2 # Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost import remote_compatible
16 from utils import skip_with_fips
17 from tshark import run_tshark
19 logger = logging.getLogger()
21 def test_ieee8021x_wep104(dev, apdev):
22 """IEEE 802.1X connection using dynamic WEP104"""
23 skip_with_fips(dev[0])
24 params = hostapd.radius_params()
25 params["ssid"] = "ieee8021x-wep"
26 params["ieee8021x"] = "1"
27 params["wep_key_len_broadcast"] = "13"
28 params["wep_key_len_unicast"] = "13"
29 hapd = hostapd.add_ap(apdev[0], params)
31 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
32 identity="psk.user@example.com",
33 password_hex="0123456789abcdef0123456789abcdef",
35 hwsim_utils.test_connectivity(dev[0], hapd)
37 def test_ieee8021x_wep40(dev, apdev):
38 """IEEE 802.1X connection using dynamic WEP40"""
39 skip_with_fips(dev[0])
40 params = hostapd.radius_params()
41 params["ssid"] = "ieee8021x-wep"
42 params["ieee8021x"] = "1"
43 params["wep_key_len_broadcast"] = "5"
44 params["wep_key_len_unicast"] = "5"
45 hapd = hostapd.add_ap(apdev[0], params)
47 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
48 identity="psk.user@example.com",
49 password_hex="0123456789abcdef0123456789abcdef",
51 hwsim_utils.test_connectivity(dev[0], hapd)
53 def test_ieee8021x_open(dev, apdev):
54 """IEEE 802.1X connection using open network"""
55 params = hostapd.radius_params()
56 params["ssid"] = "ieee8021x-open"
57 params["ieee8021x"] = "1"
58 hapd = hostapd.add_ap(apdev[0], params)
60 id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
61 eap="PSK", identity="psk.user@example.com",
62 password_hex="0123456789abcdef0123456789abcdef",
64 hwsim_utils.test_connectivity(dev[0], hapd)
66 logger.info("Test EAPOL-Logoff")
67 dev[0].request("LOGOFF")
68 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
70 raise Exception("Did not get disconnected")
71 if "reason=23" not in ev:
72 raise Exception("Unexpected disconnection reason")
74 dev[0].request("LOGON")
75 dev[0].connect_network(id)
76 hwsim_utils.test_connectivity(dev[0], hapd)
78 def test_ieee8021x_static_wep40(dev, apdev):
79 """IEEE 802.1X connection using static WEP40"""
80 params = hostapd.radius_params()
81 params["ssid"] = "ieee8021x-wep"
82 params["ieee8021x"] = "1"
83 params["wep_key0"] = '"hello"'
84 hapd = hostapd.add_ap(apdev[0], params)
86 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
87 identity="psk.user@example.com",
88 password_hex="0123456789abcdef0123456789abcdef",
89 wep_key0='"hello"', eapol_flags="0",
91 hwsim_utils.test_connectivity(dev[0], hapd)
93 def test_ieee8021x_proto(dev, apdev):
94 """IEEE 802.1X and EAPOL supplicant protocol testing"""
95 params = hostapd.radius_params()
96 params["ssid"] = "ieee8021x-open"
97 params["ieee8021x"] = "1"
98 hapd = hostapd.add_ap(apdev[0], params)
99 bssid = apdev[0]['bssid']
101 dev[1].request("SET ext_eapol_frame_io 1")
102 dev[1].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
103 eap="PSK", identity="psk.user@example.com",
104 password_hex="0123456789abcdef0123456789abcdef",
105 scan_freq="2412", wait_connect=False)
106 id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
107 eap="PSK", identity="psk.user@example.com",
108 password_hex="0123456789abcdef0123456789abcdef",
110 ev = dev[1].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
112 start = dev[0].get_mib()
116 "020000050a93000501",
117 "020300050a93000501",
118 "0203002c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
119 "0203002c0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
120 "0203002c0100050000000000000000000000000000000000000000000000000000000000000000000000000000000000",
121 "02aa00050a93000501" ]
123 res = dev[0].request("EAPOL_RX " + bssid + " " + frame)
125 raise Exception("EAPOL_RX to wpa_supplicant failed")
126 dev[1].request("EAPOL_RX " + bssid + " " + frame)
128 stop = dev[0].get_mib()
130 logger.info("MIB before test frames: " + str(start))
131 logger.info("MIB after test frames: " + str(stop))
133 vals = [ 'dot1xSuppInvalidEapolFramesRx',
134 'dot1xSuppEapLengthErrorFramesRx' ]
136 if int(stop[val]) <= int(start[val]):
137 raise Exception(val + " did not increase")
140 def test_ieee8021x_eapol_start(dev, apdev):
141 """IEEE 802.1X and EAPOL-Start retransmissions"""
142 params = hostapd.radius_params()
143 params["ssid"] = "ieee8021x-open"
144 params["ieee8021x"] = "1"
145 hapd = hostapd.add_ap(apdev[0], params)
146 bssid = apdev[0]['bssid']
147 addr0 = dev[0].own_addr()
149 hapd.set("ext_eapol_frame_io", "1")
151 dev[0].request("SET EAPOL::startPeriod 1")
152 dev[0].request("SET EAPOL::maxStart 1")
153 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
154 eap="PSK", identity="psk.user@example.com",
155 password_hex="0123456789abcdef0123456789abcdef",
156 scan_freq="2412", wait_connect=False)
159 pae = dev[0].get_status_field('Supplicant PAE state')
161 mib = hapd.get_sta(addr0, info="eapol")
162 if mib['auth_pae_state'] != 'AUTHENTICATING':
163 raise Exception("Unexpected Auth PAE state: " + mib['auth_pae_state'])
168 raise Exception("PAE state HELD not reached")
169 dev[0].wait_disconnected()
171 dev[0].request("SET EAPOL::startPeriod 30")
172 dev[0].request("SET EAPOL::maxStart 3")
174 def test_ieee8021x_held(dev, apdev):
175 """IEEE 802.1X and HELD state"""
176 params = hostapd.radius_params()
177 params["ssid"] = "ieee8021x-open"
178 params["ieee8021x"] = "1"
179 hapd = hostapd.add_ap(apdev[0], params)
180 bssid = apdev[0]['bssid']
182 hapd.set("ext_eapol_frame_io", "1")
184 dev[0].request("SET EAPOL::startPeriod 1")
185 dev[0].request("SET EAPOL::maxStart 0")
186 dev[0].request("SET EAPOL::heldPeriod 1")
187 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
188 eap="PSK", identity="psk.user@example.com",
189 password_hex="0123456789abcdef0123456789abcdef",
190 scan_freq="2412", wait_connect=False)
193 pae = dev[0].get_status_field('Supplicant PAE state')
199 raise Exception("PAE state HELD not reached")
201 hapd.set("ext_eapol_frame_io", "0")
203 pae = dev[0].get_status_field('Supplicant PAE state')
209 raise Exception("PAE state HELD not left")
210 ev = dev[0].wait_event([ "CTRL-EVENT-CONNECTED",
211 "CTRL-EVENT-DISCONNECTED" ], timeout=10)
213 raise Exception("Connection timed out")
214 if "CTRL-EVENT-DISCONNECTED" in ev:
215 raise Exception("Unexpected disconnection")
217 dev[0].request("SET EAPOL::startPeriod 30")
218 dev[0].request("SET EAPOL::maxStart 3")
219 dev[0].request("SET EAPOL::heldPeriod 60")
221 def send_eapol_key(dev, bssid, signkey, frame_start, frame_end):
222 zero_sign = "00000000000000000000000000000000"
223 frame = frame_start + zero_sign + frame_end
224 hmac_obj = hmac.new(binascii.unhexlify(signkey))
225 hmac_obj.update(binascii.unhexlify(frame))
226 sign = hmac_obj.digest()
227 frame = frame_start + binascii.hexlify(sign) + frame_end
228 dev.request("EAPOL_RX " + bssid + " " + frame)
230 def test_ieee8021x_eapol_key(dev, apdev):
231 """IEEE 802.1X connection and EAPOL-Key protocol tests"""
232 skip_with_fips(dev[0])
233 params = hostapd.radius_params()
234 params["ssid"] = "ieee8021x-wep"
235 params["ieee8021x"] = "1"
236 params["wep_key_len_broadcast"] = "5"
237 params["wep_key_len_unicast"] = "5"
238 hapd = hostapd.add_ap(apdev[0], params)
239 bssid = apdev[0]['bssid']
241 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="VENDOR-TEST",
242 identity="vendor-test", scan_freq="2412")
244 # Hardcoded MSK from VENDOR-TEST
245 encrkey = "1111111111111111111111111111111111111111111111111111111111111111"
246 signkey = "2222222222222222222222222222222222222222222222222222222222222222"
248 # EAPOL-Key replay counter does not increase
249 send_eapol_key(dev[0], bssid, signkey,
250 "02030031" + "010005" + "0000000000000000" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
253 # EAPOL-Key too large Key Length field value
254 send_eapol_key(dev[0], bssid, signkey,
255 "02030031" + "010021" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
258 # EAPOL-Key too much key data
259 send_eapol_key(dev[0], bssid, signkey,
260 "0203004d" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
263 # EAPOL-Key too little key data
264 send_eapol_key(dev[0], bssid, signkey,
265 "02030030" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
268 # EAPOL-Key with no key data and too long WEP key length
269 send_eapol_key(dev[0], bssid, signkey,
270 "0203002c" + "010020" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
273 def test_ieee8021x_reauth(dev, apdev):
274 """IEEE 802.1X and EAPOL_REAUTH request"""
275 params = hostapd.radius_params()
276 params["ssid"] = "ieee8021x-open"
277 params["ieee8021x"] = "1"
278 hapd = hostapd.add_ap(apdev[0], params)
280 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
281 eap="PSK", identity="psk.user@example.com",
282 password_hex="0123456789abcdef0123456789abcdef",
285 hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
286 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
288 raise Exception("EAP authentication did not start")
289 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
291 raise Exception("EAP authentication did not succeed")
293 hwsim_utils.test_connectivity(dev[0], hapd)
295 def test_ieee8021x_reauth_wep(dev, apdev, params):
296 """IEEE 802.1X and EAPOL_REAUTH request with WEP"""
297 logdir = params['logdir']
299 params = hostapd.radius_params()
300 params["ssid"] = "ieee8021x-open"
301 params["ieee8021x"] = "1"
302 params["wep_key_len_broadcast"] = "13"
303 params["wep_key_len_unicast"] = "13"
304 hapd = hostapd.add_ap(apdev[0], params)
306 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X",
307 eap="PSK", identity="psk.user@example.com",
308 password_hex="0123456789abcdef0123456789abcdef",
310 hwsim_utils.test_connectivity(dev[0], hapd)
312 hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
313 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
315 raise Exception("EAP authentication did not start")
316 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
318 raise Exception("EAP authentication did not succeed")
320 hwsim_utils.test_connectivity(dev[0], hapd)
322 out = run_tshark(os.path.join(logdir, "hwsim0.pcapng"),
323 "llc.type == 0x888e", ["eapol.type", "eap.code"])
325 raise Exception("Could not find EAPOL frames in capture")
329 for line in out.splitlines():
333 if vals[0] == '0' and len(vals) == 2:
338 logger.info("num_eapol_key: %d" % num_eapol_key)
339 logger.info("num_eap_req: %d" % num_eap_req)
340 logger.info("num_eap_resp: %d" % num_eap_resp)
341 if num_eapol_key < 4:
342 raise Exception("Did not see four unencrypted EAPOL-Key frames")
344 raise Exception("Did not see six unencrypted EAP-Request frames")
346 raise Exception("Did not see six unencrypted EAP-Response frames")
348 def test_ieee8021x_set_conf(dev, apdev):
349 """IEEE 802.1X and EAPOL_SET command"""
350 params = hostapd.radius_params()
351 params["ssid"] = "ieee8021x-open"
352 params["ieee8021x"] = "1"
353 hapd = hostapd.add_ap(apdev[0], params)
355 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
356 eap="PSK", identity="psk.user@example.com",
357 password_hex="0123456789abcdef0123456789abcdef",
360 addr0 = dev[0].own_addr()
361 tests = [ "EAPOL_SET 1",
362 "EAPOL_SET %sfoo bar" % addr0,
363 "EAPOL_SET %s foo" % addr0,
364 "EAPOL_SET %s foo bar" % addr0,
365 "EAPOL_SET %s AdminControlledDirections bar" % addr0,
366 "EAPOL_SET %s AdminControlledPortControl bar" % addr0,
367 "EAPOL_SET %s reAuthEnabled bar" % addr0,
368 "EAPOL_SET %s KeyTransmissionEnabled bar" % addr0,
369 "EAPOL_SET 11:22:33:44:55:66 AdminControlledDirections Both" ]
371 if "FAIL" not in hapd.request(t):
372 raise Exception("Invalid EAPOL_SET command accepted: " + t)
374 tests = [ ("AdminControlledDirections", "adminControlledDirections", "In"),
375 ("AdminControlledDirections", "adminControlledDirections",
377 ("quietPeriod", "quietPeriod", "13"),
378 ("serverTimeout", "serverTimeout", "7"),
379 ("reAuthPeriod", "reAuthPeriod", "1234"),
380 ("reAuthEnabled", "reAuthEnabled", "FALSE"),
381 ("reAuthEnabled", "reAuthEnabled", "TRUE"),
382 ("KeyTransmissionEnabled", "keyTxEnabled", "TRUE"),
383 ("KeyTransmissionEnabled", "keyTxEnabled", "FALSE"),
384 ("AdminControlledPortControl", "portControl", "ForceAuthorized"),
385 ("AdminControlledPortControl", "portControl",
386 "ForceUnauthorized"),
387 ("AdminControlledPortControl", "portControl", "Auto") ]
388 for param,mibparam,val in tests:
389 if "OK" not in hapd.request("EAPOL_SET %s %s %s" % (addr0, param, val)):
390 raise Exception("Failed to set %s %s" % (param, val))
391 mib = hapd.get_sta(addr0, info="eapol")
392 if mib[mibparam] != val:
393 raise Exception("Unexpected %s value: %s (expected %s)" % (param, mib[mibparam], val))
394 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
396 raise Exception("EAP authentication did not succeed")
398 hwsim_utils.test_connectivity(dev[0], hapd)
400 def test_ieee8021x_auth_awhile(dev, apdev):
401 """IEEE 802.1X and EAPOL Authenticator aWhile handling"""
402 params = hostapd.radius_params()
403 params["ssid"] = "ieee8021x-open"
404 params["ieee8021x"] = "1"
405 params['auth_server_port'] = "18129"
406 hapd = hostapd.add_ap(apdev[0], params)
407 bssid = apdev[0]['bssid']
408 addr0 = dev[0].own_addr()
411 params['ssid'] = 'as'
412 params['beacon_int'] = '2000'
413 params['radius_server_clients'] = 'auth_serv/radius_clients.conf'
414 params['radius_server_auth_port'] = '18129'
415 params['eap_server'] = '1'
416 params['eap_user_file'] = 'auth_serv/eap_user.conf'
417 params['ca_cert'] = 'auth_serv/ca.pem'
418 params['server_cert'] = 'auth_serv/server.pem'
419 params['private_key'] = 'auth_serv/server.key'
420 hapd1 = hostapd.add_ap(apdev[1], params)
422 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
423 eap="PSK", identity="psk.user@example.com",
424 password_hex="0123456789abcdef0123456789abcdef",
427 if "OK" not in hapd.request("EAPOL_SET %s serverTimeout 1" % addr0):
428 raise Exception("Failed to set serverTimeout")
429 hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
430 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
433 mib = hapd.get_sta(addr0, info="eapol")
434 val = int(mib['aWhile'])
439 raise Exception("aWhile did not increase")
443 mib = hapd.get_sta(addr0, info="eapol")
444 val = int(mib['aWhile'])
448 ev = hapd.wait_event(["CTRL-EVENT-EAP-PROPOSED"], timeout=10)
450 raise Exception("Authentication restart not seen")
452 def test_ieee8021x_open_leap(dev, apdev):
453 """IEEE 802.1X connection with LEAP included in configuration"""
454 params = hostapd.radius_params()
455 params["ssid"] = "ieee8021x-open"
456 params["ieee8021x"] = "1"
457 hapd = hostapd.add_ap(apdev[0], params)
459 dev[1].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
460 eap="LEAP", identity="psk.user@example.com",
461 password_hex="0123456789abcdef0123456789abcdef",
462 scan_freq="2412", wait_connect=False)
463 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
464 eap="PSK LEAP", identity="psk.user@example.com",
465 password_hex="0123456789abcdef0123456789abcdef",
467 ev = dev[1].wait_event(["CTRL-EVENT-AUTH-REJECT"], timeout=5)
468 dev[1].request("DISCONNECT")
470 def test_ieee8021x_and_wpa_enabled(dev, apdev):
471 """IEEE 802.1X connection using dynamic WEP104 when WPA enabled"""
472 skip_with_fips(dev[0])
473 params = hostapd.radius_params()
474 params["ssid"] = "ieee8021x-wep"
475 params["ieee8021x"] = "1"
476 params["wep_key_len_broadcast"] = "13"
477 params["wep_key_len_unicast"] = "13"
478 hapd = hostapd.add_ap(apdev[0], params)
480 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X WPA-EAP", eap="PSK",
481 identity="psk.user@example.com",
482 password_hex="0123456789abcdef0123456789abcdef",
484 hwsim_utils.test_connectivity(dev[0], hapd)