]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ieee8021x.py
2 # Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
15 from utils
import skip_with_fips
17 logger
= logging
.getLogger()
19 def test_ieee8021x_wep104(dev
, apdev
):
20 """IEEE 802.1X connection using dynamic WEP104"""
21 skip_with_fips(dev
[0])
22 params
= hostapd
.radius_params()
23 params
["ssid"] = "ieee8021x-wep"
24 params
["ieee8021x"] = "1"
25 params
["wep_key_len_broadcast"] = "13"
26 params
["wep_key_len_unicast"] = "13"
27 hapd
= hostapd
.add_ap(apdev
[0], params
)
29 dev
[0].connect("ieee8021x-wep", key_mgmt
="IEEE8021X", eap
="PSK",
30 identity
="psk.user@example.com",
31 password_hex
="0123456789abcdef0123456789abcdef",
33 hwsim_utils
.test_connectivity(dev
[0], hapd
)
35 def test_ieee8021x_wep40(dev
, apdev
):
36 """IEEE 802.1X connection using dynamic WEP40"""
37 skip_with_fips(dev
[0])
38 params
= hostapd
.radius_params()
39 params
["ssid"] = "ieee8021x-wep"
40 params
["ieee8021x"] = "1"
41 params
["wep_key_len_broadcast"] = "5"
42 params
["wep_key_len_unicast"] = "5"
43 hapd
= hostapd
.add_ap(apdev
[0], params
)
45 dev
[0].connect("ieee8021x-wep", key_mgmt
="IEEE8021X", eap
="PSK",
46 identity
="psk.user@example.com",
47 password_hex
="0123456789abcdef0123456789abcdef",
49 hwsim_utils
.test_connectivity(dev
[0], hapd
)
51 def test_ieee8021x_open(dev
, apdev
):
52 """IEEE 802.1X connection using open network"""
53 params
= hostapd
.radius_params()
54 params
["ssid"] = "ieee8021x-open"
55 params
["ieee8021x"] = "1"
56 hapd
= hostapd
.add_ap(apdev
[0], params
)
58 id = dev
[0].connect("ieee8021x-open", key_mgmt
="IEEE8021X", eapol_flags
="0",
59 eap
="PSK", identity
="psk.user@example.com",
60 password_hex
="0123456789abcdef0123456789abcdef",
62 hwsim_utils
.test_connectivity(dev
[0], hapd
)
64 logger
.info("Test EAPOL-Logoff")
65 dev
[0].request("LOGOFF")
66 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
68 raise Exception("Did not get disconnected")
69 if "reason=23" not in ev
:
70 raise Exception("Unexpected disconnection reason")
72 dev
[0].request("LOGON")
73 dev
[0].connect_network(id)
74 hwsim_utils
.test_connectivity(dev
[0], hapd
)
76 def test_ieee8021x_static_wep40(dev
, apdev
):
77 """IEEE 802.1X connection using static WEP40"""
78 params
= hostapd
.radius_params()
79 params
["ssid"] = "ieee8021x-wep"
80 params
["ieee8021x"] = "1"
81 params
["wep_key0"] = '"hello"'
82 hapd
= hostapd
.add_ap(apdev
[0], params
)
84 dev
[0].connect("ieee8021x-wep", key_mgmt
="IEEE8021X", eap
="PSK",
85 identity
="psk.user@example.com",
86 password_hex
="0123456789abcdef0123456789abcdef",
87 wep_key0
='"hello"', eapol_flags
="0",
89 hwsim_utils
.test_connectivity(dev
[0], hapd
)
91 def test_ieee8021x_proto(dev
, apdev
):
92 """IEEE 802.1X and EAPOL supplicant protocol testing"""
93 params
= hostapd
.radius_params()
94 params
["ssid"] = "ieee8021x-open"
95 params
["ieee8021x"] = "1"
96 hapd
= hostapd
.add_ap(apdev
[0], params
)
97 bssid
= apdev
[0]['bssid']
99 dev
[1].request("SET ext_eapol_frame_io 1")
100 dev
[1].connect("ieee8021x-open", key_mgmt
="IEEE8021X", eapol_flags
="0",
101 eap
="PSK", identity
="psk.user@example.com",
102 password_hex
="0123456789abcdef0123456789abcdef",
103 scan_freq
="2412", wait_connect
=False)
104 id = dev
[0].connect("ieee8021x-open", key_mgmt
="IEEE8021X", eapol_flags
="0",
105 eap
="PSK", identity
="psk.user@example.com",
106 password_hex
="0123456789abcdef0123456789abcdef",
108 ev
= dev
[1].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
110 start
= dev
[0].get_mib()
114 "020000050a93000501",
115 "020300050a93000501",
116 "0203002c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
117 "0203002c0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
118 "0203002c0100050000000000000000000000000000000000000000000000000000000000000000000000000000000000",
119 "02aa00050a93000501" ]
121 res
= dev
[0].request("EAPOL_RX " + bssid
+ " " + frame
)
123 raise Exception("EAPOL_RX to wpa_supplicant failed")
124 dev
[1].request("EAPOL_RX " + bssid
+ " " + frame
)
126 stop
= dev
[0].get_mib()
128 logger
.info("MIB before test frames: " + str(start
))
129 logger
.info("MIB after test frames: " + str(stop
))
131 vals
= [ 'dot1xSuppInvalidEapolFramesRx',
132 'dot1xSuppEapLengthErrorFramesRx' ]
134 if int(stop
[val
]) <= int(start
[val
]):
135 raise Exception(val
+ " did not increase")
138 def test_ieee8021x_eapol_start(dev
, apdev
):
139 """IEEE 802.1X and EAPOL-Start retransmissions"""
140 params
= hostapd
.radius_params()
141 params
["ssid"] = "ieee8021x-open"
142 params
["ieee8021x"] = "1"
143 hapd
= hostapd
.add_ap(apdev
[0], params
)
144 bssid
= apdev
[0]['bssid']
145 addr0
= dev
[0].own_addr()
147 hapd
.set("ext_eapol_frame_io", "1")
149 dev
[0].request("SET EAPOL::startPeriod 1")
150 dev
[0].request("SET EAPOL::maxStart 1")
151 dev
[0].connect("ieee8021x-open", key_mgmt
="IEEE8021X", eapol_flags
="0",
152 eap
="PSK", identity
="psk.user@example.com",
153 password_hex
="0123456789abcdef0123456789abcdef",
154 scan_freq
="2412", wait_connect
=False)
157 pae
= dev
[0].get_status_field('Supplicant PAE state')
159 mib
= hapd
.get_sta(addr0
, info
="eapol")
160 if mib
['auth_pae_state'] != 'AUTHENTICATING':
161 raise Exception("Unexpected Auth PAE state: " + mib
['auth_pae_state'])
166 raise Exception("PAE state HELD not reached")
167 dev
[0].wait_disconnected()
169 dev
[0].request("SET EAPOL::startPeriod 30")
170 dev
[0].request("SET EAPOL::maxStart 3")
172 def test_ieee8021x_held(dev
, apdev
):
173 """IEEE 802.1X and HELD state"""
174 params
= hostapd
.radius_params()
175 params
["ssid"] = "ieee8021x-open"
176 params
["ieee8021x"] = "1"
177 hapd
= hostapd
.add_ap(apdev
[0], params
)
178 bssid
= apdev
[0]['bssid']
180 hapd
.set("ext_eapol_frame_io", "1")
182 dev
[0].request("SET EAPOL::startPeriod 1")
183 dev
[0].request("SET EAPOL::maxStart 0")
184 dev
[0].request("SET EAPOL::heldPeriod 1")
185 dev
[0].connect("ieee8021x-open", key_mgmt
="IEEE8021X", eapol_flags
="0",
186 eap
="PSK", identity
="psk.user@example.com",
187 password_hex
="0123456789abcdef0123456789abcdef",
188 scan_freq
="2412", wait_connect
=False)
191 pae
= dev
[0].get_status_field('Supplicant PAE state')
197 raise Exception("PAE state HELD not reached")
199 hapd
.set("ext_eapol_frame_io", "0")
201 pae
= dev
[0].get_status_field('Supplicant PAE state')
207 raise Exception("PAE state HELD not left")
208 ev
= dev
[0].wait_event([ "CTRL-EVENT-CONNECTED",
209 "CTRL-EVENT-DISCONNECTED" ], timeout
=10)
211 raise Exception("Connection timed out")
212 if "CTRL-EVENT-DISCONNECTED" in ev
:
213 raise Exception("Unexpected disconnection")
215 dev
[0].request("SET EAPOL::startPeriod 30")
216 dev
[0].request("SET EAPOL::maxStart 3")
217 dev
[0].request("SET EAPOL::heldPeriod 60")
219 def send_eapol_key(dev
, bssid
, signkey
, frame_start
, frame_end
):
220 zero_sign
= "00000000000000000000000000000000"
221 frame
= frame_start
+ zero_sign
+ frame_end
222 hmac_obj
= hmac
.new(binascii
.unhexlify(signkey
))
223 hmac_obj
.update(binascii
.unhexlify(frame
))
224 sign
= hmac_obj
.digest()
225 frame
= frame_start
+ binascii
.hexlify(sign
) + frame_end
226 dev
.request("EAPOL_RX " + bssid
+ " " + frame
)
228 def test_ieee8021x_eapol_key(dev
, apdev
):
229 """IEEE 802.1X connection and EAPOL-Key protocol tests"""
230 skip_with_fips(dev
[0])
231 params
= hostapd
.radius_params()
232 params
["ssid"] = "ieee8021x-wep"
233 params
["ieee8021x"] = "1"
234 params
["wep_key_len_broadcast"] = "5"
235 params
["wep_key_len_unicast"] = "5"
236 hapd
= hostapd
.add_ap(apdev
[0], params
)
237 bssid
= apdev
[0]['bssid']
239 dev
[0].connect("ieee8021x-wep", key_mgmt
="IEEE8021X", eap
="VENDOR-TEST",
240 identity
="vendor-test", scan_freq
="2412")
242 # Hardcoded MSK from VENDOR-TEST
243 encrkey
= "1111111111111111111111111111111111111111111111111111111111111111"
244 signkey
= "2222222222222222222222222222222222222222222222222222222222222222"
246 # EAPOL-Key replay counter does not increase
247 send_eapol_key(dev
[0], bssid
, signkey
,
248 "02030031" + "010005" + "0000000000000000" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
251 # EAPOL-Key too large Key Length field value
252 send_eapol_key(dev
[0], bssid
, signkey
,
253 "02030031" + "010021" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
256 # EAPOL-Key too much key data
257 send_eapol_key(dev
[0], bssid
, signkey
,
258 "0203004d" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
261 # EAPOL-Key too little key data
262 send_eapol_key(dev
[0], bssid
, signkey
,
263 "02030030" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
266 # EAPOL-Key with no key data and too long WEP key length
267 send_eapol_key(dev
[0], bssid
, signkey
,
268 "0203002c" + "010020" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
271 def test_ieee8021x_reauth(dev
, apdev
):
272 """IEEE 802.1X and EAPOL_REAUTH request"""
273 params
= hostapd
.radius_params()
274 params
["ssid"] = "ieee8021x-open"
275 params
["ieee8021x"] = "1"
276 hapd
= hostapd
.add_ap(apdev
[0], params
)
278 dev
[0].connect("ieee8021x-open", key_mgmt
="IEEE8021X", eapol_flags
="0",
279 eap
="PSK", identity
="psk.user@example.com",
280 password_hex
="0123456789abcdef0123456789abcdef",
283 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
284 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
286 raise Exception("EAP authentication did not start")
287 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
289 raise Exception("EAP authentication did not succeed")
291 hwsim_utils
.test_connectivity(dev
[0], hapd
)
293 def test_ieee8021x_set_conf(dev
, apdev
):
294 """IEEE 802.1X and EAPOL_SET command"""
295 params
= hostapd
.radius_params()
296 params
["ssid"] = "ieee8021x-open"
297 params
["ieee8021x"] = "1"
298 hapd
= hostapd
.add_ap(apdev
[0], params
)
300 dev
[0].connect("ieee8021x-open", key_mgmt
="IEEE8021X", eapol_flags
="0",
301 eap
="PSK", identity
="psk.user@example.com",
302 password_hex
="0123456789abcdef0123456789abcdef",
305 addr0
= dev
[0].own_addr()
306 tests
= [ "EAPOL_SET 1",
307 "EAPOL_SET %sfoo bar" % addr0
,
308 "EAPOL_SET %s foo" % addr0
,
309 "EAPOL_SET %s foo bar" % addr0
,
310 "EAPOL_SET %s AdminControlledDirections bar" % addr0
,
311 "EAPOL_SET %s AdminControlledPortControl bar" % addr0
,
312 "EAPOL_SET %s reAuthEnabled bar" % addr0
,
313 "EAPOL_SET %s KeyTransmissionEnabled bar" % addr0
,
314 "EAPOL_SET 11:22:33:44:55:66 AdminControlledDirections Both" ]
316 if "FAIL" not in hapd
.request(t
):
317 raise Exception("Invalid EAPOL_SET command accepted: " + t
)
319 tests
= [ ("AdminControlledDirections", "adminControlledDirections", "In"),
320 ("AdminControlledDirections", "adminControlledDirections",
322 ("quietPeriod", "quietPeriod", "13"),
323 ("serverTimeout", "serverTimeout", "7"),
324 ("reAuthPeriod", "reAuthPeriod", "1234"),
325 ("reAuthEnabled", "reAuthEnabled", "FALSE"),
326 ("reAuthEnabled", "reAuthEnabled", "TRUE"),
327 ("KeyTransmissionEnabled", "keyTxEnabled", "TRUE"),
328 ("KeyTransmissionEnabled", "keyTxEnabled", "FALSE"),
329 ("AdminControlledPortControl", "portControl", "ForceAuthorized"),
330 ("AdminControlledPortControl", "portControl",
331 "ForceUnauthorized"),
332 ("AdminControlledPortControl", "portControl", "Auto") ]
333 for param
,mibparam
,val
in tests
:
334 if "OK" not in hapd
.request("EAPOL_SET %s %s %s" % (addr0
, param
, val
)):
335 raise Exception("Failed to set %s %s" % (param
, val
))
336 mib
= hapd
.get_sta(addr0
, info
="eapol")
337 if mib
[mibparam
] != val
:
338 raise Exception("Unexpected %s value: %s (expected %s)" % (param
, mib
[mibparam
], val
))
339 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
341 raise Exception("EAP authentication did not succeed")
343 hwsim_utils
.test_connectivity(dev
[0], hapd
)
345 def test_ieee8021x_auth_awhile(dev
, apdev
):
346 """IEEE 802.1X and EAPOL Authenticator aWhile handling"""
347 params
= hostapd
.radius_params()
348 params
["ssid"] = "ieee8021x-open"
349 params
["ieee8021x"] = "1"
350 params
['auth_server_port'] = "18129"
351 hapd
= hostapd
.add_ap(apdev
[0], params
)
352 bssid
= apdev
[0]['bssid']
353 addr0
= dev
[0].own_addr()
356 params
['ssid'] = 'as'
357 params
['beacon_int'] = '2000'
358 params
['radius_server_clients'] = 'auth_serv/radius_clients.conf'
359 params
['radius_server_auth_port'] = '18129'
360 params
['eap_server'] = '1'
361 params
['eap_user_file'] = 'auth_serv/eap_user.conf'
362 params
['ca_cert'] = 'auth_serv/ca.pem'
363 params
['server_cert'] = 'auth_serv/server.pem'
364 params
['private_key'] = 'auth_serv/server.key'
365 hapd1
= hostapd
.add_ap(apdev
[1], params
)
367 dev
[0].connect("ieee8021x-open", key_mgmt
="IEEE8021X", eapol_flags
="0",
368 eap
="PSK", identity
="psk.user@example.com",
369 password_hex
="0123456789abcdef0123456789abcdef",
372 if "OK" not in hapd
.request("EAPOL_SET %s serverTimeout 1" % addr0
):
373 raise Exception("Failed to set serverTimeout")
374 hapd
.request("EAPOL_REAUTH " + dev
[0].own_addr())
375 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
378 mib
= hapd
.get_sta(addr0
, info
="eapol")
379 val
= int(mib
['aWhile'])
384 raise Exception("aWhile did not increase")
388 mib
= hapd
.get_sta(addr0
, info
="eapol")
389 val
= int(mib
['aWhile'])
393 ev
= hapd
.wait_event(["CTRL-EVENT-EAP-PROPOSED"], timeout
=10)
395 raise Exception("Authentication restart not seen")