2 # Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
9 logger = logging.getLogger()
16 from utils import HwsimSkip
17 from test_ap_eap import check_eap_capa
25 EAP_TYPE_NOTIFICATION = 2
36 EAP_TYPE_MSCHAPV2 = 26
44 EAP_TYPE_AKA_PRIME = 50
49 def run_pyrad_server(srv, t_stop, eap_handler):
50 srv.RunWithStop(t_stop, eap_handler)
52 def start_radius_server(eap_handler):
56 import pyrad.dictionary
58 raise HwsimSkip("No pyrad modules available")
60 class TestServer(pyrad.server.Server):
61 def _HandleAuthPacket(self, pkt):
62 pyrad.server.Server._HandleAuthPacket(self, pkt)
64 logger.info("Multiple EAP-Message attributes")
67 eap_req = self.eap_handler(self.ctx, eap)
68 reply = self.CreateReplyPacket(pkt)
71 if len(eap_req) > 253:
72 reply.AddAttribute("EAP-Message", eap_req[0:253])
73 eap_req = eap_req[253:]
75 reply.AddAttribute("EAP-Message", eap_req)
78 logger.info("No EAP request available")
79 reply.code = pyrad.packet.AccessChallenge
81 hmac_obj = hmac.new(reply.secret)
82 hmac_obj.update(struct.pack("B", reply.code))
83 hmac_obj.update(struct.pack("B", reply.id))
86 reply.AddAttribute("Message-Authenticator",
87 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
88 attrs = reply._PktEncodeAttributes()
91 flen = 4 + 16 + len(attrs)
92 hmac_obj.update(struct.pack(">H", flen))
93 hmac_obj.update(pkt.authenticator)
94 hmac_obj.update(attrs)
96 reply.AddAttribute("Message-Authenticator", hmac_obj.digest())
98 self.SendReplyPacket(pkt.fd, reply)
100 def RunWithStop(self, t_stop, eap_handler):
101 self._poll = select.poll()
103 self._PrepareSockets()
105 self.eap_handler = eap_handler
108 while not t_stop.is_set():
109 for (fd, event) in self._poll.poll(1000):
110 if event == select.POLLIN:
112 fdo = self._fdmap[fd]
113 self._ProcessInput(fdo)
114 except pyrad.server.ServerPacketError as err:
115 logger.info("pyrad server dropping packet: " + str(err))
116 except pyrad.packet.PacketError as err:
117 logger.info("pyrad server received invalid packet: " + str(err))
119 logger.error("Unexpected event in pyrad server main loop")
121 srv = TestServer(dict=pyrad.dictionary.Dictionary("dictionary.radius"),
122 authport=18138, acctport=18139)
123 srv.hosts["127.0.0.1"] = pyrad.server.RemoteHost("127.0.0.1",
126 srv.BindToAddress("")
127 t_stop = threading.Event()
128 t = threading.Thread(target=run_pyrad_server, args=(srv, t_stop, eap_handler))
131 return { 'srv': srv, 'stop': t_stop, 'thread': t }
133 def stop_radius_server(srv):
137 def start_ap(ifname):
138 params = hostapd.wpa2_eap_params(ssid="eap-test")
139 params['auth_server_port'] = "18138"
140 hapd = hostapd.add_ap(ifname, params)
143 def test_eap_proto(dev, apdev):
144 """EAP protocol tests"""
145 check_eap_capa(dev[0], "MD5")
146 def eap_handler(ctx, req):
147 logger.info("eap_handler - RX " + req.encode("hex"))
150 ctx['num'] = ctx['num'] + 1
153 ctx['id'] = (ctx['id'] + 1) % 256
157 if ctx['num'] == idx:
158 logger.info("Test: MD5 challenge")
159 return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
164 if ctx['num'] == idx:
165 logger.info("Test: EAP-Success - id off by 2")
166 return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'] + 1, 4)
169 if ctx['num'] == idx:
170 logger.info("Test: MD5 challenge")
171 return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
176 if ctx['num'] == idx:
177 logger.info("Test: EAP-Success - id off by 3")
178 return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'] + 2, 4)
181 if ctx['num'] == idx:
182 logger.info("Test: MD5 challenge")
183 return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
188 if ctx['num'] == idx:
189 logger.info("Test: EAP-Notification/Request")
190 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
192 EAP_TYPE_NOTIFICATION,
195 if ctx['num'] == idx:
196 logger.info("Test: EAP-Success")
197 return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'] - 1, 4)
200 if ctx['num'] == idx:
201 logger.info("Test: EAP-Notification/Request")
202 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
204 EAP_TYPE_NOTIFICATION,
207 if ctx['num'] == idx:
208 logger.info("Test: MD5 challenge")
209 return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
214 if ctx['num'] == idx:
215 logger.info("Test: EAP-Success")
216 return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'] - 1, 4)
219 if ctx['num'] == idx:
220 logger.info("Test: EAP-Notification/Request")
221 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
223 EAP_TYPE_NOTIFICATION,
226 if ctx['num'] == idx:
227 logger.info("Test: MD5 challenge")
228 return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
233 if ctx['num'] == idx:
234 logger.info("Test: EAP-Notification/Request")
235 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
237 EAP_TYPE_NOTIFICATION,
240 if ctx['num'] == idx:
241 logger.info("Test: EAP-Success")
242 return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'] - 1, 4)
245 if ctx['num'] == idx:
246 logger.info("Test: EAP-Notification/Request")
247 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
249 EAP_TYPE_NOTIFICATION,
252 if ctx['num'] == idx:
253 logger.info("Test: EAP-Notification/Request (same id)")
254 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'] - 1,
256 EAP_TYPE_NOTIFICATION,
259 if ctx['num'] == idx:
260 logger.info("Test: Unexpected EAP-Success")
261 return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'] - 2, 4)
265 srv = start_radius_server(eap_handler)
268 hapd = start_ap(apdev[0]['ifname'])
270 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
271 eap="MD5", identity="user", password="password",
273 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
275 raise Exception("Timeout on EAP start")
276 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
278 raise Exception("Timeout on EAP success")
279 dev[0].request("REMOVE_NETWORK all")
281 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
282 eap="MD5", identity="user", password="password",
284 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
286 raise Exception("Timeout on EAP start")
287 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=1)
289 raise Exception("Unexpected EAP success")
290 dev[0].request("REMOVE_NETWORK all")
292 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
293 eap="MD5", identity="user", password="password",
295 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
297 raise Exception("Timeout on EAP start")
298 ev = dev[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout=10)
300 raise Exception("Timeout on EAP notification")
301 if ev != "<3>CTRL-EVENT-EAP-NOTIFICATION A":
302 raise Exception("Unexpected notification contents: " + ev)
303 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
305 raise Exception("Timeout on EAP success")
306 dev[0].request("REMOVE_NETWORK all")
308 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
309 eap="MD5", identity="user", password="password",
311 ev = dev[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout=10)
313 raise Exception("Timeout on EAP notification")
314 if ev != "<3>CTRL-EVENT-EAP-NOTIFICATION B":
315 raise Exception("Unexpected notification contents: " + ev)
316 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
318 raise Exception("Timeout on EAP start")
319 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
321 raise Exception("Timeout on EAP success")
322 dev[0].request("REMOVE_NETWORK all")
324 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
325 eap="MD5", identity="user", password="password",
327 ev = dev[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout=10)
329 raise Exception("Timeout on EAP notification")
330 if ev != "<3>CTRL-EVENT-EAP-NOTIFICATION C":
331 raise Exception("Unexpected notification contents: " + ev)
332 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
334 raise Exception("Timeout on EAP start")
335 ev = dev[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout=10)
337 raise Exception("Timeout on EAP notification")
338 if ev != "<3>CTRL-EVENT-EAP-NOTIFICATION D":
339 raise Exception("Unexpected notification contents: " + ev)
340 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
342 raise Exception("Timeout on EAP success")
343 dev[0].request("REMOVE_NETWORK all")
345 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
346 eap="MD5", identity="user", password="password",
348 ev = dev[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout=10)
350 raise Exception("Timeout on EAP notification")
351 if ev != "<3>CTRL-EVENT-EAP-NOTIFICATION E":
352 raise Exception("Unexpected notification contents: " + ev)
353 ev = dev[0].wait_event(["CTRL-EVENT-EAP-NOTIFICATION"], timeout=10)
355 raise Exception("Timeout on EAP notification")
356 if ev != "<3>CTRL-EVENT-EAP-NOTIFICATION F":
357 raise Exception("Unexpected notification contents: " + ev)
358 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=15)
360 raise Exception("Timeout on EAP failure")
361 dev[0].request("REMOVE_NETWORK all")
363 stop_radius_server(srv)
367 EAP_SAKE_SUBTYPE_CHALLENGE = 1
368 EAP_SAKE_SUBTYPE_CONFIRM = 2
369 EAP_SAKE_SUBTYPE_AUTH_REJECT = 3
370 EAP_SAKE_SUBTYPE_IDENTITY = 4
372 EAP_SAKE_AT_RAND_S = 1
373 EAP_SAKE_AT_RAND_P = 2
374 EAP_SAKE_AT_MIC_S = 3
375 EAP_SAKE_AT_MIC_P = 4
376 EAP_SAKE_AT_SERVERID = 5
377 EAP_SAKE_AT_PEERID = 6
378 EAP_SAKE_AT_SPI_S = 7
379 EAP_SAKE_AT_SPI_P = 8
380 EAP_SAKE_AT_ANY_ID_REQ = 9
381 EAP_SAKE_AT_PERM_ID_REQ = 10
382 EAP_SAKE_AT_ENCR_DATA = 128
384 EAP_SAKE_AT_PADDING = 130
385 EAP_SAKE_AT_NEXT_TMPID = 131
386 EAP_SAKE_AT_MSK_LIFE = 132
388 def test_eap_proto_sake(dev, apdev):
389 """EAP-SAKE protocol tests"""
390 def sake_challenge(ctx):
391 logger.info("Test: Challenge subtype")
392 return struct.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST, ctx['id'],
395 EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CHALLENGE,
396 EAP_SAKE_AT_RAND_S, 18, 0, 0, 0, 0)
398 def sake_handler(ctx, req):
399 logger.info("sake_handler - RX " + req.encode("hex"))
402 ctx['num'] = ctx['num'] + 1
405 ctx['id'] = (ctx['id'] + 1) % 256
408 logger.info("Test: Missing payload")
409 return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], 4 + 1,
413 logger.info("Test: Identity subtype without any attributes")
414 return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
417 EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_IDENTITY)
420 logger.info("Test: Identity subtype")
421 return struct.pack(">BBHBBBBBBH", EAP_CODE_REQUEST, ctx['id'],
424 EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_IDENTITY,
425 EAP_SAKE_AT_ANY_ID_REQ, 4, 0)
427 logger.info("Test: Identity subtype (different session id)")
428 return struct.pack(">BBHBBBBBBH", EAP_CODE_REQUEST, ctx['id'],
431 EAP_SAKE_VERSION, 1, EAP_SAKE_SUBTYPE_IDENTITY,
432 EAP_SAKE_AT_PERM_ID_REQ, 4, 0)
435 logger.info("Test: Identity subtype with too short attribute")
436 return struct.pack(">BBHBBBBBB", EAP_CODE_REQUEST, ctx['id'],
439 EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_IDENTITY,
440 EAP_SAKE_AT_ANY_ID_REQ, 2)
443 logger.info("Test: Identity subtype with truncated attribute")
444 return struct.pack(">BBHBBBBBB", EAP_CODE_REQUEST, ctx['id'],
447 EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_IDENTITY,
448 EAP_SAKE_AT_ANY_ID_REQ, 4)
451 logger.info("Test: Unknown subtype")
452 return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
455 EAP_SAKE_VERSION, 0, 123)
458 logger.info("Test: Challenge subtype without any attributes")
459 return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
462 EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CHALLENGE)
465 logger.info("Test: Challenge subtype with too short AT_RAND_S")
466 return struct.pack(">BBHBBBBBB", EAP_CODE_REQUEST, ctx['id'],
469 EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CHALLENGE,
470 EAP_SAKE_AT_RAND_S, 2)
473 return sake_challenge(ctx)
475 logger.info("Test: Unexpected Identity subtype")
476 return struct.pack(">BBHBBBBBBH", EAP_CODE_REQUEST, ctx['id'],
479 EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_IDENTITY,
480 EAP_SAKE_AT_ANY_ID_REQ, 4, 0)
483 return sake_challenge(ctx)
485 logger.info("Test: Unexpected Challenge subtype")
486 return struct.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST, ctx['id'],
489 EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CHALLENGE,
490 EAP_SAKE_AT_RAND_S, 18, 0, 0, 0, 0)
493 return sake_challenge(ctx)
495 logger.info("Test: Confirm subtype without any attributes")
496 return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
499 EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CONFIRM)
502 return sake_challenge(ctx)
504 logger.info("Test: Confirm subtype with too short AT_MIC_S")
505 return struct.pack(">BBHBBBBBB", EAP_CODE_REQUEST, ctx['id'],
508 EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CONFIRM,
509 EAP_SAKE_AT_MIC_S, 2)
512 logger.info("Test: Unexpected Confirm subtype")
513 return struct.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST, ctx['id'],
516 EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CONFIRM,
517 EAP_SAKE_AT_MIC_S, 18, 0, 0, 0, 0)
520 return sake_challenge(ctx)
522 logger.info("Test: Confirm subtype with incorrect AT_MIC_S")
523 return struct.pack(">BBHBBBBBBLLLL", EAP_CODE_REQUEST, ctx['id'],
526 EAP_SAKE_VERSION, 0, EAP_SAKE_SUBTYPE_CONFIRM,
527 EAP_SAKE_AT_MIC_S, 18, 0, 0, 0, 0)
529 return sake_challenge(ctx)
531 srv = start_radius_server(sake_handler)
534 hapd = start_ap(apdev[0]['ifname'])
536 for i in range(0, 14):
537 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
538 eap="SAKE", identity="sake user",
539 password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
541 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
543 raise Exception("Timeout on EAP start")
545 dev[0].request("REMOVE_NETWORK all")
547 logger.info("Too short password")
548 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
549 eap="SAKE", identity="sake user",
550 password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcd",
552 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
554 raise Exception("Timeout on EAP start")
557 stop_radius_server(srv)
559 def test_eap_proto_leap(dev, apdev):
560 """EAP-LEAP protocol tests"""
561 check_eap_capa(dev[0], "LEAP")
562 def leap_handler(ctx, req):
563 logger.info("leap_handler - RX " + req.encode("hex"))
566 ctx['num'] = ctx['num'] + 1
569 ctx['id'] = (ctx['id'] + 1) % 256
572 logger.info("Test: Missing payload")
573 return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
578 logger.info("Test: Unexpected version")
579 return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
585 logger.info("Test: Invalid challenge length")
586 return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
592 logger.info("Test: Truncated challenge")
593 return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
599 logger.info("Test: Valid challenge")
600 return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
605 logger.info("Test: Missing payload in Response")
606 return struct.pack(">BBHB", EAP_CODE_RESPONSE, ctx['id'],
611 logger.info("Test: Valid challenge")
612 return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
617 logger.info("Test: Unexpected version in Response")
618 return struct.pack(">BBHBBBB", EAP_CODE_RESPONSE, ctx['id'],
624 logger.info("Test: Valid challenge")
625 return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
630 logger.info("Test: Invalid challenge length in Response")
631 return struct.pack(">BBHBBBB", EAP_CODE_RESPONSE, ctx['id'],
637 logger.info("Test: Valid challenge")
638 return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
643 logger.info("Test: Truncated challenge in Response")
644 return struct.pack(">BBHBBBB", EAP_CODE_RESPONSE, ctx['id'],
650 logger.info("Test: Valid challenge")
651 return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
656 logger.info("Test: Invalid challange value in Response")
657 return struct.pack(">BBHBBBB6L", EAP_CODE_RESPONSE, ctx['id'],
664 logger.info("Test: Valid challenge")
665 return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
670 logger.info("Test: Valid challange value in Response")
671 return struct.pack(">BBHBBBB24B", EAP_CODE_RESPONSE, ctx['id'],
675 0x48, 0x4e, 0x46, 0xe3, 0x88, 0x49, 0x46, 0xbd,
676 0x28, 0x48, 0xf8, 0x53, 0x82, 0x50, 0x00, 0x04,
677 0x93, 0x50, 0x30, 0xd7, 0x25, 0xea, 0x5f, 0x66)
680 logger.info("Test: Valid challenge")
681 return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
686 logger.info("Test: Success")
687 return struct.pack(">BBHB", EAP_CODE_SUCCESS, ctx['id'],
690 # hostapd will drop the next frame in the sequence
693 logger.info("Test: Valid challenge")
694 return struct.pack(">BBHBBBBLL", EAP_CODE_REQUEST, ctx['id'],
699 logger.info("Test: Failure")
700 return struct.pack(">BBHB", EAP_CODE_FAILURE, ctx['id'],
706 srv = start_radius_server(leap_handler)
709 hapd = start_ap(apdev[0]['ifname'])
711 for i in range(0, 12):
712 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
713 eap="LEAP", identity="user", password="password",
715 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
717 raise Exception("Timeout on EAP start")
720 logger.info("Wait for additional roundtrip")
722 dev[0].request("REMOVE_NETWORK all")
724 stop_radius_server(srv)
726 def test_eap_proto_md5(dev, apdev):
727 """EAP-MD5 protocol tests"""
728 check_eap_capa(dev[0], "MD5")
730 def md5_handler(ctx, req):
731 logger.info("md5_handler - RX " + req.encode("hex"))
734 ctx['num'] = ctx['num'] + 1
737 ctx['id'] = (ctx['id'] + 1) % 256
740 logger.info("Test: Missing payload")
741 return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
746 logger.info("Test: Zero-length challenge")
747 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
753 logger.info("Test: Truncated challenge")
754 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
760 logger.info("Test: Shortest possible challenge and name")
761 return struct.pack(">BBHBBBB", EAP_CODE_REQUEST, ctx['id'],
768 srv = start_radius_server(md5_handler)
771 hapd = start_ap(apdev[0]['ifname'])
773 for i in range(0, 4):
774 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
775 eap="MD5", identity="user", password="password",
777 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
779 raise Exception("Timeout on EAP start")
781 dev[0].request("REMOVE_NETWORK all")
783 stop_radius_server(srv)
785 def test_eap_proto_otp(dev, apdev):
786 """EAP-OTP protocol tests"""
787 def otp_handler(ctx, req):
788 logger.info("otp_handler - RX " + req.encode("hex"))
791 ctx['num'] = ctx['num'] + 1
794 ctx['id'] = (ctx['id'] + 1) % 256
797 logger.info("Test: Empty payload")
798 return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
802 logger.info("Test: Success")
803 return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'],
807 logger.info("Test: Challenge included")
808 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
813 logger.info("Test: Success")
814 return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'],
819 srv = start_radius_server(otp_handler)
822 hapd = start_ap(apdev[0]['ifname'])
824 for i in range(0, 1):
825 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
826 eap="OTP", identity="user", password="password",
828 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
831 raise Exception("Timeout on EAP start")
833 dev[0].request("REMOVE_NETWORK all")
835 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
836 eap="OTP", identity="user", wait_connect=False)
837 ev = dev[0].wait_event(["CTRL-REQ-OTP"])
839 raise Exception("Request for password timed out")
840 id = ev.split(':')[0].split('-')[-1]
841 dev[0].request("CTRL-RSP-OTP-" + id + ":password")
842 ev = dev[0].wait_event("CTRL-EVENT-EAP-SUCCESS")
844 raise Exception("Success not reported")
846 stop_radius_server(srv)
848 EAP_GPSK_OPCODE_GPSK_1 = 1
849 EAP_GPSK_OPCODE_GPSK_2 = 2
850 EAP_GPSK_OPCODE_GPSK_3 = 3
851 EAP_GPSK_OPCODE_GPSK_4 = 4
852 EAP_GPSK_OPCODE_FAIL = 5
853 EAP_GPSK_OPCODE_PROTECTED_FAIL = 6
855 def test_eap_proto_gpsk(dev, apdev):
856 """EAP-GPSK protocol tests"""
857 def gpsk_handler(ctx, req):
858 logger.info("gpsk_handler - RX " + req.encode("hex"))
861 ctx['num'] = ctx['num'] + 1
864 ctx['id'] = (ctx['id'] + 1) % 256
869 if ctx['num'] == idx:
870 logger.info("Test: Missing payload")
871 return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
876 if ctx['num'] == idx:
877 logger.info("Test: Unknown opcode")
878 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
884 if ctx['num'] == idx:
885 logger.info("Test: Unexpected GPSK-3")
886 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
889 EAP_GPSK_OPCODE_GPSK_3)
892 if ctx['num'] == idx:
893 logger.info("Test: GPSK-1 Too short GPSK-1")
894 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
897 EAP_GPSK_OPCODE_GPSK_1)
900 if ctx['num'] == idx:
901 logger.info("Test: GPSK-1 Truncated ID_Server")
902 return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
905 EAP_GPSK_OPCODE_GPSK_1, 1)
908 if ctx['num'] == idx:
909 logger.info("Test: GPSK-1 Missing RAND_Server")
910 return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
913 EAP_GPSK_OPCODE_GPSK_1, 0)
916 if ctx['num'] == idx:
917 logger.info("Test: GPSK-1 Missing CSuite_List")
918 return struct.pack(">BBHBBH8L", EAP_CODE_REQUEST, ctx['id'],
921 EAP_GPSK_OPCODE_GPSK_1, 0,
922 0, 0, 0, 0, 0, 0, 0, 0)
925 if ctx['num'] == idx:
926 logger.info("Test: GPSK-1 Truncated CSuite_List")
927 return struct.pack(">BBHBBH8LH", EAP_CODE_REQUEST, ctx['id'],
928 4 + 1 + 1 + 2 + 32 + 2,
930 EAP_GPSK_OPCODE_GPSK_1, 0,
931 0, 0, 0, 0, 0, 0, 0, 0,
935 if ctx['num'] == idx:
936 logger.info("Test: GPSK-1 Empty CSuite_List")
937 return struct.pack(">BBHBBH8LH", EAP_CODE_REQUEST, ctx['id'],
938 4 + 1 + 1 + 2 + 32 + 2,
940 EAP_GPSK_OPCODE_GPSK_1, 0,
941 0, 0, 0, 0, 0, 0, 0, 0,
945 if ctx['num'] == idx:
946 logger.info("Test: GPSK-1 Invalid CSuite_List")
947 return struct.pack(">BBHBBH8LHB", EAP_CODE_REQUEST, ctx['id'],
948 4 + 1 + 1 + 2 + 32 + 2 + 1,
950 EAP_GPSK_OPCODE_GPSK_1, 0,
951 0, 0, 0, 0, 0, 0, 0, 0,
955 if ctx['num'] == idx:
956 logger.info("Test: GPSK-1 No supported CSuite")
957 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
958 4 + 1 + 1 + 2 + 32 + 2 + 6,
960 EAP_GPSK_OPCODE_GPSK_1, 0,
961 0, 0, 0, 0, 0, 0, 0, 0,
965 if ctx['num'] == idx:
966 logger.info("Test: GPSK-1 Supported CSuite")
967 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
968 4 + 1 + 1 + 2 + 32 + 2 + 6,
970 EAP_GPSK_OPCODE_GPSK_1, 0,
971 0, 0, 0, 0, 0, 0, 0, 0,
974 if ctx['num'] == idx:
975 logger.info("Test: Unexpected GPSK-1")
976 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
977 4 + 1 + 1 + 2 + 32 + 2 + 6,
979 EAP_GPSK_OPCODE_GPSK_1, 0,
980 0, 0, 0, 0, 0, 0, 0, 0,
984 if ctx['num'] == idx:
985 logger.info("Test: GPSK-1 Supported CSuite but too short key")
986 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
987 4 + 1 + 1 + 2 + 32 + 2 + 6,
989 EAP_GPSK_OPCODE_GPSK_1, 0,
990 0, 0, 0, 0, 0, 0, 0, 0,
994 if ctx['num'] == idx:
995 logger.info("Test: GPSK-1 Supported CSuite")
996 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
997 4 + 1 + 1 + 2 + 32 + 2 + 6,
999 EAP_GPSK_OPCODE_GPSK_1, 0,
1000 0, 0, 0, 0, 0, 0, 0, 0,
1003 if ctx['num'] == idx:
1004 logger.info("Test: Too short GPSK-3")
1005 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
1008 EAP_GPSK_OPCODE_GPSK_3)
1011 if ctx['num'] == idx:
1012 logger.info("Test: GPSK-1 Supported CSuite")
1013 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
1014 4 + 1 + 1 + 2 + 32 + 2 + 6,
1016 EAP_GPSK_OPCODE_GPSK_1, 0,
1017 0, 0, 0, 0, 0, 0, 0, 0,
1020 if ctx['num'] == idx:
1021 logger.info("Test: GPSK-3 Mismatch in RAND_Peer")
1022 return struct.pack(">BBHBB8L", EAP_CODE_REQUEST, ctx['id'],
1025 EAP_GPSK_OPCODE_GPSK_3,
1026 0, 0, 0, 0, 0, 0, 0, 0)
1029 if ctx['num'] == idx:
1030 logger.info("Test: GPSK-1 Supported CSuite")
1031 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
1032 4 + 1 + 1 + 2 + 32 + 2 + 6,
1034 EAP_GPSK_OPCODE_GPSK_1, 0,
1035 0, 0, 0, 0, 0, 0, 0, 0,
1038 if ctx['num'] == idx:
1039 logger.info("Test: GPSK-3 Missing RAND_Server")
1040 msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
1043 EAP_GPSK_OPCODE_GPSK_3)
1048 if ctx['num'] == idx:
1049 logger.info("Test: GPSK-1 Supported CSuite")
1050 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
1051 4 + 1 + 1 + 2 + 32 + 2 + 6,
1053 EAP_GPSK_OPCODE_GPSK_1, 0,
1054 0, 0, 0, 0, 0, 0, 0, 0,
1057 if ctx['num'] == idx:
1058 logger.info("Test: GPSK-3 Mismatch in RAND_Server")
1059 msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
1060 4 + 1 + 1 + 32 + 32,
1062 EAP_GPSK_OPCODE_GPSK_3)
1064 msg += struct.pack(">8L", 1, 1, 1, 1, 1, 1, 1, 1)
1068 if ctx['num'] == idx:
1069 logger.info("Test: GPSK-1 Supported CSuite")
1070 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
1071 4 + 1 + 1 + 2 + 32 + 2 + 6,
1073 EAP_GPSK_OPCODE_GPSK_1, 0,
1074 0, 0, 0, 0, 0, 0, 0, 0,
1077 if ctx['num'] == idx:
1078 logger.info("Test: GPSK-3 Missing ID_Server")
1079 msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
1080 4 + 1 + 1 + 32 + 32,
1082 EAP_GPSK_OPCODE_GPSK_3)
1084 msg += struct.pack(">8L", 0, 0, 0, 0, 0, 0, 0, 0)
1088 if ctx['num'] == idx:
1089 logger.info("Test: GPSK-1 Supported CSuite")
1090 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
1091 4 + 1 + 1 + 2 + 32 + 2 + 6,
1093 EAP_GPSK_OPCODE_GPSK_1, 0,
1094 0, 0, 0, 0, 0, 0, 0, 0,
1097 if ctx['num'] == idx:
1098 logger.info("Test: GPSK-3 Truncated ID_Server")
1099 msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
1100 4 + 1 + 1 + 32 + 32 + 2,
1102 EAP_GPSK_OPCODE_GPSK_3)
1104 msg += struct.pack(">8LH", 0, 0, 0, 0, 0, 0, 0, 0, 1)
1108 if ctx['num'] == idx:
1109 logger.info("Test: GPSK-1 Supported CSuite")
1110 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
1111 4 + 1 + 1 + 2 + 32 + 2 + 6,
1113 EAP_GPSK_OPCODE_GPSK_1, 0,
1114 0, 0, 0, 0, 0, 0, 0, 0,
1117 if ctx['num'] == idx:
1118 logger.info("Test: GPSK-3 Mismatch in ID_Server")
1119 msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
1120 4 + 1 + 1 + 32 + 32 + 3,
1122 EAP_GPSK_OPCODE_GPSK_3)
1124 msg += struct.pack(">8LHB", 0, 0, 0, 0, 0, 0, 0, 0, 1, ord('B'))
1128 if ctx['num'] == idx:
1129 logger.info("Test: GPSK-1 Supported CSuite")
1130 return struct.pack(">BBHBBHB8LHLH", EAP_CODE_REQUEST, ctx['id'],
1131 4 + 1 + 1 + 3 + 32 + 2 + 6,
1133 EAP_GPSK_OPCODE_GPSK_1, 1, ord('A'),
1134 0, 0, 0, 0, 0, 0, 0, 0,
1137 if ctx['num'] == idx:
1138 logger.info("Test: GPSK-3 Mismatch in ID_Server (same length)")
1139 msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
1140 4 + 1 + 1 + 32 + 32 + 3,
1142 EAP_GPSK_OPCODE_GPSK_3)
1144 msg += struct.pack(">8LHB", 0, 0, 0, 0, 0, 0, 0, 0, 1, ord('B'))
1148 if ctx['num'] == idx:
1149 logger.info("Test: GPSK-1 Supported CSuite")
1150 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
1151 4 + 1 + 1 + 2 + 32 + 2 + 6,
1153 EAP_GPSK_OPCODE_GPSK_1, 0,
1154 0, 0, 0, 0, 0, 0, 0, 0,
1157 if ctx['num'] == idx:
1158 logger.info("Test: GPSK-3 Missing CSuite_Sel")
1159 msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
1160 4 + 1 + 1 + 32 + 32 + 2,
1162 EAP_GPSK_OPCODE_GPSK_3)
1164 msg += struct.pack(">8LH", 0, 0, 0, 0, 0, 0, 0, 0, 0)
1168 if ctx['num'] == idx:
1169 logger.info("Test: GPSK-1 Supported CSuite")
1170 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
1171 4 + 1 + 1 + 2 + 32 + 2 + 6,
1173 EAP_GPSK_OPCODE_GPSK_1, 0,
1174 0, 0, 0, 0, 0, 0, 0, 0,
1177 if ctx['num'] == idx:
1178 logger.info("Test: GPSK-3 Mismatch in CSuite_Sel")
1179 msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
1180 4 + 1 + 1 + 32 + 32 + 2 + 6,
1182 EAP_GPSK_OPCODE_GPSK_3)
1184 msg += struct.pack(">8LHLH", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2)
1188 if ctx['num'] == idx:
1189 logger.info("Test: GPSK-1 Supported CSuite")
1190 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
1191 4 + 1 + 1 + 2 + 32 + 2 + 6,
1193 EAP_GPSK_OPCODE_GPSK_1, 0,
1194 0, 0, 0, 0, 0, 0, 0, 0,
1197 if ctx['num'] == idx:
1198 logger.info("Test: GPSK-3 Missing len(PD_Payload_Block)")
1199 msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
1200 4 + 1 + 1 + 32 + 32 + 2 + 6,
1202 EAP_GPSK_OPCODE_GPSK_3)
1204 msg += struct.pack(">8LHLH", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1)
1208 if ctx['num'] == idx:
1209 logger.info("Test: GPSK-1 Supported CSuite")
1210 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
1211 4 + 1 + 1 + 2 + 32 + 2 + 6,
1213 EAP_GPSK_OPCODE_GPSK_1, 0,
1214 0, 0, 0, 0, 0, 0, 0, 0,
1217 if ctx['num'] == idx:
1218 logger.info("Test: GPSK-3 Truncated PD_Payload_Block")
1219 msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
1220 4 + 1 + 1 + 32 + 32 + 2 + 6 + 2,
1222 EAP_GPSK_OPCODE_GPSK_3)
1224 msg += struct.pack(">8LHLHH", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1)
1228 if ctx['num'] == idx:
1229 logger.info("Test: GPSK-1 Supported CSuite")
1230 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
1231 4 + 1 + 1 + 2 + 32 + 2 + 6,
1233 EAP_GPSK_OPCODE_GPSK_1, 0,
1234 0, 0, 0, 0, 0, 0, 0, 0,
1237 if ctx['num'] == idx:
1238 logger.info("Test: GPSK-3 Missing MAC")
1239 msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
1240 4 + 1 + 1 + 32 + 32 + 2 + 6 + 3,
1242 EAP_GPSK_OPCODE_GPSK_3)
1244 msg += struct.pack(">8LHLHHB",
1245 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 123)
1249 if ctx['num'] == idx:
1250 logger.info("Test: GPSK-1 Supported CSuite")
1251 return struct.pack(">BBHBBH8LHLH", EAP_CODE_REQUEST, ctx['id'],
1252 4 + 1 + 1 + 2 + 32 + 2 + 6,
1254 EAP_GPSK_OPCODE_GPSK_1, 0,
1255 0, 0, 0, 0, 0, 0, 0, 0,
1258 if ctx['num'] == idx:
1259 logger.info("Test: GPSK-3 Incorrect MAC")
1260 msg = struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
1261 4 + 1 + 1 + 32 + 32 + 2 + 6 + 3 + 16,
1263 EAP_GPSK_OPCODE_GPSK_3)
1265 msg += struct.pack(">8LHLHHB4L",
1266 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 123,
1272 srv = start_radius_server(gpsk_handler)
1275 hapd = start_ap(apdev[0]['ifname'])
1277 for i in range(0, 27):
1281 pw = "abcdefghijklmnop0123456789abcdef"
1282 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
1283 eap="GPSK", identity="user", password=pw,
1285 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
1288 raise Exception("Timeout on EAP start")
1290 dev[0].request("REMOVE_NETWORK all")
1292 stop_radius_server(srv)
1299 def test_eap_proto_eke(dev, apdev):
1300 """EAP-EKE protocol tests"""
1301 def eke_handler(ctx, req):
1302 logger.info("eke_handler - RX " + req.encode("hex"))
1303 if 'num' not in ctx:
1305 ctx['num'] = ctx['num'] + 1
1308 ctx['id'] = (ctx['id'] + 1) % 256
1313 if ctx['num'] == idx:
1314 logger.info("Test: Missing payload")
1315 return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
1320 if ctx['num'] == idx:
1321 logger.info("Test: Unknown exchange")
1322 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
1328 if ctx['num'] == idx:
1329 logger.info("Test: No NumProposals in EAP-EKE-ID/Request")
1330 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
1335 if ctx['num'] == idx:
1336 logger.info("Test: EAP-Failure")
1337 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
1340 if ctx['num'] == idx:
1341 logger.info("Test: NumProposals=0 in EAP-EKE-ID/Request")
1342 return struct.pack(">BBHBBB", EAP_CODE_REQUEST, ctx['id'],
1348 if ctx['num'] == idx:
1349 logger.info("Test: EAP-Failure")
1350 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
1353 if ctx['num'] == idx:
1354 logger.info("Test: Truncated Proposals list in EAP-EKE-ID/Request")
1355 return struct.pack(">BBHBBBB4B", EAP_CODE_REQUEST, ctx['id'],
1361 if ctx['num'] == idx:
1362 logger.info("Test: EAP-Failure")
1363 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
1366 if ctx['num'] == idx:
1367 logger.info("Test: Unsupported proposals in EAP-EKE-ID/Request")
1368 return struct.pack(">BBHBBBB4B4B4B4B", EAP_CODE_REQUEST, ctx['id'],
1369 4 + 1 + 1 + 2 + 4 * 4,
1378 if ctx['num'] == idx:
1379 logger.info("Test: EAP-Failure")
1380 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
1383 if ctx['num'] == idx:
1384 logger.info("Test: Missing IDType/Identity in EAP-EKE-ID/Request")
1385 return struct.pack(">BBHBBBB4B4B4B4B4B",
1386 EAP_CODE_REQUEST, ctx['id'],
1387 4 + 1 + 1 + 2 + 5 * 4,
1397 if ctx['num'] == idx:
1398 logger.info("Test: EAP-Failure")
1399 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
1402 if ctx['num'] == idx:
1403 logger.info("Test: Valid EAP-EKE-ID/Request")
1404 return struct.pack(">BBHBBBB4BB",
1405 EAP_CODE_REQUEST, ctx['id'],
1406 4 + 1 + 1 + 2 + 4 + 1,
1413 if ctx['num'] == idx:
1414 logger.info("Test: Unexpected EAP-EKE-ID/Request")
1415 return struct.pack(">BBHBBBB4BB",
1416 EAP_CODE_REQUEST, ctx['id'],
1417 4 + 1 + 1 + 2 + 4 + 1,
1424 if ctx['num'] == idx:
1425 logger.info("Test: EAP-Failure")
1426 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
1429 if ctx['num'] == idx:
1430 logger.info("Test: Valid EAP-EKE-ID/Request")
1431 return struct.pack(">BBHBBBB4BB",
1432 EAP_CODE_REQUEST, ctx['id'],
1433 4 + 1 + 1 + 2 + 4 + 1,
1440 if ctx['num'] == idx:
1441 logger.info("Test: Unexpected EAP-EKE-Confirm/Request")
1442 return struct.pack(">BBHBB",
1443 EAP_CODE_REQUEST, ctx['id'],
1448 if ctx['num'] == idx:
1449 logger.info("Test: EAP-Failure")
1450 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
1453 if ctx['num'] == idx:
1454 logger.info("Test: Too short EAP-EKE-Failure/Request")
1455 return struct.pack(">BBHBB",
1456 EAP_CODE_REQUEST, ctx['id'],
1461 if ctx['num'] == idx:
1462 logger.info("Test: EAP-Failure")
1463 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
1466 if ctx['num'] == idx:
1467 logger.info("Test: Unexpected EAP-EKE-Commit/Request")
1468 return struct.pack(">BBHBB",
1469 EAP_CODE_REQUEST, ctx['id'],
1474 if ctx['num'] == idx:
1475 logger.info("Test: EAP-Failure")
1476 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
1479 if ctx['num'] == idx:
1480 logger.info("Test: Valid EAP-EKE-ID/Request")
1481 return struct.pack(">BBHBBBB4BB",
1482 EAP_CODE_REQUEST, ctx['id'],
1483 4 + 1 + 1 + 2 + 4 + 1,
1490 if ctx['num'] == idx:
1491 logger.info("Test: Too short EAP-EKE-Commit/Request")
1492 return struct.pack(">BBHBB",
1493 EAP_CODE_REQUEST, ctx['id'],
1498 if ctx['num'] == idx:
1499 logger.info("Test: EAP-Failure")
1500 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
1503 if ctx['num'] == idx:
1504 logger.info("Test: Valid EAP-EKE-ID/Request")
1505 return struct.pack(">BBHBBBB4BB",
1506 EAP_CODE_REQUEST, ctx['id'],
1507 4 + 1 + 1 + 2 + 4 + 1,
1514 if ctx['num'] == idx:
1515 logger.info("Test: All zeroes DHComponent_S and empty CBvalue in EAP-EKE-Commit/Request")
1516 return struct.pack(">BBHBB4L32L",
1517 EAP_CODE_REQUEST, ctx['id'],
1518 4 + 1 + 1 + 16 + 128,
1522 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1523 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)
1525 if ctx['num'] == idx:
1526 logger.info("Test: Too short EAP-EKE-Confirm/Request")
1527 return struct.pack(">BBHBB",
1528 EAP_CODE_REQUEST, ctx['id'],
1533 if ctx['num'] == idx:
1534 logger.info("Test: EAP-Failure")
1535 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
1538 if ctx['num'] == idx:
1539 logger.info("Test: Valid EAP-EKE-ID/Request")
1540 return struct.pack(">BBHBBBB4BB",
1541 EAP_CODE_REQUEST, ctx['id'],
1542 4 + 1 + 1 + 2 + 4 + 1,
1549 if ctx['num'] == idx:
1550 logger.info("Test: All zeroes DHComponent_S and empty CBvalue in EAP-EKE-Commit/Request")
1551 return struct.pack(">BBHBB4L32L",
1552 EAP_CODE_REQUEST, ctx['id'],
1553 4 + 1 + 1 + 16 + 128,
1557 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1558 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)
1560 if ctx['num'] == idx:
1561 logger.info("Test: Invalid PNonce_PS and Auth_S values in EAP-EKE-Confirm/Request")
1562 return struct.pack(">BBHBB4L8L5L5L",
1563 EAP_CODE_REQUEST, ctx['id'],
1564 4 + 1 + 1 + 16 + 2 * 16 + 20 + 20,
1568 0, 0, 0, 0, 0, 0, 0, 0,
1572 if ctx['num'] == idx:
1573 logger.info("Test: EAP-Failure")
1574 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
1578 srv = start_radius_server(eke_handler)
1581 hapd = start_ap(apdev[0]['ifname'])
1583 for i in range(0, 14):
1584 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
1585 eap="EKE", identity="user", password="password",
1587 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
1590 raise Exception("Timeout on EAP start")
1591 if i in [ 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 ]:
1592 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
1595 raise Exception("Timeout on EAP failure")
1598 dev[0].request("REMOVE_NETWORK all")
1599 dev[0].dump_monitor()
1601 stop_radius_server(srv)
1603 EAP_PAX_OP_STD_1 = 0x01
1604 EAP_PAX_OP_STD_2 = 0x02
1605 EAP_PAX_OP_STD_3 = 0x03
1606 EAP_PAX_OP_SEC_1 = 0x11
1607 EAP_PAX_OP_SEC_2 = 0x12
1608 EAP_PAX_OP_SEC_3 = 0x13
1609 EAP_PAX_OP_SEC_4 = 0x14
1610 EAP_PAX_OP_SEC_5 = 0x15
1611 EAP_PAX_OP_ACK = 0x21
1613 EAP_PAX_FLAGS_MF = 0x01
1614 EAP_PAX_FLAGS_CE = 0x02
1615 EAP_PAX_FLAGS_AI = 0x04
1617 EAP_PAX_MAC_HMAC_SHA1_128 = 0x01
1618 EAP_PAX_HMAC_SHA256_128 = 0x02
1620 EAP_PAX_DH_GROUP_NONE = 0x00
1621 EAP_PAX_DH_GROUP_2048_MODP = 0x01
1622 EAP_PAX_DH_GROUP_3072_MODP = 0x02
1623 EAP_PAX_DH_GROUP_NIST_ECC_P_256 = 0x03
1625 EAP_PAX_PUBLIC_KEY_NONE = 0x00
1626 EAP_PAX_PUBLIC_KEY_RSAES_OAEP = 0x01
1627 EAP_PAX_PUBLIC_KEY_RSA_PKCS1_V1_5 = 0x02
1628 EAP_PAX_PUBLIC_KEY_EL_GAMAL_NIST_ECC = 0x03
1630 EAP_PAX_ADE_VENDOR_SPECIFIC = 0x01
1631 EAP_PAX_ADE_CLIENT_CHANNEL_BINDING = 0x02
1632 EAP_PAX_ADE_SERVER_CHANNEL_BINDING = 0x03
1634 def test_eap_proto_pax(dev, apdev):
1635 """EAP-PAX protocol tests"""
1637 logger.info("Test: STD-1")
1639 return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
1640 4 + 1 + 5 + 2 + 32 + 16,
1642 EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
1643 EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
1644 32, 0, 0, 0, 0, 0, 0, 0, 0,
1645 0x16, 0xc9, 0x08, 0x9d, 0x98, 0xa5, 0x6e, 0x1f,
1646 0xf0, 0xac, 0xcf, 0xc4, 0x66, 0xcd, 0x2d, 0xbf)
1648 def pax_handler(ctx, req):
1649 logger.info("pax_handler - RX " + req.encode("hex"))
1650 if 'num' not in ctx:
1652 ctx['num'] = ctx['num'] + 1
1655 ctx['id'] = (ctx['id'] + 1) % 256
1660 if ctx['num'] == idx:
1661 logger.info("Test: Missing payload")
1662 return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
1667 if ctx['num'] == idx:
1668 logger.info("Test: Minimum length payload")
1669 return struct.pack(">BBHB4L", EAP_CODE_REQUEST, ctx['id'],
1675 if ctx['num'] == idx:
1676 logger.info("Test: Unsupported MAC ID")
1677 return struct.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST, ctx['id'],
1680 EAP_PAX_OP_STD_1, 0, 255, EAP_PAX_DH_GROUP_NONE,
1681 EAP_PAX_PUBLIC_KEY_NONE,
1685 if ctx['num'] == idx:
1686 logger.info("Test: Unsupported DH Group ID")
1687 return struct.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST, ctx['id'],
1690 EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
1691 255, EAP_PAX_PUBLIC_KEY_NONE,
1695 if ctx['num'] == idx:
1696 logger.info("Test: Unsupported Public Key ID")
1697 return struct.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST, ctx['id'],
1700 EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
1701 EAP_PAX_DH_GROUP_NONE, 255,
1705 if ctx['num'] == idx:
1706 logger.info("Test: More fragments")
1707 return struct.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST, ctx['id'],
1710 EAP_PAX_OP_STD_1, EAP_PAX_FLAGS_MF,
1711 EAP_PAX_MAC_HMAC_SHA1_128,
1712 EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
1716 if ctx['num'] == idx:
1717 logger.info("Test: Invalid ICV")
1718 return struct.pack(">BBHBBBBBB4L", EAP_CODE_REQUEST, ctx['id'],
1721 EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
1722 EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
1726 if ctx['num'] == idx:
1727 logger.info("Test: Invalid ICV in short frame")
1728 return struct.pack(">BBHBBBBBB3L", EAP_CODE_REQUEST, ctx['id'],
1731 EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
1732 EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
1736 if ctx['num'] == idx:
1737 logger.info("Test: Correct ICV - unsupported op_code")
1739 return struct.pack(">BBHBBBBBB16B", EAP_CODE_REQUEST, ctx['id'],
1742 255, 0, EAP_PAX_MAC_HMAC_SHA1_128,
1743 EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
1744 0x90, 0x78, 0x97, 0x38, 0x29, 0x94, 0x32, 0xd4,
1745 0x81, 0x27, 0xe0, 0xf6, 0x3b, 0x0d, 0xb2, 0xb2)
1748 if ctx['num'] == idx:
1749 logger.info("Test: Correct ICV - CE flag in STD-1")
1751 return struct.pack(">BBHBBBBBB16B", EAP_CODE_REQUEST, ctx['id'],
1754 EAP_PAX_OP_STD_1, EAP_PAX_FLAGS_CE,
1755 EAP_PAX_MAC_HMAC_SHA1_128,
1756 EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
1757 0x9c, 0x98, 0xb4, 0x0b, 0x94, 0x90, 0xde, 0x88,
1758 0xb7, 0x72, 0x63, 0x44, 0x1d, 0xe3, 0x7c, 0x5c)
1761 if ctx['num'] == idx:
1762 logger.info("Test: Correct ICV - too short STD-1 payload")
1764 return struct.pack(">BBHBBBBBB16B", EAP_CODE_REQUEST, ctx['id'],
1767 EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
1768 EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
1769 0xda, 0xab, 0x2c, 0xe7, 0x84, 0x41, 0xb5, 0x5c,
1770 0xee, 0xcf, 0x62, 0x03, 0xc5, 0x69, 0xcb, 0xf4)
1773 if ctx['num'] == idx:
1774 logger.info("Test: Correct ICV - incorrect A length in STD-1")
1776 return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
1777 4 + 1 + 5 + 2 + 32 + 16,
1779 EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
1780 EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
1781 0, 0, 0, 0, 0, 0, 0, 0, 0,
1782 0xc4, 0xb0, 0x81, 0xe4, 0x6c, 0x8c, 0x20, 0x23,
1783 0x60, 0x46, 0x89, 0xea, 0x94, 0x60, 0xf3, 0x2a)
1786 if ctx['num'] == idx:
1787 logger.info("Test: Correct ICV - extra data in STD-1")
1789 return struct.pack(">BBHBBBBBBH8LB16B", EAP_CODE_REQUEST, ctx['id'],
1790 4 + 1 + 5 + 2 + 32 + 1 + 16,
1792 EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
1793 EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
1794 32, 0, 0, 0, 0, 0, 0, 0, 0,
1796 0x61, 0x49, 0x65, 0x37, 0x21, 0xe8, 0xd8, 0xbf,
1797 0xf3, 0x02, 0x01, 0xe5, 0x42, 0x51, 0xd3, 0x34)
1799 if ctx['num'] == idx:
1800 logger.info("Test: Unexpected STD-1")
1801 return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
1802 4 + 1 + 5 + 2 + 32 + 16,
1804 EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
1805 EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
1806 32, 0, 0, 0, 0, 0, 0, 0, 0,
1807 0xe5, 0x1d, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
1808 0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
1811 if ctx['num'] == idx:
1812 return pax_std_1(ctx)
1814 if ctx['num'] == idx:
1815 logger.info("Test: MAC ID changed during session")
1816 return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
1817 4 + 1 + 5 + 2 + 32 + 16,
1819 EAP_PAX_OP_STD_1, 0, EAP_PAX_HMAC_SHA256_128,
1820 EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
1821 32, 0, 0, 0, 0, 0, 0, 0, 0,
1822 0xee, 0x00, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
1823 0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
1826 if ctx['num'] == idx:
1827 return pax_std_1(ctx)
1829 if ctx['num'] == idx:
1830 logger.info("Test: DH Group ID changed during session")
1831 return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
1832 4 + 1 + 5 + 2 + 32 + 16,
1834 EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
1835 EAP_PAX_DH_GROUP_2048_MODP,
1836 EAP_PAX_PUBLIC_KEY_NONE,
1837 32, 0, 0, 0, 0, 0, 0, 0, 0,
1838 0xee, 0x01, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
1839 0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
1842 if ctx['num'] == idx:
1843 return pax_std_1(ctx)
1845 if ctx['num'] == idx:
1846 logger.info("Test: Public Key ID changed during session")
1847 return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
1848 4 + 1 + 5 + 2 + 32 + 16,
1850 EAP_PAX_OP_STD_1, 0, EAP_PAX_MAC_HMAC_SHA1_128,
1851 EAP_PAX_DH_GROUP_NONE,
1852 EAP_PAX_PUBLIC_KEY_RSAES_OAEP,
1853 32, 0, 0, 0, 0, 0, 0, 0, 0,
1854 0xee, 0x02, 0xbf, 0xb8, 0x70, 0x20, 0x5c, 0xba,
1855 0x41, 0xbb, 0x34, 0xda, 0x1a, 0x08, 0xe6, 0x8d)
1858 if ctx['num'] == idx:
1859 logger.info("Test: Unexpected STD-3")
1861 return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
1862 4 + 1 + 5 + 2 + 32 + 16,
1864 EAP_PAX_OP_STD_3, 0, EAP_PAX_MAC_HMAC_SHA1_128,
1865 EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
1866 32, 0, 0, 0, 0, 0, 0, 0, 0,
1867 0x47, 0xbb, 0xc0, 0xf9, 0xb9, 0x69, 0xf5, 0xcb,
1868 0x3a, 0xe8, 0xe7, 0xd6, 0x80, 0x28, 0xf2, 0x59)
1871 if ctx['num'] == idx:
1872 return pax_std_1(ctx)
1874 if ctx['num'] == idx:
1875 # TODO: MAC calculation; for now, this gets dropped due to incorrect
1877 logger.info("Test: STD-3 with CE flag")
1878 return struct.pack(">BBHBBBBBBH8L16B", EAP_CODE_REQUEST, ctx['id'],
1879 4 + 1 + 5 + 2 + 32 + 16,
1881 EAP_PAX_OP_STD_3, EAP_PAX_FLAGS_CE,
1882 EAP_PAX_MAC_HMAC_SHA1_128,
1883 EAP_PAX_DH_GROUP_NONE, EAP_PAX_PUBLIC_KEY_NONE,
1884 32, 0, 0, 0, 0, 0, 0, 0, 0,
1885 0x8a, 0xc2, 0xf9, 0xf4, 0x8b, 0x75, 0x72, 0xa2,
1886 0x4d, 0xd3, 0x1e, 0x54, 0x77, 0x04, 0x05, 0xe2)
1889 if ctx['num'] & 0x1 == idx & 0x1:
1890 logger.info("Test: Default request")
1891 return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
1895 logger.info("Test: Default EAP-Failure")
1896 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
1898 srv = start_radius_server(pax_handler)
1901 hapd = start_ap(apdev[0]['ifname'])
1903 for i in range(0, 18):
1904 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
1905 eap="PAX", identity="user",
1906 password_hex="0123456789abcdef0123456789abcdef",
1908 logger.info("Waiting for EAP method to start")
1909 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
1912 raise Exception("Timeout on EAP start")
1914 dev[0].request("REMOVE_NETWORK all")
1915 dev[0].dump_monitor()
1917 logger.info("Too short password")
1918 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
1919 eap="PAX", identity="user",
1920 password_hex="0123456789abcdef0123456789abcd",
1922 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
1924 raise Exception("Timeout on EAP start")
1926 dev[0].request("REMOVE_NETWORK all")
1927 dev[0].dump_monitor()
1929 logger.info("No password")
1930 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
1931 eap="PAX", identity="user",
1933 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=15)
1935 raise Exception("Timeout on EAP start")
1937 dev[0].request("REMOVE_NETWORK all")
1938 dev[0].dump_monitor()
1940 stop_radius_server(srv)
1942 def test_eap_proto_psk(dev, apdev):
1943 """EAP-PSK protocol tests"""
1944 def psk_handler(ctx, req):
1945 logger.info("psk_handler - RX " + req.encode("hex"))
1946 if 'num' not in ctx:
1948 ctx['num'] = ctx['num'] + 1
1951 ctx['id'] = (ctx['id'] + 1) % 256
1956 if ctx['num'] == idx:
1957 logger.info("Test: Missing payload")
1958 return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
1963 if ctx['num'] == idx:
1964 logger.info("Test: Non-zero T in first message")
1965 return struct.pack(">BBHBB4L", EAP_CODE_REQUEST, ctx['id'],
1967 EAP_TYPE_PSK, 0xc0, 0, 0, 0, 0)
1970 if ctx['num'] == idx:
1971 logger.info("Test: Valid first message")
1972 return struct.pack(">BBHBB4L", EAP_CODE_REQUEST, ctx['id'],
1974 EAP_TYPE_PSK, 0, 0, 0, 0, 0)
1976 if ctx['num'] == idx:
1977 logger.info("Test: Too short third message")
1978 return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
1983 if ctx['num'] == idx:
1984 logger.info("Test: Valid first message")
1985 return struct.pack(">BBHBB4L", EAP_CODE_REQUEST, ctx['id'],
1987 EAP_TYPE_PSK, 0, 0, 0, 0, 0)
1989 if ctx['num'] == idx:
1990 logger.info("Test: Incorrect T in third message")
1991 return struct.pack(">BBHBB4L4L", EAP_CODE_REQUEST, ctx['id'],
1992 4 + 1 + 1 + 16 + 16,
1993 EAP_TYPE_PSK, 0, 0, 0, 0, 0, 0, 0, 0, 0)
1996 if ctx['num'] == idx:
1997 logger.info("Test: Valid first message")
1998 return struct.pack(">BBHBB4L", EAP_CODE_REQUEST, ctx['id'],
2000 EAP_TYPE_PSK, 0, 0, 0, 0, 0)
2002 if ctx['num'] == idx:
2003 logger.info("Test: Missing PCHANNEL in third message")
2004 return struct.pack(">BBHBB4L4L", EAP_CODE_REQUEST, ctx['id'],
2005 4 + 1 + 1 + 16 + 16,
2006 EAP_TYPE_PSK, 0x80, 0, 0, 0, 0, 0, 0, 0, 0)
2009 if ctx['num'] == idx:
2010 logger.info("Test: Valid first message")
2011 return struct.pack(">BBHBB4L", EAP_CODE_REQUEST, ctx['id'],
2013 EAP_TYPE_PSK, 0, 0, 0, 0, 0)
2015 if ctx['num'] == idx:
2016 logger.info("Test: Invalic MAC_S in third message")
2017 return struct.pack(">BBHBB4L4L5LB", EAP_CODE_REQUEST, ctx['id'],
2018 4 + 1 + 1 + 16 + 16 + 21,
2019 EAP_TYPE_PSK, 0x80, 0, 0, 0, 0, 0, 0, 0, 0,
2023 if ctx['num'] == idx:
2024 logger.info("Test: Valid first message")
2025 return struct.pack(">BBHBB4L", EAP_CODE_REQUEST, ctx['id'],
2027 EAP_TYPE_PSK, 0, 0, 0, 0, 0)
2029 if ctx['num'] == idx:
2030 logger.info("Test: EAP-Failure")
2031 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2035 srv = start_radius_server(psk_handler)
2038 hapd = start_ap(apdev[0]['ifname'])
2040 for i in range(0, 6):
2041 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
2042 eap="PSK", identity="user",
2043 password_hex="0123456789abcdef0123456789abcdef",
2045 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
2048 raise Exception("Timeout on EAP start")
2050 dev[0].request("REMOVE_NETWORK all")
2052 logger.info("Test: Invalid PSK length")
2053 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
2054 eap="PSK", identity="user",
2055 password_hex="0123456789abcdef0123456789abcd",
2057 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
2060 raise Exception("Timeout on EAP start")
2062 dev[0].request("REMOVE_NETWORK all")
2064 stop_radius_server(srv)
2066 EAP_SIM_SUBTYPE_START = 10
2067 EAP_SIM_SUBTYPE_CHALLENGE = 11
2068 EAP_SIM_SUBTYPE_NOTIFICATION = 12
2069 EAP_SIM_SUBTYPE_REAUTHENTICATION = 13
2070 EAP_SIM_SUBTYPE_CLIENT_ERROR = 14
2072 EAP_AKA_SUBTYPE_CHALLENGE = 1
2073 EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT = 2
2074 EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE = 4
2075 EAP_AKA_SUBTYPE_IDENTITY = 5
2076 EAP_AKA_SUBTYPE_NOTIFICATION = 12
2077 EAP_AKA_SUBTYPE_REAUTHENTICATION = 13
2078 EAP_AKA_SUBTYPE_CLIENT_ERROR = 14
2084 EAP_SIM_AT_PADDING = 6
2085 EAP_SIM_AT_NONCE_MT = 7
2086 EAP_SIM_AT_PERMANENT_ID_REQ = 10
2088 EAP_SIM_AT_NOTIFICATION = 12
2089 EAP_SIM_AT_ANY_ID_REQ = 13
2090 EAP_SIM_AT_IDENTITY = 14
2091 EAP_SIM_AT_VERSION_LIST = 15
2092 EAP_SIM_AT_SELECTED_VERSION = 16
2093 EAP_SIM_AT_FULLAUTH_ID_REQ = 17
2094 EAP_SIM_AT_COUNTER = 19
2095 EAP_SIM_AT_COUNTER_TOO_SMALL = 20
2096 EAP_SIM_AT_NONCE_S = 21
2097 EAP_SIM_AT_CLIENT_ERROR_CODE = 22
2098 EAP_SIM_AT_KDF_INPUT = 23
2101 EAP_SIM_AT_ENCR_DATA = 130
2102 EAP_SIM_AT_NEXT_PSEUDONYM = 132
2103 EAP_SIM_AT_NEXT_REAUTH_ID = 133
2104 EAP_SIM_AT_CHECKCODE = 134
2105 EAP_SIM_AT_RESULT_IND = 135
2106 EAP_SIM_AT_BIDDING = 136
2108 def test_eap_proto_aka(dev, apdev):
2109 """EAP-AKA protocol tests"""
2110 def aka_handler(ctx, req):
2111 logger.info("aka_handler - RX " + req.encode("hex"))
2112 if 'num' not in ctx:
2114 ctx['num'] = ctx['num'] + 1
2117 ctx['id'] = (ctx['id'] + 1) % 256
2122 if ctx['num'] == idx:
2123 logger.info("Test: Missing payload")
2124 return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
2129 if ctx['num'] == idx:
2130 logger.info("Test: Unknown subtype")
2131 return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
2133 EAP_TYPE_AKA, 255, 0)
2135 if ctx['num'] == idx:
2136 logger.info("Test: EAP-Failure")
2137 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2140 if ctx['num'] == idx:
2141 logger.info("Test: Client Error")
2142 return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
2144 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CLIENT_ERROR, 0)
2146 if ctx['num'] == idx:
2147 logger.info("Test: EAP-Failure")
2148 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2151 if ctx['num'] == idx:
2152 logger.info("Test: Too short attribute header")
2153 return struct.pack(">BBHBBHB", EAP_CODE_REQUEST, ctx['id'],
2155 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, 255)
2157 if ctx['num'] == idx:
2158 logger.info("Test: EAP-Failure")
2159 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2162 if ctx['num'] == idx:
2163 logger.info("Test: Truncated attribute")
2164 return struct.pack(">BBHBBHBB", EAP_CODE_REQUEST, ctx['id'],
2166 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, 255,
2169 if ctx['num'] == idx:
2170 logger.info("Test: EAP-Failure")
2171 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2174 if ctx['num'] == idx:
2175 logger.info("Test: Too short attribute data")
2176 return struct.pack(">BBHBBHBB", EAP_CODE_REQUEST, ctx['id'],
2178 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, 255,
2181 if ctx['num'] == idx:
2182 logger.info("Test: EAP-Failure")
2183 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2186 if ctx['num'] == idx:
2187 logger.info("Test: Skippable/non-skippable unrecognzized attribute")
2188 return struct.pack(">BBHBBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2190 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2191 255, 1, 0, 127, 1, 0)
2193 if ctx['num'] == idx:
2194 logger.info("Test: EAP-Failure")
2195 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2198 if ctx['num'] == idx:
2199 logger.info("Test: Identity request without ID type")
2200 return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
2202 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0)
2204 if ctx['num'] == idx:
2205 logger.info("Test: Identity request ANY_ID")
2206 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2208 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2209 EAP_SIM_AT_ANY_ID_REQ, 1, 0)
2211 if ctx['num'] == idx:
2212 logger.info("Test: Identity request ANY_ID (duplicate)")
2213 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2215 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2216 EAP_SIM_AT_ANY_ID_REQ, 1, 0)
2218 if ctx['num'] == idx:
2219 logger.info("Test: EAP-Failure")
2220 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2223 if ctx['num'] == idx:
2224 logger.info("Test: Identity request ANY_ID")
2225 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2227 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2228 EAP_SIM_AT_ANY_ID_REQ, 1, 0)
2230 if ctx['num'] == idx:
2231 logger.info("Test: Identity request FULLAUTH_ID")
2232 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2234 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2235 EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0)
2237 if ctx['num'] == idx:
2238 logger.info("Test: Identity request FULLAUTH_ID (duplicate)")
2239 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2241 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2242 EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0)
2244 if ctx['num'] == idx:
2245 logger.info("Test: EAP-Failure")
2246 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2249 if ctx['num'] == idx:
2250 logger.info("Test: Identity request ANY_ID")
2251 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2253 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2254 EAP_SIM_AT_ANY_ID_REQ, 1, 0)
2256 if ctx['num'] == idx:
2257 logger.info("Test: Identity request FULLAUTH_ID")
2258 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2260 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2261 EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0)
2263 if ctx['num'] == idx:
2264 logger.info("Test: Identity request PERMANENT_ID")
2265 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2267 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2268 EAP_SIM_AT_PERMANENT_ID_REQ, 1, 0)
2270 if ctx['num'] == idx:
2271 logger.info("Test: Identity request PERMANENT_ID (duplicate)")
2272 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2274 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2275 EAP_SIM_AT_PERMANENT_ID_REQ, 1, 0)
2277 if ctx['num'] == idx:
2278 logger.info("Test: EAP-Failure")
2279 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2282 if ctx['num'] == idx:
2283 logger.info("Test: Challenge with no attributes")
2284 return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
2286 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE, 0)
2288 if ctx['num'] == idx:
2289 logger.info("Test: EAP-Failure")
2290 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2293 if ctx['num'] == idx:
2294 logger.info("Test: AKA Challenge with BIDDING")
2295 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2297 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE, 0,
2298 EAP_SIM_AT_BIDDING, 1, 0x8000)
2300 if ctx['num'] == idx:
2301 logger.info("Test: EAP-Failure")
2302 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2305 if ctx['num'] == idx:
2306 logger.info("Test: Notification with no attributes")
2307 return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
2309 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0)
2311 if ctx['num'] == idx:
2312 logger.info("Test: EAP-Failure")
2313 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2316 if ctx['num'] == idx:
2317 logger.info("Test: Notification indicating success, but no MAC")
2318 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2320 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0,
2321 EAP_SIM_AT_NOTIFICATION, 1, 32768)
2323 if ctx['num'] == idx:
2324 logger.info("Test: EAP-Failure")
2325 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2328 if ctx['num'] == idx:
2329 logger.info("Test: Notification indicating success, but invalid MAC value")
2330 return struct.pack(">BBHBBHBBHBBH4L", EAP_CODE_REQUEST, ctx['id'],
2332 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0,
2333 EAP_SIM_AT_NOTIFICATION, 1, 32768,
2334 EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0)
2336 if ctx['num'] == idx:
2337 logger.info("Test: EAP-Failure")
2338 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2341 if ctx['num'] == idx:
2342 logger.info("Test: Notification indicating success with zero-key MAC")
2343 return struct.pack(">BBHBBHBBHBBH16B", EAP_CODE_REQUEST,
2346 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0,
2347 EAP_SIM_AT_NOTIFICATION, 1, 32768,
2348 EAP_SIM_AT_MAC, 5, 0,
2349 0xbe, 0x2e, 0xbb, 0xa9, 0xfa, 0x2e, 0x82, 0x36,
2350 0x37, 0x8c, 0x32, 0x41, 0xb7, 0xc7, 0x58, 0xa3)
2352 if ctx['num'] == idx:
2353 logger.info("Test: EAP-Success")
2354 return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'], 4)
2357 if ctx['num'] == idx:
2358 logger.info("Test: Notification before auth")
2359 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2361 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0,
2362 EAP_SIM_AT_NOTIFICATION, 1, 16384)
2364 if ctx['num'] == idx:
2365 logger.info("Test: EAP-Failure")
2366 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2369 if ctx['num'] == idx:
2370 logger.info("Test: Notification before auth")
2371 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2373 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0,
2374 EAP_SIM_AT_NOTIFICATION, 1, 16385)
2376 if ctx['num'] == idx:
2377 logger.info("Test: EAP-Failure")
2378 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2381 if ctx['num'] == idx:
2382 logger.info("Test: Notification with unrecognized non-failure")
2383 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2385 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0,
2386 EAP_SIM_AT_NOTIFICATION, 1, 0xc000)
2388 if ctx['num'] == idx:
2389 logger.info("Test: Notification before auth (duplicate)")
2390 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2392 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0,
2393 EAP_SIM_AT_NOTIFICATION, 1, 0xc000)
2395 if ctx['num'] == idx:
2396 logger.info("Test: EAP-Failure")
2397 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2400 if ctx['num'] == idx:
2401 logger.info("Test: Re-authentication (unexpected) with no attributes")
2402 return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
2404 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_REAUTHENTICATION,
2407 if ctx['num'] == idx:
2408 logger.info("Test: EAP-Failure")
2409 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2412 if ctx['num'] == idx:
2413 logger.info("Test: AKA Challenge with Checkcode claiming identity round was used")
2414 return struct.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST, ctx['id'],
2416 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE, 0,
2417 EAP_SIM_AT_CHECKCODE, 6, 0, 0, 0, 0, 0, 0)
2419 if ctx['num'] == idx:
2420 logger.info("Test: EAP-Failure")
2421 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2424 if ctx['num'] == idx:
2425 logger.info("Test: Identity request ANY_ID")
2426 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2428 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2429 EAP_SIM_AT_ANY_ID_REQ, 1, 0)
2431 if ctx['num'] == idx:
2432 logger.info("Test: AKA Challenge with Checkcode claiming no identity round was used")
2433 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2435 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE, 0,
2436 EAP_SIM_AT_CHECKCODE, 1, 0)
2438 if ctx['num'] == idx:
2439 logger.info("Test: EAP-Failure")
2440 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2443 if ctx['num'] == idx:
2444 logger.info("Test: Identity request ANY_ID")
2445 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2447 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2448 EAP_SIM_AT_ANY_ID_REQ, 1, 0)
2450 if ctx['num'] == idx:
2451 logger.info("Test: AKA Challenge with mismatching Checkcode value")
2452 return struct.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST, ctx['id'],
2454 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE, 0,
2455 EAP_SIM_AT_CHECKCODE, 6, 0, 0, 0, 0, 0, 0)
2457 if ctx['num'] == idx:
2458 logger.info("Test: EAP-Failure")
2459 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2462 if ctx['num'] == idx:
2463 logger.info("Test: Re-authentication (unexpected) with Checkcode claimin identity round was used")
2464 return struct.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST, ctx['id'],
2466 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_REAUTHENTICATION,
2468 EAP_SIM_AT_CHECKCODE, 6, 0, 0, 0, 0, 0, 0)
2470 if ctx['num'] == idx:
2471 logger.info("Test: EAP-Failure")
2472 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2475 if ctx['num'] == idx:
2476 logger.info("Test: Invalid AT_RAND length")
2477 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2479 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2480 EAP_SIM_AT_RAND, 1, 0)
2482 if ctx['num'] == idx:
2483 logger.info("Test: EAP-Failure")
2484 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2487 if ctx['num'] == idx:
2488 logger.info("Test: Invalid AT_AUTN length")
2489 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2491 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2492 EAP_SIM_AT_AUTN, 1, 0)
2494 if ctx['num'] == idx:
2495 logger.info("Test: EAP-Failure")
2496 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2499 if ctx['num'] == idx:
2500 logger.info("Test: Unencrypted AT_PADDING")
2501 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2503 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2504 EAP_SIM_AT_PADDING, 1, 0)
2506 if ctx['num'] == idx:
2507 logger.info("Test: EAP-Failure")
2508 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2511 if ctx['num'] == idx:
2512 logger.info("Test: Invalid AT_NONCE_MT length")
2513 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2515 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2516 EAP_SIM_AT_NONCE_MT, 1, 0)
2518 if ctx['num'] == idx:
2519 logger.info("Test: EAP-Failure")
2520 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2523 if ctx['num'] == idx:
2524 logger.info("Test: Invalid AT_MAC length")
2525 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2527 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2528 EAP_SIM_AT_MAC, 1, 0)
2530 if ctx['num'] == idx:
2531 logger.info("Test: EAP-Failure")
2532 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2535 if ctx['num'] == idx:
2536 logger.info("Test: Invalid AT_NOTIFICATION length")
2537 return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
2539 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2540 EAP_SIM_AT_NOTIFICATION, 2, 0, 0)
2542 if ctx['num'] == idx:
2543 logger.info("Test: EAP-Failure")
2544 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2547 if ctx['num'] == idx:
2548 logger.info("Test: AT_IDENTITY overflow")
2549 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2551 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2552 EAP_SIM_AT_IDENTITY, 1, 0xffff)
2554 if ctx['num'] == idx:
2555 logger.info("Test: EAP-Failure")
2556 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2559 if ctx['num'] == idx:
2560 logger.info("Test: Unexpected AT_VERSION_LIST")
2561 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2563 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2564 EAP_SIM_AT_VERSION_LIST, 1, 0)
2566 if ctx['num'] == idx:
2567 logger.info("Test: EAP-Failure")
2568 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2571 if ctx['num'] == idx:
2572 logger.info("Test: Invalid AT_SELECTED_VERSION length")
2573 return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
2575 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2576 EAP_SIM_AT_SELECTED_VERSION, 2, 0, 0)
2578 if ctx['num'] == idx:
2579 logger.info("Test: EAP-Failure")
2580 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2583 if ctx['num'] == idx:
2584 logger.info("Test: Unencrypted AT_COUNTER")
2585 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2587 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2588 EAP_SIM_AT_COUNTER, 1, 0)
2590 if ctx['num'] == idx:
2591 logger.info("Test: EAP-Failure")
2592 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2595 if ctx['num'] == idx:
2596 logger.info("Test: Unencrypted AT_COUNTER_TOO_SMALL")
2597 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2599 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2600 EAP_SIM_AT_COUNTER_TOO_SMALL, 1, 0)
2602 if ctx['num'] == idx:
2603 logger.info("Test: EAP-Failure")
2604 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2607 if ctx['num'] == idx:
2608 logger.info("Test: Unencrypted AT_NONCE_S")
2609 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2611 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2612 EAP_SIM_AT_NONCE_S, 1, 0)
2614 if ctx['num'] == idx:
2615 logger.info("Test: EAP-Failure")
2616 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2619 if ctx['num'] == idx:
2620 logger.info("Test: Invalid AT_CLIENT_ERROR_CODE length")
2621 return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
2623 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2624 EAP_SIM_AT_CLIENT_ERROR_CODE, 2, 0, 0)
2626 if ctx['num'] == idx:
2627 logger.info("Test: EAP-Failure")
2628 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2631 if ctx['num'] == idx:
2632 logger.info("Test: Invalid AT_IV length")
2633 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2635 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2636 EAP_SIM_AT_IV, 1, 0)
2638 if ctx['num'] == idx:
2639 logger.info("Test: EAP-Failure")
2640 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2643 if ctx['num'] == idx:
2644 logger.info("Test: Invalid AT_ENCR_DATA length")
2645 return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
2647 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2648 EAP_SIM_AT_ENCR_DATA, 2, 0, 0)
2650 if ctx['num'] == idx:
2651 logger.info("Test: EAP-Failure")
2652 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2655 if ctx['num'] == idx:
2656 logger.info("Test: Unencrypted AT_NEXT_PSEUDONYM")
2657 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2659 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2660 EAP_SIM_AT_NEXT_PSEUDONYM, 1, 0)
2662 if ctx['num'] == idx:
2663 logger.info("Test: EAP-Failure")
2664 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2667 if ctx['num'] == idx:
2668 logger.info("Test: Unencrypted AT_NEXT_REAUTH_ID")
2669 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2671 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2672 EAP_SIM_AT_NEXT_REAUTH_ID, 1, 0)
2674 if ctx['num'] == idx:
2675 logger.info("Test: EAP-Failure")
2676 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2679 if ctx['num'] == idx:
2680 logger.info("Test: Invalid AT_RES length")
2681 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2683 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2684 EAP_SIM_AT_RES, 1, 0)
2686 if ctx['num'] == idx:
2687 logger.info("Test: EAP-Failure")
2688 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2691 if ctx['num'] == idx:
2692 logger.info("Test: Invalid AT_RES length")
2693 return struct.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST, ctx['id'],
2695 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2696 EAP_SIM_AT_RES, 6, 0xffff, 0, 0, 0, 0, 0)
2698 if ctx['num'] == idx:
2699 logger.info("Test: EAP-Failure")
2700 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2703 if ctx['num'] == idx:
2704 logger.info("Test: Invalid AT_AUTS length")
2705 return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
2707 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2708 EAP_SIM_AT_AUTS, 2, 0, 0)
2710 if ctx['num'] == idx:
2711 logger.info("Test: EAP-Failure")
2712 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2715 if ctx['num'] == idx:
2716 logger.info("Test: Invalid AT_CHECKCODE length")
2717 return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
2719 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2720 EAP_SIM_AT_CHECKCODE, 2, 0, 0)
2722 if ctx['num'] == idx:
2723 logger.info("Test: EAP-Failure")
2724 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2727 if ctx['num'] == idx:
2728 logger.info("Test: Invalid AT_RESULT_IND length")
2729 return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
2731 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2732 EAP_SIM_AT_RESULT_IND, 2, 0, 0)
2734 if ctx['num'] == idx:
2735 logger.info("Test: EAP-Failure")
2736 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2739 if ctx['num'] == idx:
2740 logger.info("Test: Unexpected AT_KDF_INPUT")
2741 return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
2743 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2744 EAP_SIM_AT_KDF_INPUT, 2, 0, 0)
2746 if ctx['num'] == idx:
2747 logger.info("Test: EAP-Failure")
2748 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2751 if ctx['num'] == idx:
2752 logger.info("Test: Unexpected AT_KDF")
2753 return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
2755 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2756 EAP_SIM_AT_KDF, 2, 0, 0)
2758 if ctx['num'] == idx:
2759 logger.info("Test: EAP-Failure")
2760 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2763 if ctx['num'] == idx:
2764 logger.info("Test: Invalid AT_BIDDING length")
2765 return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
2767 EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0,
2768 EAP_SIM_AT_BIDDING, 2, 0, 0)
2770 if ctx['num'] == idx:
2771 logger.info("Test: EAP-Failure")
2772 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2776 srv = start_radius_server(aka_handler)
2779 hapd = start_ap(apdev[0]['ifname'])
2781 for i in range(0, 49):
2782 eap = "AKA AKA'" if i == 11 else "AKA"
2783 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
2784 eap=eap, identity="0232010000000000",
2785 password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
2787 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
2790 raise Exception("Timeout on EAP start")
2794 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
2797 raise Exception("Timeout on EAP failure")
2798 dev[0].request("REMOVE_NETWORK all")
2799 dev[0].dump_monitor()
2801 stop_radius_server(srv)
2803 def test_eap_proto_aka_prime(dev, apdev):
2804 """EAP-AKA' protocol tests"""
2805 def aka_prime_handler(ctx, req):
2806 logger.info("aka_prime_handler - RX " + req.encode("hex"))
2807 if 'num' not in ctx:
2809 ctx['num'] = ctx['num'] + 1
2812 ctx['id'] = (ctx['id'] + 1) % 256
2817 if ctx['num'] == idx:
2818 logger.info("Test: Missing payload")
2819 return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
2824 if ctx['num'] == idx:
2825 logger.info("Test: Challenge with no attributes")
2826 return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
2828 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0)
2830 if ctx['num'] == idx:
2831 logger.info("Test: EAP-Failure")
2832 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2835 if ctx['num'] == idx:
2836 logger.info("Test: Challenge with empty AT_KDF_INPUT")
2837 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
2839 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
2840 EAP_SIM_AT_KDF_INPUT, 1, 0)
2842 if ctx['num'] == idx:
2843 logger.info("Test: EAP-Failure")
2844 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2847 if ctx['num'] == idx:
2848 logger.info("Test: Challenge with AT_KDF_INPUT")
2849 return struct.pack(">BBHBBHBBHBBBB", EAP_CODE_REQUEST, ctx['id'],
2851 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
2852 EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
2855 if ctx['num'] == idx:
2856 logger.info("Test: EAP-Failure")
2857 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2860 if ctx['num'] == idx:
2861 logger.info("Test: Challenge with duplicated KDF")
2862 return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH",
2863 EAP_CODE_REQUEST, ctx['id'],
2864 4 + 1 + 3 + 8 + 3 * 4,
2865 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
2866 EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
2868 EAP_SIM_AT_KDF, 1, 1,
2869 EAP_SIM_AT_KDF, 1, 2,
2870 EAP_SIM_AT_KDF, 1, 1)
2872 if ctx['num'] == idx:
2873 logger.info("Test: EAP-Failure")
2874 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2877 if ctx['num'] == idx:
2878 logger.info("Test: Challenge with multiple KDF proposals")
2879 return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH",
2880 EAP_CODE_REQUEST, ctx['id'],
2881 4 + 1 + 3 + 8 + 3 * 4,
2882 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
2883 EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
2885 EAP_SIM_AT_KDF, 1, 255,
2886 EAP_SIM_AT_KDF, 1, 254,
2887 EAP_SIM_AT_KDF, 1, 1)
2889 if ctx['num'] == idx:
2890 logger.info("Test: Challenge with incorrect KDF selected")
2891 return struct.pack(">BBHBBHBBHBBBBBBHBBHBBHBBH",
2892 EAP_CODE_REQUEST, ctx['id'],
2893 4 + 1 + 3 + 8 + 4 * 4,
2894 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
2895 EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
2897 EAP_SIM_AT_KDF, 1, 255,
2898 EAP_SIM_AT_KDF, 1, 255,
2899 EAP_SIM_AT_KDF, 1, 254,
2900 EAP_SIM_AT_KDF, 1, 1)
2902 if ctx['num'] == idx:
2903 logger.info("Test: EAP-Failure")
2904 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2907 if ctx['num'] == idx:
2908 logger.info("Test: Challenge with multiple KDF proposals")
2909 return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH",
2910 EAP_CODE_REQUEST, ctx['id'],
2911 4 + 1 + 3 + 8 + 3 * 4,
2912 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
2913 EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
2915 EAP_SIM_AT_KDF, 1, 255,
2916 EAP_SIM_AT_KDF, 1, 254,
2917 EAP_SIM_AT_KDF, 1, 1)
2919 if ctx['num'] == idx:
2920 logger.info("Test: Challenge with selected KDF not duplicated")
2921 return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH",
2922 EAP_CODE_REQUEST, ctx['id'],
2923 4 + 1 + 3 + 8 + 3 * 4,
2924 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
2925 EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
2927 EAP_SIM_AT_KDF, 1, 1,
2928 EAP_SIM_AT_KDF, 1, 255,
2929 EAP_SIM_AT_KDF, 1, 254)
2931 if ctx['num'] == idx:
2932 logger.info("Test: EAP-Failure")
2933 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2936 if ctx['num'] == idx:
2937 logger.info("Test: Challenge with multiple KDF proposals")
2938 return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH",
2939 EAP_CODE_REQUEST, ctx['id'],
2940 4 + 1 + 3 + 8 + 3 * 4,
2941 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
2942 EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
2944 EAP_SIM_AT_KDF, 1, 255,
2945 EAP_SIM_AT_KDF, 1, 254,
2946 EAP_SIM_AT_KDF, 1, 1)
2948 if ctx['num'] == idx:
2949 logger.info("Test: Challenge with selected KDF duplicated (missing MAC, RAND, AUTN)")
2950 return struct.pack(">BBHBBHBBHBBBBBBHBBHBBHBBH",
2951 EAP_CODE_REQUEST, ctx['id'],
2952 4 + 1 + 3 + 8 + 4 * 4,
2953 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
2954 EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
2956 EAP_SIM_AT_KDF, 1, 1,
2957 EAP_SIM_AT_KDF, 1, 255,
2958 EAP_SIM_AT_KDF, 1, 254,
2959 EAP_SIM_AT_KDF, 1, 1)
2961 if ctx['num'] == idx:
2962 logger.info("Test: EAP-Failure")
2963 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2966 if ctx['num'] == idx:
2967 logger.info("Test: Challenge with multiple unsupported KDF proposals")
2968 return struct.pack(">BBHBBHBBHBBBBBBHBBH",
2969 EAP_CODE_REQUEST, ctx['id'],
2970 4 + 1 + 3 + 8 + 2 * 4,
2971 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
2972 EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
2974 EAP_SIM_AT_KDF, 1, 255,
2975 EAP_SIM_AT_KDF, 1, 254)
2977 if ctx['num'] == idx:
2978 logger.info("Test: EAP-Failure")
2979 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
2982 if ctx['num'] == idx:
2983 logger.info("Test: Challenge with multiple KDF proposals")
2984 return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH",
2985 EAP_CODE_REQUEST, ctx['id'],
2986 4 + 1 + 3 + 8 + 3 * 4,
2987 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
2988 EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
2990 EAP_SIM_AT_KDF, 1, 255,
2991 EAP_SIM_AT_KDF, 1, 254,
2992 EAP_SIM_AT_KDF, 1, 1)
2994 if ctx['num'] == idx:
2995 logger.info("Test: Challenge with invalid MAC, RAND, AUTN values)")
2996 return struct.pack(">BBHBBHBBHBBBBBBHBBHBBHBBHBBH4LBBH4LBBH4L",
2997 EAP_CODE_REQUEST, ctx['id'],
2998 4 + 1 + 3 + 8 + 4 * 4 + 20 + 20 + 20,
2999 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
3000 EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
3002 EAP_SIM_AT_KDF, 1, 1,
3003 EAP_SIM_AT_KDF, 1, 255,
3004 EAP_SIM_AT_KDF, 1, 254,
3005 EAP_SIM_AT_KDF, 1, 1,
3006 EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0,
3007 EAP_SIM_AT_RAND, 5, 0, 0, 0, 0, 0,
3008 EAP_SIM_AT_AUTN, 5, 0, 0, 0, 0, 0)
3010 if ctx['num'] == idx:
3011 logger.info("Test: EAP-Failure")
3012 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3015 if ctx['num'] == idx:
3016 logger.info("Test: Challenge - AMF separation bit not set)")
3017 return struct.pack(">BBHBBHBBHBBBBBBHBBH4LBBH4LBBH4L",
3018 EAP_CODE_REQUEST, ctx['id'],
3019 4 + 1 + 3 + 8 + 4 + 20 + 20 + 20,
3020 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
3021 EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
3023 EAP_SIM_AT_KDF, 1, 1,
3024 EAP_SIM_AT_MAC, 5, 0, 1, 2, 3, 4,
3025 EAP_SIM_AT_RAND, 5, 0, 5, 6, 7, 8,
3026 EAP_SIM_AT_AUTN, 5, 0, 9, 10,
3027 0x2fda8ef7, 0xbba518cc)
3029 if ctx['num'] == idx:
3030 logger.info("Test: EAP-Failure")
3031 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3034 if ctx['num'] == idx:
3035 logger.info("Test: Challenge - Invalid MAC")
3036 return struct.pack(">BBHBBHBBHBBBBBBHBBH4LBBH4LBBH4L",
3037 EAP_CODE_REQUEST, ctx['id'],
3038 4 + 1 + 3 + 8 + 4 + 20 + 20 + 20,
3039 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
3040 EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
3042 EAP_SIM_AT_KDF, 1, 1,
3043 EAP_SIM_AT_MAC, 5, 0, 1, 2, 3, 4,
3044 EAP_SIM_AT_RAND, 5, 0, 5, 6, 7, 8,
3045 EAP_SIM_AT_AUTN, 5, 0, 0xffffffff, 0xffffffff,
3046 0xd1f90322, 0x40514cb4)
3048 if ctx['num'] == idx:
3049 logger.info("Test: EAP-Failure")
3050 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3053 if ctx['num'] == idx:
3054 logger.info("Test: Challenge - Valid MAC")
3055 return struct.pack(">BBHBBHBBHBBBBBBHBBH4LBBH4LBBH4L",
3056 EAP_CODE_REQUEST, ctx['id'],
3057 4 + 1 + 3 + 8 + 4 + 20 + 20 + 20,
3058 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
3059 EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'),
3061 EAP_SIM_AT_KDF, 1, 1,
3062 EAP_SIM_AT_MAC, 5, 0,
3063 0xf4a3c1d3, 0x7c901401, 0x34bd8b01, 0x6f7fa32f,
3064 EAP_SIM_AT_RAND, 5, 0, 5, 6, 7, 8,
3065 EAP_SIM_AT_AUTN, 5, 0, 0xffffffff, 0xffffffff,
3066 0xd1f90322, 0x40514cb4)
3068 if ctx['num'] == idx:
3069 logger.info("Test: EAP-Failure")
3070 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3073 if ctx['num'] == idx:
3074 logger.info("Test: Invalid AT_KDF_INPUT length")
3075 return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
3077 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_IDENTITY, 0,
3078 EAP_SIM_AT_KDF_INPUT, 2, 0xffff, 0)
3080 if ctx['num'] == idx:
3081 logger.info("Test: EAP-Failure")
3082 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3085 if ctx['num'] == idx:
3086 logger.info("Test: Invalid AT_KDF length")
3087 return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
3089 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_IDENTITY, 0,
3090 EAP_SIM_AT_KDF, 2, 0, 0)
3092 if ctx['num'] == idx:
3093 logger.info("Test: EAP-Failure")
3094 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3097 if ctx['num'] == idx:
3098 logger.info("Test: Challenge with large number of KDF proposals")
3099 return struct.pack(">BBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBH",
3100 EAP_CODE_REQUEST, ctx['id'],
3102 EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0,
3103 EAP_SIM_AT_KDF, 1, 255,
3104 EAP_SIM_AT_KDF, 1, 254,
3105 EAP_SIM_AT_KDF, 1, 253,
3106 EAP_SIM_AT_KDF, 1, 252,
3107 EAP_SIM_AT_KDF, 1, 251,
3108 EAP_SIM_AT_KDF, 1, 250,
3109 EAP_SIM_AT_KDF, 1, 249,
3110 EAP_SIM_AT_KDF, 1, 248,
3111 EAP_SIM_AT_KDF, 1, 247,
3112 EAP_SIM_AT_KDF, 1, 246,
3113 EAP_SIM_AT_KDF, 1, 245,
3114 EAP_SIM_AT_KDF, 1, 244)
3116 if ctx['num'] == idx:
3117 logger.info("Test: EAP-Failure")
3118 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3122 srv = start_radius_server(aka_prime_handler)
3125 hapd = start_ap(apdev[0]['ifname'])
3127 for i in range(0, 16):
3128 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
3129 eap="AKA'", identity="6555444333222111",
3130 password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
3132 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
3135 raise Exception("Timeout on EAP start")
3139 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
3142 raise Exception("Timeout on EAP failure")
3143 dev[0].request("REMOVE_NETWORK all")
3144 dev[0].dump_monitor()
3146 stop_radius_server(srv)
3148 def test_eap_proto_sim(dev, apdev):
3149 """EAP-SIM protocol tests"""
3150 def sim_handler(ctx, req):
3151 logger.info("sim_handler - RX " + req.encode("hex"))
3152 if 'num' not in ctx:
3154 ctx['num'] = ctx['num'] + 1
3157 ctx['id'] = (ctx['id'] + 1) % 256
3162 if ctx['num'] == idx:
3163 logger.info("Test: Missing payload")
3164 return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
3169 if ctx['num'] == idx:
3170 logger.info("Test: Unexpected AT_AUTN")
3171 return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
3173 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3174 EAP_SIM_AT_AUTN, 2, 0, 0)
3176 if ctx['num'] == idx:
3177 logger.info("Test: EAP-Failure")
3178 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3181 if ctx['num'] == idx:
3182 logger.info("Test: Too short AT_VERSION_LIST")
3183 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
3185 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3186 EAP_SIM_AT_VERSION_LIST, 1, 0)
3188 if ctx['num'] == idx:
3189 logger.info("Test: EAP-Failure")
3190 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3193 if ctx['num'] == idx:
3194 logger.info("Test: AT_VERSION_LIST overflow")
3195 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
3197 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3198 EAP_SIM_AT_VERSION_LIST, 1, 0xffff)
3200 if ctx['num'] == idx:
3201 logger.info("Test: EAP-Failure")
3202 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3205 if ctx['num'] == idx:
3206 logger.info("Test: Unexpected AT_AUTS")
3207 return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
3209 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3210 EAP_SIM_AT_AUTS, 2, 0, 0)
3212 if ctx['num'] == idx:
3213 logger.info("Test: EAP-Failure")
3214 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3217 if ctx['num'] == idx:
3218 logger.info("Test: Unexpected AT_CHECKCODE")
3219 return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'],
3221 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3222 EAP_SIM_AT_CHECKCODE, 2, 0, 0)
3224 if ctx['num'] == idx:
3225 logger.info("Test: EAP-Failure")
3226 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3229 if ctx['num'] == idx:
3230 logger.info("Test: No AT_VERSION_LIST in Start")
3231 return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
3233 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0)
3235 if ctx['num'] == idx:
3236 logger.info("Test: EAP-Failure")
3237 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3240 if ctx['num'] == idx:
3241 logger.info("Test: No support version in AT_VERSION_LIST")
3242 return struct.pack(">BBHBBHBBH4B", EAP_CODE_REQUEST, ctx['id'],
3244 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3245 EAP_SIM_AT_VERSION_LIST, 2, 3, 2, 3, 4, 5)
3247 if ctx['num'] == idx:
3248 logger.info("Test: EAP-Failure")
3249 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3253 if ctx['num'] == idx:
3254 logger.info("Test: Identity request without ID type")
3255 return struct.pack(">BBHBBHBBH2H", EAP_CODE_REQUEST, ctx['id'],
3257 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3258 EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0)
3260 if ctx['num'] == idx:
3261 logger.info("Test: Identity request ANY_ID")
3262 return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
3264 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3265 EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
3266 EAP_SIM_AT_ANY_ID_REQ, 1, 0)
3268 if ctx['num'] == idx:
3269 logger.info("Test: Identity request ANY_ID (duplicate)")
3270 return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
3272 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3273 EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
3274 EAP_SIM_AT_ANY_ID_REQ, 1, 0)
3276 if ctx['num'] == idx:
3277 logger.info("Test: EAP-Failure")
3278 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3281 if ctx['num'] == idx:
3282 logger.info("Test: Identity request ANY_ID")
3283 return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
3285 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3286 EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
3287 EAP_SIM_AT_ANY_ID_REQ, 1, 0)
3289 if ctx['num'] == idx:
3290 logger.info("Test: Identity request FULLAUTH_ID")
3291 return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
3293 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3294 EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
3295 EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0)
3297 if ctx['num'] == idx:
3298 logger.info("Test: Identity request FULLAUTH_ID (duplicate)")
3299 return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
3301 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3302 EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
3303 EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0)
3305 if ctx['num'] == idx:
3306 logger.info("Test: EAP-Failure")
3307 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3310 if ctx['num'] == idx:
3311 logger.info("Test: Identity request ANY_ID")
3312 return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
3314 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3315 EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
3316 EAP_SIM_AT_ANY_ID_REQ, 1, 0)
3318 if ctx['num'] == idx:
3319 logger.info("Test: Identity request FULLAUTH_ID")
3320 return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
3322 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3323 EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
3324 EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0)
3326 if ctx['num'] == idx:
3327 logger.info("Test: Identity request PERMANENT_ID")
3328 return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
3330 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3331 EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
3332 EAP_SIM_AT_PERMANENT_ID_REQ, 1, 0)
3334 if ctx['num'] == idx:
3335 logger.info("Test: Identity request PERMANENT_ID (duplicate)")
3336 return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'],
3338 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0,
3339 EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0,
3340 EAP_SIM_AT_PERMANENT_ID_REQ, 1, 0)
3342 if ctx['num'] == idx:
3343 logger.info("Test: EAP-Failure")
3344 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3347 if ctx['num'] == idx:
3348 logger.info("Test: No AT_MAC and AT_RAND in Challenge")
3349 return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
3351 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE, 0)
3353 if ctx['num'] == idx:
3354 logger.info("Test: EAP-Failure")
3355 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3358 if ctx['num'] == idx:
3359 logger.info("Test: No AT_RAND in Challenge")
3360 return struct.pack(">BBHBBHBBH4L", EAP_CODE_REQUEST, ctx['id'],
3362 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE, 0,
3363 EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0)
3365 if ctx['num'] == idx:
3366 logger.info("Test: EAP-Failure")
3367 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3370 if ctx['num'] == idx:
3371 logger.info("Test: Insufficient number of challenges in Challenge")
3372 return struct.pack(">BBHBBHBBH4LBBH4L", EAP_CODE_REQUEST, ctx['id'],
3373 4 + 1 + 3 + 20 + 20,
3374 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE, 0,
3375 EAP_SIM_AT_RAND, 5, 0, 0, 0, 0, 0,
3376 EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0)
3378 if ctx['num'] == idx:
3379 logger.info("Test: EAP-Failure")
3380 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3383 if ctx['num'] == idx:
3384 logger.info("Test: Too many challenges in Challenge")
3385 return struct.pack(">BBHBBHBBH4L4L4L4LBBH4L", EAP_CODE_REQUEST,
3387 4 + 1 + 3 + 4 + 4 * 16 + 20,
3388 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE, 0,
3389 EAP_SIM_AT_RAND, 17, 0, 0, 0, 0, 0, 0, 0, 0, 0,
3390 0, 0, 0, 0, 0, 0, 0, 0,
3391 EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0)
3393 if ctx['num'] == idx:
3394 logger.info("Test: EAP-Failure")
3395 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3398 if ctx['num'] == idx:
3399 logger.info("Test: Same RAND multiple times in Challenge")
3400 return struct.pack(">BBHBBHBBH4L4L4LBBH4L", EAP_CODE_REQUEST,
3402 4 + 1 + 3 + 4 + 3 * 16 + 20,
3403 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE, 0,
3404 EAP_SIM_AT_RAND, 13, 0, 0, 0, 0, 0, 0, 0, 0, 1,
3406 EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0)
3408 if ctx['num'] == idx:
3409 logger.info("Test: EAP-Failure")
3410 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3413 if ctx['num'] == idx:
3414 logger.info("Test: Notification with no attributes")
3415 return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
3417 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0)
3419 if ctx['num'] == idx:
3420 logger.info("Test: EAP-Failure")
3421 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3424 if ctx['num'] == idx:
3425 logger.info("Test: Notification indicating success, but no MAC")
3426 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
3428 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0,
3429 EAP_SIM_AT_NOTIFICATION, 1, 32768)
3431 if ctx['num'] == idx:
3432 logger.info("Test: EAP-Failure")
3433 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3436 if ctx['num'] == idx:
3437 logger.info("Test: Notification indicating success, but invalid MAC value")
3438 return struct.pack(">BBHBBHBBHBBH4L", EAP_CODE_REQUEST, ctx['id'],
3440 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0,
3441 EAP_SIM_AT_NOTIFICATION, 1, 32768,
3442 EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0)
3444 if ctx['num'] == idx:
3445 logger.info("Test: EAP-Failure")
3446 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3449 if ctx['num'] == idx:
3450 logger.info("Test: Notification before auth")
3451 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
3453 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0,
3454 EAP_SIM_AT_NOTIFICATION, 1, 16384)
3456 if ctx['num'] == idx:
3457 logger.info("Test: EAP-Failure")
3458 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3461 if ctx['num'] == idx:
3462 logger.info("Test: Notification before auth")
3463 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
3465 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0,
3466 EAP_SIM_AT_NOTIFICATION, 1, 16385)
3468 if ctx['num'] == idx:
3469 logger.info("Test: EAP-Failure")
3470 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3473 if ctx['num'] == idx:
3474 logger.info("Test: Notification with unrecognized non-failure")
3475 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
3477 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0,
3478 EAP_SIM_AT_NOTIFICATION, 1, 0xc000)
3480 if ctx['num'] == idx:
3481 logger.info("Test: Notification before auth (duplicate)")
3482 return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'],
3484 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0,
3485 EAP_SIM_AT_NOTIFICATION, 1, 0xc000)
3487 if ctx['num'] == idx:
3488 logger.info("Test: EAP-Failure")
3489 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3492 if ctx['num'] == idx:
3493 logger.info("Test: Re-authentication (unexpected) with no attributes")
3494 return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
3496 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_REAUTHENTICATION,
3499 if ctx['num'] == idx:
3500 logger.info("Test: EAP-Failure")
3501 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3504 if ctx['num'] == idx:
3505 logger.info("Test: Client Error")
3506 return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
3508 EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CLIENT_ERROR, 0)
3510 if ctx['num'] == idx:
3511 logger.info("Test: EAP-Failure")
3512 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3515 if ctx['num'] == idx:
3516 logger.info("Test: Unknown subtype")
3517 return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'],
3519 EAP_TYPE_SIM, 255, 0)
3521 if ctx['num'] == idx:
3522 logger.info("Test: EAP-Failure")
3523 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3527 srv = start_radius_server(sim_handler)
3530 hapd = start_ap(apdev[0]['ifname'])
3532 for i in range(0, 25):
3533 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
3534 eap="SIM", identity="1232010000000000",
3535 password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
3537 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
3540 raise Exception("Timeout on EAP start")
3544 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
3547 raise Exception("Timeout on EAP failure")
3548 dev[0].request("REMOVE_NETWORK all")
3549 dev[0].dump_monitor()
3551 stop_radius_server(srv)
3553 def test_eap_proto_ikev2(dev, apdev):
3554 """EAP-IKEv2 protocol tests"""
3555 check_eap_capa(dev[0], "IKEV2")
3556 def ikev2_handler(ctx, req):
3557 logger.info("ikev2_handler - RX " + req.encode("hex"))
3558 if 'num' not in ctx:
3560 ctx['num'] = ctx['num'] + 1
3563 ctx['id'] = (ctx['id'] + 1) % 256
3568 if ctx['num'] == idx:
3569 logger.info("Test: Missing payload")
3570 return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
3575 if ctx['num'] == idx:
3576 logger.info("Test: Truncated Message Length field")
3577 return struct.pack(">BBHBB3B", EAP_CODE_REQUEST, ctx['id'],
3579 EAP_TYPE_IKEV2, 0x80, 0, 0, 0)
3582 if ctx['num'] == idx:
3583 logger.info("Test: Too short Message Length value")
3584 return struct.pack(">BBHBBLB", EAP_CODE_REQUEST, ctx['id'],
3586 EAP_TYPE_IKEV2, 0x80, 0, 1)
3589 if ctx['num'] == idx:
3590 logger.info("Test: Truncated message")
3591 return struct.pack(">BBHBBL", EAP_CODE_REQUEST, ctx['id'],
3593 EAP_TYPE_IKEV2, 0x80, 1)
3596 if ctx['num'] == idx:
3597 logger.info("Test: Truncated message(2)")
3598 return struct.pack(">BBHBBL", EAP_CODE_REQUEST, ctx['id'],
3600 EAP_TYPE_IKEV2, 0x80, 0xffffffff)
3603 if ctx['num'] == idx:
3604 logger.info("Test: Truncated message(3)")
3605 return struct.pack(">BBHBBL", EAP_CODE_REQUEST, ctx['id'],
3607 EAP_TYPE_IKEV2, 0xc0, 0xffffffff)
3610 if ctx['num'] == idx:
3611 logger.info("Test: Truncated message(4)")
3612 return struct.pack(">BBHBBL", EAP_CODE_REQUEST, ctx['id'],
3614 EAP_TYPE_IKEV2, 0xc0, 10000000)
3617 if ctx['num'] == idx:
3618 logger.info("Test: Too long fragments (first fragment)")
3619 return struct.pack(">BBHBBLB", EAP_CODE_REQUEST, ctx['id'],
3621 EAP_TYPE_IKEV2, 0xc0, 2, 1)
3624 if ctx['num'] == idx:
3625 logger.info("Test: Too long fragments (second fragment)")
3626 return struct.pack(">BBHBB2B", EAP_CODE_REQUEST, ctx['id'],
3628 EAP_TYPE_IKEV2, 0x00, 2, 3)
3631 if ctx['num'] == idx:
3632 logger.info("Test: No Message Length field in first fragment")
3633 return struct.pack(">BBHBBB", EAP_CODE_REQUEST, ctx['id'],
3635 EAP_TYPE_IKEV2, 0x40, 1)
3638 if ctx['num'] == idx:
3639 logger.info("Test: ICV before keys")
3640 return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
3642 EAP_TYPE_IKEV2, 0x20)
3645 if ctx['num'] == idx:
3646 logger.info("Test: Unsupported IKEv2 header version")
3647 return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
3649 EAP_TYPE_IKEV2, 0x00,
3654 if ctx['num'] == idx:
3655 logger.info("Test: Incorrect IKEv2 header Length")
3656 return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
3658 EAP_TYPE_IKEV2, 0x00,
3660 0, 0x20, 0, 0, 0, 0)
3663 if ctx['num'] == idx:
3664 logger.info("Test: Unexpected IKEv2 Exchange Type in SA_INIT state")
3665 return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
3667 EAP_TYPE_IKEV2, 0x00,
3669 0, 0x20, 0, 0, 0, 28)
3672 if ctx['num'] == idx:
3673 logger.info("Test: Unexpected IKEv2 Message ID in SA_INIT state")
3674 return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
3676 EAP_TYPE_IKEV2, 0x00,
3678 0, 0x20, 34, 0, 1, 28)
3681 if ctx['num'] == idx:
3682 logger.info("Test: Unexpected IKEv2 Flags value")
3683 return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
3685 EAP_TYPE_IKEV2, 0x00,
3687 0, 0x20, 34, 0, 0, 28)
3690 if ctx['num'] == idx:
3691 logger.info("Test: Unexpected IKEv2 Flags value(2)")
3692 return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
3694 EAP_TYPE_IKEV2, 0x00,
3696 0, 0x20, 34, 0x20, 0, 28)
3699 if ctx['num'] == idx:
3700 logger.info("Test: No SAi1 in SA_INIT")
3701 return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
3703 EAP_TYPE_IKEV2, 0x00,
3705 0, 0x20, 34, 0x08, 0, 28)
3707 def build_ike(id, next=0, exch_type=34, flags=0x00, ike=''):
3708 return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, id,
3709 4 + 1 + 1 + 28 + len(ike),
3710 EAP_TYPE_IKEV2, flags,
3712 next, 0x20, exch_type, 0x08, 0,
3713 28 + len(ike)) + ike
3716 if ctx['num'] == idx:
3717 logger.info("Test: Unexpected extra data after payloads")
3718 return build_ike(ctx['id'], ike=struct.pack(">B", 1))
3721 if ctx['num'] == idx:
3722 logger.info("Test: Truncated payload header")
3723 return build_ike(ctx['id'], next=128, ike=struct.pack(">B", 1))
3726 if ctx['num'] == idx:
3727 logger.info("Test: Too small payload header length")
3728 ike = struct.pack(">BBH", 0, 0, 3)
3729 return build_ike(ctx['id'], next=128, ike=ike)
3732 if ctx['num'] == idx:
3733 logger.info("Test: Too large payload header length")
3734 ike = struct.pack(">BBH", 0, 0, 5)
3735 return build_ike(ctx['id'], next=128, ike=ike)
3738 if ctx['num'] == idx:
3739 logger.info("Test: Unsupported payload (non-critical and critical)")
3740 ike = struct.pack(">BBHBBH", 129, 0, 4, 0, 0x01, 4)
3741 return build_ike(ctx['id'], next=128, ike=ike)
3744 if ctx['num'] == idx:
3745 logger.info("Test: Certificate and empty SAi1")
3746 ike = struct.pack(">BBHBBH", 33, 0, 4, 0, 0, 4)
3747 return build_ike(ctx['id'], next=37, ike=ike)
3750 if ctx['num'] == idx:
3751 logger.info("Test: Too short proposal")
3752 ike = struct.pack(">BBHBBHBBB", 0, 0, 4 + 7,
3754 return build_ike(ctx['id'], next=33, ike=ike)
3757 if ctx['num'] == idx:
3758 logger.info("Test: Too small proposal length in SAi1")
3759 ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
3760 0, 0, 7, 0, 0, 0, 0)
3761 return build_ike(ctx['id'], next=33, ike=ike)
3764 if ctx['num'] == idx:
3765 logger.info("Test: Too large proposal length in SAi1")
3766 ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
3767 0, 0, 9, 0, 0, 0, 0)
3768 return build_ike(ctx['id'], next=33, ike=ike)
3771 if ctx['num'] == idx:
3772 logger.info("Test: Unexpected proposal type in SAi1")
3773 ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
3774 1, 0, 8, 0, 0, 0, 0)
3775 return build_ike(ctx['id'], next=33, ike=ike)
3778 if ctx['num'] == idx:
3779 logger.info("Test: Unexpected Protocol ID in SAi1")
3780 ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
3781 0, 0, 8, 0, 0, 0, 0)
3782 return build_ike(ctx['id'], next=33, ike=ike)
3785 if ctx['num'] == idx:
3786 logger.info("Test: Unexpected proposal number in SAi1")
3787 ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
3788 0, 0, 8, 0, 1, 0, 0)
3789 return build_ike(ctx['id'], next=33, ike=ike)
3792 if ctx['num'] == idx:
3793 logger.info("Test: Not enough room for SPI in SAi1")
3794 ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
3795 0, 0, 8, 1, 1, 1, 0)
3796 return build_ike(ctx['id'], next=33, ike=ike)
3799 if ctx['num'] == idx:
3800 logger.info("Test: Unexpected SPI in SAi1")
3801 ike = struct.pack(">BBHBBHBBBBB", 0, 0, 4 + 9,
3802 0, 0, 9, 1, 1, 1, 0, 1)
3803 return build_ike(ctx['id'], next=33, ike=ike)
3806 if ctx['num'] == idx:
3807 logger.info("Test: No transforms in SAi1")
3808 ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
3809 0, 0, 8, 1, 1, 0, 0)
3810 return build_ike(ctx['id'], next=33, ike=ike)
3813 if ctx['num'] == idx:
3814 logger.info("Test: Too short transform in SAi1")
3815 ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
3816 0, 0, 8, 1, 1, 0, 1)
3817 return build_ike(ctx['id'], next=33, ike=ike)
3820 if ctx['num'] == idx:
3821 logger.info("Test: Too small transform length in SAi1")
3822 ike = struct.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
3823 0, 0, 8 + 8, 1, 1, 0, 1,
3825 return build_ike(ctx['id'], next=33, ike=ike)
3828 if ctx['num'] == idx:
3829 logger.info("Test: Too large transform length in SAi1")
3830 ike = struct.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
3831 0, 0, 8 + 8, 1, 1, 0, 1,
3833 return build_ike(ctx['id'], next=33, ike=ike)
3836 if ctx['num'] == idx:
3837 logger.info("Test: Unexpected Transform type in SAi1")
3838 ike = struct.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
3839 0, 0, 8 + 8, 1, 1, 0, 1,
3841 return build_ike(ctx['id'], next=33, ike=ike)
3844 if ctx['num'] == idx:
3845 logger.info("Test: No transform attributes in SAi1")
3846 ike = struct.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
3847 0, 0, 8 + 8, 1, 1, 0, 1,
3849 return build_ike(ctx['id'], next=33, ike=ike)
3852 if ctx['num'] == idx:
3853 logger.info("Test: No transform attr for AES and unexpected data after transforms in SAi1")
3857 tlen = tlen1 + tlen2 + tlen3
3858 ike = struct.pack(">BBHBBHBBBBBBHBBH3BBBHBBHHHBBHBBHHHB",
3859 0, 0, 4 + 8 + tlen + 1,
3860 0, 0, 8 + tlen + 1, 1, 1, 0, 3,
3861 3, 0, tlen1, 1, 0, 12, 1, 2, 3,
3862 3, 0, tlen2, 1, 0, 12, 0, 128,
3863 0, 0, tlen3, 1, 0, 12, 0x8000 | 14, 127,
3865 return build_ike(ctx['id'], next=33, ike=ike)
3867 def build_sa(next=0):
3869 return struct.pack(">BBHBBHBBBBBBHBBHBBHBBHBBHBBHBBHBBHBBHBBH",
3870 next, 0, 4 + 8 + tlen,
3871 0, 0, 8 + tlen, 1, 1, 0, 5,
3879 if ctx['num'] == idx:
3880 logger.info("Test: Valid proposal, but no KEi in SAi1")
3882 return build_ike(ctx['id'], next=33, ike=ike)
3885 if ctx['num'] == idx:
3886 logger.info("Test: Empty KEi in SAi1")
3887 ike = build_sa(next=34) + struct.pack(">BBH", 0, 0, 4)
3888 return build_ike(ctx['id'], next=33, ike=ike)
3891 if ctx['num'] == idx:
3892 logger.info("Test: Mismatch in DH Group in SAi1")
3893 ike = build_sa(next=34)
3894 ike += struct.pack(">BBHHH", 0, 0, 4 + 4 + 96, 12345, 0)
3896 return build_ike(ctx['id'], next=33, ike=ike)
3898 if ctx['num'] == idx:
3899 logger.info("Test: EAP-Failure")
3900 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3903 if ctx['num'] == idx:
3904 logger.info("Test: Invalid DH public value length in SAi1")
3905 ike = build_sa(next=34)
3906 ike += struct.pack(">BBHHH", 0, 0, 4 + 4 + 96, 5, 0)
3908 return build_ike(ctx['id'], next=33, ike=ike)
3910 def build_ke(next=0):
3911 ke = struct.pack(">BBHHH", next, 0, 4 + 4 + 192, 5, 0)
3916 if ctx['num'] == idx:
3917 logger.info("Test: Valid proposal and KEi, but no Ni in SAi1")
3918 ike = build_sa(next=34)
3920 return build_ike(ctx['id'], next=33, ike=ike)
3923 if ctx['num'] == idx:
3924 logger.info("Test: Too short Ni in SAi1")
3925 ike = build_sa(next=34)
3926 ike += build_ke(next=40)
3927 ike += struct.pack(">BBH", 0, 0, 4)
3928 return build_ike(ctx['id'], next=33, ike=ike)
3931 if ctx['num'] == idx:
3932 logger.info("Test: Too long Ni in SAi1")
3933 ike = build_sa(next=34)
3934 ike += build_ke(next=40)
3935 ike += struct.pack(">BBH", 0, 0, 4 + 257) + 257*'\x00'
3936 return build_ike(ctx['id'], next=33, ike=ike)
3938 def build_ni(next=0):
3939 return struct.pack(">BBH", next, 0, 4 + 256) + 256*'\x00'
3942 ike = build_sa(next=34)
3943 ike += build_ke(next=40)
3945 return build_ike(ctx['id'], next=33, ike=ike)
3948 if ctx['num'] == idx:
3949 logger.info("Test: Valid proposal, KEi, and Ni in SAi1")
3950 return build_sai1(ctx['id'])
3952 if ctx['num'] == idx:
3953 logger.info("Test: EAP-Failure")
3954 return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
3957 if ctx['num'] == idx:
3958 logger.info("Test: Valid proposal, KEi, and Ni in SAi1")
3959 return build_sai1(ctx['id'])
3961 if ctx['num'] == idx:
3962 logger.info("Test: No integrity checksum")
3964 return build_ike(ctx['id'], next=37, ike=ike)
3967 if ctx['num'] == idx:
3968 logger.info("Test: Valid proposal, KEi, and Ni in SAi1")
3969 return build_sai1(ctx['id'])
3971 if ctx['num'] == idx:
3972 logger.info("Test: Truncated integrity checksum")
3973 return struct.pack(">BBHBB",
3974 EAP_CODE_REQUEST, ctx['id'],
3976 EAP_TYPE_IKEV2, 0x20)
3979 if ctx['num'] == idx:
3980 logger.info("Test: Valid proposal, KEi, and Ni in SAi1")
3981 return build_sai1(ctx['id'])
3983 if ctx['num'] == idx:
3984 logger.info("Test: Invalid integrity checksum")
3986 return build_ike(ctx['id'], next=37, flags=0x20, ike=ike)
3990 srv = start_radius_server(ikev2_handler)
3993 hapd = start_ap(apdev[0]['ifname'])
3996 dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
3997 eap="IKEV2", identity="user",
3998 password="password",
4000 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
4003 raise Exception("Timeout on EAP start")
4005 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
4008 raise Exception("Timeout on EAP failure")
4011 dev[0].request("REMOVE_NETWORK all")
4013 stop_radius_server(srv)