#include "eapol_supp/eapol_supp_sm.h"
#include "eap_peer/eap.h"
#include "eloop.h"
-#include "wpa.h"
+#include "rsn_supp/wpa.h"
#include "eap_peer/eap_i.h"
#include "wpa_supplicant_i.h"
#include "radius/radius.h"
extern int wpa_debug_level;
extern int wpa_debug_show_keys;
-struct wpa_driver_ops *wpa_supplicant_drivers[] = { NULL };
+struct wpa_driver_ops *wpa_drivers[] = { NULL };
+struct extra_radius_attr {
+ u8 type;
+ char syntax;
+ char *data;
+ struct extra_radius_attr *next;
+};
+
struct eapol_test_data {
struct wpa_supplicant *wpa_s;
char *connect_info;
u8 own_addr[ETH_ALEN];
- int cui_flag;
- char *cui_str;
+ struct extra_radius_attr *extra_attrs;
};
static struct eapol_test_data eapol_test;
}
+static int add_extra_attr(struct radius_msg *msg,
+ struct extra_radius_attr *attr)
+{
+ size_t len;
+ char *pos;
+ u32 val;
+ char buf[128];
+
+ switch (attr->syntax) {
+ case 's':
+ os_snprintf(buf, sizeof(buf), "%s", attr->data);
+ len = os_strlen(buf);
+ break;
+ case 'n':
+ buf[0] = '\0';
+ len = 1;
+ break;
+ case 'x':
+ pos = attr->data;
+ if (pos[0] == '0' && pos[1] == 'x')
+ pos += 2;
+ len = os_strlen(pos);
+ if ((len & 1) || (len / 2) > sizeof(buf)) {
+ printf("Invalid extra attribute hexstring\n");
+ return -1;
+ }
+ len /= 2;
+ if (hexstr2bin(pos, (u8 *) buf, len) < 0) {
+ printf("Invalid extra attribute hexstring\n");
+ return -1;
+ }
+ break;
+ case 'd':
+ val = htonl(atoi(attr->data));
+ os_memcpy(buf, &val, 4);
+ len = 4;
+ break;
+ default:
+ printf("Incorrect extra attribute syntax specification\n");
+ return -1;
+ }
+
+ if (!radius_msg_add_attr(msg, attr->type, (u8 *) buf, len)) {
+ printf("Could not add attribute %d\n", attr->type);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int add_extra_attrs(struct radius_msg *msg,
+ struct extra_radius_attr *attrs)
+{
+ struct extra_radius_attr *p;
+ for (p = attrs; p; p = p->next) {
+ if (add_extra_attr(msg, p) < 0)
+ return -1;
+ }
+ return 0;
+}
+
+
+static struct extra_radius_attr *
+find_extra_attr(struct extra_radius_attr *attrs, u8 type)
+{
+ struct extra_radius_attr *p;
+ for (p = attrs; p; p = p->next) {
+ if (p->type == type)
+ return p;
+ }
+ return NULL;
+}
+
+
static void ieee802_1x_encapsulate_radius(struct eapol_test_data *e,
const u8 *eap, size_t len)
{
goto fail;
}
- if (!radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
+ if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_IP_ADDRESS) &&
+ !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
(u8 *) &e->own_ip_addr, 4)) {
printf("Could not add NAS-IP-Address\n");
goto fail;
os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
MAC2STR(e->wpa_s->own_addr));
- if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
+ if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CALLING_STATION_ID)
+ &&
+ !radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
(u8 *) buf, os_strlen(buf))) {
printf("Could not add Calling-Station-Id\n");
goto fail;
/* TODO: should probably check MTU from driver config; 2304 is max for
* IEEE 802.11, but use 1400 to avoid problems with too large packets
*/
- if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) {
+ if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_FRAMED_MTU) &&
+ !radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) {
printf("Could not add Framed-MTU\n");
goto fail;
}
- if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE,
+ if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_PORT_TYPE) &&
+ !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE,
RADIUS_NAS_PORT_TYPE_IEEE_802_11)) {
printf("Could not add NAS-Port-Type\n");
goto fail;
}
os_snprintf(buf, sizeof(buf), "%s", e->connect_info);
- if (!radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
+ if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CONNECT_INFO) &&
+ !radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
(u8 *) buf, os_strlen(buf))) {
printf("Could not add Connect-Info\n");
goto fail;
}
- if (e->cui_flag) {
- int l = 0;
- if (e->cui_flag == 1) {
- l = 1;
- buf[0] = '\0';
- } else if (e->cui_flag == 2) {
- os_snprintf(buf, sizeof(buf), "%s", e->cui_str);
- l = os_strlen(buf);
- }
- if (!radius_msg_add_attr(msg,
- RADIUS_ATTR_CHARGEABLE_USER_IDENTITY,
- (u8 *) buf, l)) {
- printf("Could not add Chargeable-User-Identity\n");
- goto fail;
- }
- }
+ if (add_extra_attrs(msg, e->extra_attrs) < 0)
+ goto fail;
if (eap && !radius_msg_add_eap(msg, eap, len)) {
printf("Could not add EAP-Message\n");
/* State attribute must be copied if and only if this packet is
* Access-Request reply to the previous Access-Challenge */
- if (e->last_recv_radius && e->last_recv_radius->hdr->code ==
+ if (e->last_recv_radius &&
+ radius_msg_get_hdr(e->last_recv_radius)->code ==
RADIUS_CODE_ACCESS_CHALLENGE) {
int res = radius_msg_copy_attr(msg, e->last_recv_radius,
RADIUS_ATTR_STATE);
fail:
radius_msg_free(msg);
- os_free(msg);
}
ctx->eapol_send = eapol_test_eapol_send;
ctx->set_config_blob = eapol_test_set_config_blob;
ctx->get_config_blob = eapol_test_get_config_blob;
-#ifdef EAP_TLS_OPENSSL
ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
-#endif /* EAP_TLS_OPENSSL */
wpa_s->eapol = eapol_sm_init(ctx);
if (wpa_s->eapol == NULL) {
static void test_eapol_clean(struct eapol_test_data *e,
struct wpa_supplicant *wpa_s)
{
+ struct extra_radius_attr *p, *prev;
+
radius_client_deinit(e->radius);
os_free(e->last_eap_radius);
- if (e->last_recv_radius) {
- radius_msg_free(e->last_recv_radius);
- os_free(e->last_recv_radius);
- }
+ radius_msg_free(e->last_recv_radius);
+ e->last_recv_radius = NULL;
os_free(e->eap_identity);
e->eap_identity = NULL;
eapol_sm_deinit(wpa_s->eapol);
wpa_s->ctrl_iface = NULL;
}
wpa_config_free(wpa_s->conf);
+
+ p = e->extra_attrs;
+ while (p) {
+ prev = p;
+ p = p->next;
+ os_free(prev);
+ }
}
static void ieee802_1x_get_keys(struct eapol_test_data *e,
struct radius_msg *msg, struct radius_msg *req,
- u8 *shared_secret, size_t shared_secret_len)
+ const u8 *shared_secret,
+ size_t shared_secret_len)
{
struct radius_ms_mppe_keys *keys;
keys->recv_len;
os_memcpy(e->authenticator_pmk, keys->recv,
e->authenticator_pmk_len);
+ if (e->authenticator_pmk_len == 16 && keys->send &&
+ keys->send_len == 16) {
+ /* MS-CHAP-v2 derives 16 octet keys */
+ wpa_printf(MSG_DEBUG, "Use MS-MPPE-Send-Key "
+ "to extend PMK to 32 octets");
+ os_memcpy(e->authenticator_pmk +
+ e->authenticator_pmk_len,
+ keys->send, keys->send_len);
+ e->authenticator_pmk_len += keys->send_len;
+ }
}
os_free(keys->send);
/* Process the RADIUS frames from Authentication Server */
static RadiusRxResult
ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
- u8 *shared_secret, size_t shared_secret_len,
+ const u8 *shared_secret, size_t shared_secret_len,
void *data)
{
struct eapol_test_data *e = data;
+ struct radius_hdr *hdr = radius_msg_get_hdr(msg);
/* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be
* present when packet contains an EAP-Message attribute */
- if (msg->hdr->code == RADIUS_CODE_ACCESS_REJECT &&
+ if (hdr->code == RADIUS_CODE_ACCESS_REJECT &&
radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,
0) < 0 &&
radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {
return RADIUS_RX_UNKNOWN;
}
- if (msg->hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
- msg->hdr->code != RADIUS_CODE_ACCESS_REJECT &&
- msg->hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {
+ if (hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
+ hdr->code != RADIUS_CODE_ACCESS_REJECT &&
+ hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {
printf("Unknown RADIUS message code\n");
return RADIUS_RX_UNKNOWN;
}
e->radius_identifier = -1;
wpa_printf(MSG_DEBUG, "RADIUS packet matching with station");
- if (e->last_recv_radius) {
- radius_msg_free(e->last_recv_radius);
- os_free(e->last_recv_radius);
- }
-
+ radius_msg_free(e->last_recv_radius);
e->last_recv_radius = msg;
- switch (msg->hdr->code) {
+ switch (hdr->code) {
case RADIUS_CODE_ACCESS_ACCEPT:
e->radius_access_accept_received = 1;
ieee802_1x_get_keys(e, msg, req, shared_secret,
ieee802_1x_decapsulate_radius(e);
- if ((msg->hdr->code == RADIUS_CODE_ACCESS_ACCEPT &&
+ if ((hdr->code == RADIUS_CODE_ACCESS_ACCEPT &&
e->eapol_test_num_reauths < 0) ||
- msg->hdr->code == RADIUS_CODE_ACCESS_REJECT) {
+ hdr->code == RADIUS_CODE_ACCESS_REJECT) {
eloop_terminate();
}
}
-static void eapol_test_terminate(int sig, void *eloop_ctx,
- void *signal_ctx)
+static void eapol_test_terminate(int sig, void *signal_ctx)
{
- struct wpa_supplicant *wpa_s = eloop_ctx;
+ struct wpa_supplicant *wpa_s = signal_ctx;
wpa_msg(wpa_s, MSG_INFO, "Signal %d received - terminating", sig);
eloop_terminate();
}
"[-s<AS secret>]\\\n"
" [-r<count>] [-t<timeout>] [-C<Connect-Info>] \\\n"
" [-M<client MAC address>] \\\n"
- " [-I<CUI>] [-i] [-A<client IP>]\n"
+ " [-N<attr spec>] \\\n"
+ " [-A<client IP>]\n"
"eapol_test scard\n"
"eapol_test sim <PIN> <num triplets> [debug]\n"
"\n");
"automatically\n"
" -r<count> = number of re-authentications\n"
" -W = wait for a control interface monitor before starting\n"
- " -S = save configuration after authentiation\n"
+ " -S = save configuration after authentication\n"
" -n = no MPPE keys expected\n"
" -t<timeout> = sets timeout in seconds (default: 30 s)\n"
" -C<Connect-Info> = RADIUS Connect-Info (default: "
" -M<client MAC address> = Set own MAC address "
"(Calling-Station-Id,\n"
" default: 02:00:00:00:00:01)\n"
- " -I<CUI> = send Chargeable-User-Identity containing the "
- "value of CUI\n"
- " -i = send NUL value in Chargeable-User-Identity\n");
+ " -N<attr spec> = send arbitrary attribute specified by:\n"
+ " attr_id:syntax:value or attr_id\n"
+ " attr_id - number id of the attribute\n"
+ " syntax - one of: s, d, x\n"
+ " s = string\n"
+ " d = integer\n"
+ " x = octet string\n"
+ " value - attribute value.\n"
+ " When only attr_id is specified, NULL will be used as "
+ "value.\n"
+ " Multiple attributes can be specified by using the "
+ "option several times.\n");
}
char *cli_addr = NULL;
char *conf = NULL;
int timeout = 30;
+ char *pos;
+ struct extra_radius_attr *p = NULL, *p1;
if (os_program_init())
return -1;
wpa_debug_show_keys = 1;
for (;;) {
- c = getopt(argc, argv, "a:A:c:C:iI:M:np:r:s:St:W");
+ c = getopt(argc, argv, "a:A:c:C:M:nN:p:r:s:St:W");
if (c < 0)
break;
switch (c) {
case 'C':
eapol_test.connect_info = optarg;
break;
- case 'i':
- eapol_test.cui_flag = 1;
- break;
- case 'I':
- eapol_test.cui_flag = 2;
- eapol_test.cui_str = optarg;
- break;
case 'M':
if (hwaddr_aton(optarg, eapol_test.own_addr)) {
usage();
case 'W':
wait_for_monitor++;
break;
+ case 'N':
+ p1 = os_zalloc(sizeof(p1));
+ if (p1 == NULL)
+ break;
+ if (!p)
+ eapol_test.extra_attrs = p1;
+ else
+ p->next = p1;
+ p = p1;
+
+ p->type = atoi(optarg);
+ pos = os_strchr(optarg, ':');
+ if (pos == NULL) {
+ p->syntax = 'n';
+ p->data = NULL;
+ break;
+ }
+
+ pos++;
+ if (pos[0] == '\0' || pos[1] != ':') {
+ printf("Incorrect format of attribute "
+ "specification\n");
+ break;
+ }
+
+ p->syntax = pos[0];
+ p->data = pos + 2;
+ break;
default:
usage();
return -1;
return -1;
}
- if (eap_peer_register_methods()) {
+ if (eap_register_methods()) {
wpa_printf(MSG_ERROR, "Failed to register EAP methods");
return -1;
}
- if (eloop_init(&wpa_s)) {
+ if (eloop_init()) {
wpa_printf(MSG_ERROR, "Failed to initialize event loop");
return -1;
}
eloop_register_timeout(timeout, 0, eapol_test_timeout, &eapol_test,
NULL);
eloop_register_timeout(0, 0, send_eap_request_identity, &wpa_s, NULL);
- eloop_register_signal_terminate(eapol_test_terminate, NULL);
- eloop_register_signal_reconfig(eapol_test_terminate, NULL);
+ eloop_register_signal_terminate(eapol_test_terminate, &wpa_s);
+ eloop_register_signal_reconfig(eapol_test_terminate, &wpa_s);
eloop_run();
eloop_cancel_timeout(eapol_test_timeout, &eapol_test, NULL);