params['server_cert'] = 'auth_serv/server.pem'
364 params['private_key'] = 'auth_serv/server.key'
365 hapd1 = hostapd.add_ap(apdev[1], params)
366
367 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
368 eap="PSK", identity="psk.user@example.com",
369 password_hex="0123456789abcdef0123456789abcdef",
370 scan_freq="2412")
371 hapd1.disable()
372 if "OK" not in hapd.request("EAPOL_SET %s serverTimeout 1" % addr0):
373 raise Exception("Failed to set serverTimeout")
374 hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
375 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
376
377 for i in range(40):
378 mib = hapd.get_sta(addr0, info="eapol")
379 val = int(mib['aWhile'])
380 if val > 0:
381 break
382 time.sleep(1)
383 if val == 0:
384 raise Exception("aWhile did not increase")
385
386 hapd.dump_monitor()
387 for i in range(40):
388 mib = hapd.get_sta(addr0, info="eapol")
389 val = int(mib['aWhile'])
390 if val < 5:
391 break
392 time.sleep(1)
393 ev = hapd.wait_event(["CTRL-EVENT-EAP-PROPOSED"], timeout=10)
394 if ev is None:
395 raise Exception("Authentication restart not seen")
Unnamed repository; edit this file 'description' to name the repository.