From: Jouni Malinen Date: Tue, 27 Jan 2015 15:06:26 +0000 (+0200) Subject: tests: EAPOL supplicant invalid frame handling X-Git-Tag: hostap_2_4~296 X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=a08fdb17aa3cbe18d8ceb3650ba8d3eac6dcb811;p=mech_eap.git tests: EAPOL supplicant invalid frame handling Signed-off-by: Jouni Malinen --- diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index 3628d71..71f9a65 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -2606,3 +2606,17 @@ def test_wpa2_eap_ttls_pap_key_lifetime_in_memory(dev, apdev, params): verify_not_present(buf, gtk, fname, "GTK") verify_not_present(buf, msk, fname, "MSK") verify_not_present(buf, emsk, fname, "EMSK") + +def test_ap_wpa2_eap_unexpected_wep_eapol_key(dev, apdev): + """WPA2-Enterprise connection and unexpected WEP EAPOL-Key""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + bssid = apdev[0]['bssid'] + eap_connect(dev[0], apdev[0], "TTLS", "pap user", + anonymous_identity="ttls", password="password", + ca_cert="auth_serv/ca.pem", phase2="auth=PAP") + + # Send unexpected WEP EAPOL-Key; this gets dropped + res = dev[0].request("EAPOL_RX " + bssid + " 0203002c0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000") + if "OK" not in res: + raise Exception("EAPOL_RX to wpa_supplicant failed") diff --git a/tests/hwsim/test_ap_wps.py b/tests/hwsim/test_ap_wps.py index 5cb67ab..17ecd0a 100644 --- a/tests/hwsim/test_ap_wps.py +++ b/tests/hwsim/test_ap_wps.py @@ -2346,3 +2346,23 @@ def test_ap_wps_ap_scan_2(dev, apdev): wpas.dump_monitor() wpas.request("REASSOCIATE") wpas.wait_connected(timeout=30) + +def test_ap_wps_eapol_workaround(dev, apdev): + """EAPOL workaround code path for 802.1X header length mismatch""" + ssid = "test-wps" + hostapd.add_ap(apdev[0]['ifname'], + { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) + hapd = hostapd.Hostapd(apdev[0]['ifname']) + bssid = apdev[0]['bssid'] + hapd.request("SET ext_eapol_frame_io 1") + dev[0].request("SET ext_eapol_frame_io 1") + hapd.request("WPS_PBC") + dev[0].request("WPS_PBC") + + ev = hapd.wait_event(["EAPOL-TX"], timeout=15) + if ev is None: + raise Exception("Timeout on EAPOL-TX from hostapd") + + res = dev[0].request("EAPOL_RX " + bssid + " 020000040193000501FFFF") + if "OK" not in res: + raise Exception("EAPOL_RX to wpa_supplicant failed") diff --git a/tests/hwsim/test_ieee8021x.py b/tests/hwsim/test_ieee8021x.py index 94f60a6..82f783c 100644 --- a/tests/hwsim/test_ieee8021x.py +++ b/tests/hwsim/test_ieee8021x.py @@ -23,7 +23,8 @@ def test_ieee8021x_wep104(dev, apdev): dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK", identity="psk.user@example.com", - password_hex="0123456789abcdef0123456789abcdef") + password_hex="0123456789abcdef0123456789abcdef", + scan_freq="2412") hwsim_utils.test_connectivity(dev[0], hapd) def test_ieee8021x_wep40(dev, apdev): @@ -37,7 +38,8 @@ def test_ieee8021x_wep40(dev, apdev): dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK", identity="psk.user@example.com", - password_hex="0123456789abcdef0123456789abcdef") + password_hex="0123456789abcdef0123456789abcdef", + scan_freq="2412") hwsim_utils.test_connectivity(dev[0], hapd) def test_ieee8021x_open(dev, apdev): @@ -49,7 +51,8 @@ def test_ieee8021x_open(dev, apdev): id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", eap="PSK", identity="psk.user@example.com", - password_hex="0123456789abcdef0123456789abcdef") + password_hex="0123456789abcdef0123456789abcdef", + scan_freq="2412") hwsim_utils.test_connectivity(dev[0], hapd) logger.info("Test EAPOL-Logoff") @@ -75,5 +78,52 @@ def test_ieee8021x_static_wep40(dev, apdev): dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK", identity="psk.user@example.com", password_hex="0123456789abcdef0123456789abcdef", - wep_key0='"hello"', eapol_flags="0") + wep_key0='"hello"', eapol_flags="0", + scan_freq="2412") hwsim_utils.test_connectivity(dev[0], hapd) + +def test_ieee8021x_proto(dev, apdev): + """IEEE 802.1X and EAPOL supplicant protocol testing""" + params = hostapd.radius_params() + params["ssid"] = "ieee8021x-open" + params["ieee8021x"] = "1" + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + bssid = apdev[0]['bssid'] + + dev[1].request("SET ext_eapol_frame_io 1") + dev[1].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", + eap="PSK", identity="psk.user@example.com", + password_hex="0123456789abcdef0123456789abcdef", + scan_freq="2412", wait_connect=False) + id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", + eap="PSK", identity="psk.user@example.com", + password_hex="0123456789abcdef0123456789abcdef", + scan_freq="2412") + ev = dev[1].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5) + + start = dev[0].get_mib() + + tests = [ "11", + "11223344", + "020000050a93000501", + "020300050a93000501", + "0203002c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "0203002c0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "0203002c0100050000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "02aa00050a93000501" ] + for frame in tests: + res = dev[0].request("EAPOL_RX " + bssid + " " + frame) + if "OK" not in res: + raise Exception("EAPOL_RX to wpa_supplicant failed") + dev[1].request("EAPOL_RX " + bssid + " " + frame) + + stop = dev[0].get_mib() + + logger.info("MIB before test frames: " + str(start)) + logger.info("MIB after test frames: " + str(stop)) + + vals = [ 'dot1xSuppInvalidEapolFramesRx', + 'dot1xSuppEapLengthErrorFramesRx' ] + for val in vals: + if int(stop[val]) <= int(start[val]): + raise Exception(val + " did not increase")