2 # Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
14 from utils import skip_with_fips
16 logger = logging.getLogger()
18 def test_ieee8021x_wep104(dev, apdev):
19 """IEEE 802.1X connection using dynamic WEP104"""
20 skip_with_fips(dev[0])
21 params = hostapd.radius_params()
22 params["ssid"] = "ieee8021x-wep"
23 params["ieee8021x"] = "1"
24 params["wep_key_len_broadcast"] = "13"
25 params["wep_key_len_unicast"] = "13"
26 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
28 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
29 identity="psk.user@example.com",
30 password_hex="0123456789abcdef0123456789abcdef",
32 hwsim_utils.test_connectivity(dev[0], hapd)
34 def test_ieee8021x_wep40(dev, apdev):
35 """IEEE 802.1X connection using dynamic WEP40"""
36 skip_with_fips(dev[0])
37 params = hostapd.radius_params()
38 params["ssid"] = "ieee8021x-wep"
39 params["ieee8021x"] = "1"
40 params["wep_key_len_broadcast"] = "5"
41 params["wep_key_len_unicast"] = "5"
42 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
44 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
45 identity="psk.user@example.com",
46 password_hex="0123456789abcdef0123456789abcdef",
48 hwsim_utils.test_connectivity(dev[0], hapd)
50 def test_ieee8021x_open(dev, apdev):
51 """IEEE 802.1X connection using open network"""
52 params = hostapd.radius_params()
53 params["ssid"] = "ieee8021x-open"
54 params["ieee8021x"] = "1"
55 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
57 id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
58 eap="PSK", identity="psk.user@example.com",
59 password_hex="0123456789abcdef0123456789abcdef",
61 hwsim_utils.test_connectivity(dev[0], hapd)
63 logger.info("Test EAPOL-Logoff")
64 dev[0].request("LOGOFF")
65 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
67 raise Exception("Did not get disconnected")
68 if "reason=23" not in ev:
69 raise Exception("Unexpected disconnection reason")
71 dev[0].request("LOGON")
72 dev[0].connect_network(id)
73 hwsim_utils.test_connectivity(dev[0], hapd)
75 def test_ieee8021x_static_wep40(dev, apdev):
76 """IEEE 802.1X connection using static WEP40"""
77 params = hostapd.radius_params()
78 params["ssid"] = "ieee8021x-wep"
79 params["ieee8021x"] = "1"
80 params["wep_key0"] = '"hello"'
81 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
83 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
84 identity="psk.user@example.com",
85 password_hex="0123456789abcdef0123456789abcdef",
86 wep_key0='"hello"', eapol_flags="0",
88 hwsim_utils.test_connectivity(dev[0], hapd)
90 def test_ieee8021x_proto(dev, apdev):
91 """IEEE 802.1X and EAPOL supplicant protocol testing"""
92 params = hostapd.radius_params()
93 params["ssid"] = "ieee8021x-open"
94 params["ieee8021x"] = "1"
95 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
96 bssid = apdev[0]['bssid']
98 dev[1].request("SET ext_eapol_frame_io 1")
99 dev[1].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
100 eap="PSK", identity="psk.user@example.com",
101 password_hex="0123456789abcdef0123456789abcdef",
102 scan_freq="2412", wait_connect=False)
103 id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
104 eap="PSK", identity="psk.user@example.com",
105 password_hex="0123456789abcdef0123456789abcdef",
107 ev = dev[1].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
109 start = dev[0].get_mib()
113 "020000050a93000501",
114 "020300050a93000501",
115 "0203002c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
116 "0203002c0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
117 "0203002c0100050000000000000000000000000000000000000000000000000000000000000000000000000000000000",
118 "02aa00050a93000501" ]
120 res = dev[0].request("EAPOL_RX " + bssid + " " + frame)
122 raise Exception("EAPOL_RX to wpa_supplicant failed")
123 dev[1].request("EAPOL_RX " + bssid + " " + frame)
125 stop = dev[0].get_mib()
127 logger.info("MIB before test frames: " + str(start))
128 logger.info("MIB after test frames: " + str(stop))
130 vals = [ 'dot1xSuppInvalidEapolFramesRx',
131 'dot1xSuppEapLengthErrorFramesRx' ]
133 if int(stop[val]) <= int(start[val]):
134 raise Exception(val + " did not increase")
136 def test_ieee8021x_eapol_start(dev, apdev):
137 """IEEE 802.1X and EAPOL-Start retransmissions"""
138 params = hostapd.radius_params()
139 params["ssid"] = "ieee8021x-open"
140 params["ieee8021x"] = "1"
141 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
142 bssid = apdev[0]['bssid']
143 addr0 = dev[0].own_addr()
145 hapd.set("ext_eapol_frame_io", "1")
147 dev[0].request("SET EAPOL::startPeriod 1")
148 dev[0].request("SET EAPOL::maxStart 1")
149 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
150 eap="PSK", identity="psk.user@example.com",
151 password_hex="0123456789abcdef0123456789abcdef",
152 scan_freq="2412", wait_connect=False)
155 pae = dev[0].get_status_field('Supplicant PAE state')
157 mib = hapd.get_sta(addr0, info="eapol")
158 if mib['auth_pae_state'] != 'AUTHENTICATING':
159 raise Exception("Unexpected Auth PAE state: " + mib['auth_pae_state'])
164 raise Exception("PAE state HELD not reached")
165 dev[0].wait_disconnected()
167 dev[0].request("SET EAPOL::startPeriod 30")
168 dev[0].request("SET EAPOL::maxStart 3")
170 def test_ieee8021x_held(dev, apdev):
171 """IEEE 802.1X and HELD state"""
172 params = hostapd.radius_params()
173 params["ssid"] = "ieee8021x-open"
174 params["ieee8021x"] = "1"
175 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
176 bssid = apdev[0]['bssid']
178 hapd.set("ext_eapol_frame_io", "1")
180 dev[0].request("SET EAPOL::startPeriod 1")
181 dev[0].request("SET EAPOL::maxStart 0")
182 dev[0].request("SET EAPOL::heldPeriod 1")
183 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
184 eap="PSK", identity="psk.user@example.com",
185 password_hex="0123456789abcdef0123456789abcdef",
186 scan_freq="2412", wait_connect=False)
189 pae = dev[0].get_status_field('Supplicant PAE state')
195 raise Exception("PAE state HELD not reached")
197 hapd.set("ext_eapol_frame_io", "0")
199 pae = dev[0].get_status_field('Supplicant PAE state')
205 raise Exception("PAE state HELD not left")
206 ev = dev[0].wait_event([ "CTRL-EVENT-CONNECTED",
207 "CTRL-EVENT-DISCONNECTED" ], timeout=10)
209 raise Exception("Connection timed out")
210 if "CTRL-EVENT-DISCONNECTED" in ev:
211 raise Exception("Unexpected disconnection")
213 dev[0].request("SET EAPOL::startPeriod 30")
214 dev[0].request("SET EAPOL::maxStart 3")
215 dev[0].request("SET EAPOL::heldPeriod 60")
217 def send_eapol_key(dev, bssid, signkey, frame_start, frame_end):
218 zero_sign = "00000000000000000000000000000000"
219 frame = frame_start + zero_sign + frame_end
220 hmac_obj = hmac.new(binascii.unhexlify(signkey))
221 hmac_obj.update(binascii.unhexlify(frame))
222 sign = hmac_obj.digest()
223 frame = frame_start + binascii.hexlify(sign) + frame_end
224 dev.request("EAPOL_RX " + bssid + " " + frame)
226 def test_ieee8021x_eapol_key(dev, apdev):
227 """IEEE 802.1X connection and EAPOL-Key protocol tests"""
228 skip_with_fips(dev[0])
229 params = hostapd.radius_params()
230 params["ssid"] = "ieee8021x-wep"
231 params["ieee8021x"] = "1"
232 params["wep_key_len_broadcast"] = "5"
233 params["wep_key_len_unicast"] = "5"
234 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
235 bssid = apdev[0]['bssid']
237 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="VENDOR-TEST",
238 identity="vendor-test", scan_freq="2412")
240 # Hardcoded MSK from VENDOR-TEST
241 encrkey = "1111111111111111111111111111111111111111111111111111111111111111"
242 signkey = "2222222222222222222222222222222222222222222222222222222222222222"
244 # EAPOL-Key replay counter does not increase
245 send_eapol_key(dev[0], bssid, signkey,
246 "02030031" + "010005" + "0000000000000000" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
249 # EAPOL-Key too large Key Length field value
250 send_eapol_key(dev[0], bssid, signkey,
251 "02030031" + "010021" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
254 # EAPOL-Key too much key data
255 send_eapol_key(dev[0], bssid, signkey,
256 "0203004d" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
259 # EAPOL-Key too little key data
260 send_eapol_key(dev[0], bssid, signkey,
261 "02030030" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
264 # EAPOL-Key with no key data and too long WEP key length
265 send_eapol_key(dev[0], bssid, signkey,
266 "0203002c" + "010020" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
269 def test_ieee8021x_reauth(dev, apdev):
270 """IEEE 802.1X and EAPOL_REAUTH request"""
271 params = hostapd.radius_params()
272 params["ssid"] = "ieee8021x-open"
273 params["ieee8021x"] = "1"
274 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
276 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
277 eap="PSK", identity="psk.user@example.com",
278 password_hex="0123456789abcdef0123456789abcdef",
281 hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
282 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
284 raise Exception("EAP authentication did not start")
285 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
287 raise Exception("EAP authentication did not succeed")
289 hwsim_utils.test_connectivity(dev[0], hapd)
291 def test_ieee8021x_set_conf(dev, apdev):
292 """IEEE 802.1X and EAPOL_SET command"""
293 params = hostapd.radius_params()
294 params["ssid"] = "ieee8021x-open"
295 params["ieee8021x"] = "1"
296 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
298 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
299 eap="PSK", identity="psk.user@example.com",
300 password_hex="0123456789abcdef0123456789abcdef",
303 addr0 = dev[0].own_addr()
304 tests = [ "EAPOL_SET 1",
305 "EAPOL_SET %sfoo bar" % addr0,
306 "EAPOL_SET %s foo" % addr0,
307 "EAPOL_SET %s foo bar" % addr0,
308 "EAPOL_SET %s AdminControlledDirections bar" % addr0,
309 "EAPOL_SET %s AdminControlledPortControl bar" % addr0,
310 "EAPOL_SET %s reAuthEnabled bar" % addr0,
311 "EAPOL_SET %s KeyTransmissionEnabled bar" % addr0,
312 "EAPOL_SET 11:22:33:44:55:66 AdminControlledDirections Both" ]
314 if "FAIL" not in hapd.request(t):
315 raise Exception("Invalid EAPOL_SET command accepted: " + t)
317 tests = [ ("AdminControlledDirections", "adminControlledDirections", "In"),
318 ("AdminControlledDirections", "adminControlledDirections",
320 ("quietPeriod", "quietPeriod", "13"),
321 ("serverTimeout", "serverTimeout", "7"),
322 ("reAuthPeriod", "reAuthPeriod", "1234"),
323 ("reAuthEnabled", "reAuthEnabled", "FALSE"),
324 ("reAuthEnabled", "reAuthEnabled", "TRUE"),
325 ("KeyTransmissionEnabled", "keyTxEnabled", "TRUE"),
326 ("KeyTransmissionEnabled", "keyTxEnabled", "FALSE"),
327 ("AdminControlledPortControl", "portControl", "ForceAuthorized"),
328 ("AdminControlledPortControl", "portControl",
329 "ForceUnauthorized"),
330 ("AdminControlledPortControl", "portControl", "Auto") ]
331 for param,mibparam,val in tests:
332 if "OK" not in hapd.request("EAPOL_SET %s %s %s" % (addr0, param, val)):
333 raise Exception("Failed to set %s %s" % (param, val))
334 mib = hapd.get_sta(addr0, info="eapol")
335 if mib[mibparam] != val:
336 raise Exception("Unexpected %s value: %s (expected %s)" % (param, mib[mibparam], val))
337 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
339 raise Exception("EAP authentication did not succeed")
341 hwsim_utils.test_connectivity(dev[0], hapd)
343 def test_ieee8021x_auth_awhile(dev, apdev):
344 """IEEE 802.1X and EAPOL Authenticator aWhile handling"""
345 params = hostapd.radius_params()
346 params["ssid"] = "ieee8021x-open"
347 params["ieee8021x"] = "1"
348 params['auth_server_port'] = "18129"
349 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
350 bssid = apdev[0]['bssid']
351 addr0 = dev[0].own_addr()
354 params['ssid'] = 'as'
355 params['beacon_int'] = '2000'
356 params['radius_server_clients'] = 'auth_serv/radius_clients.conf'
357 params['radius_server_auth_port'] = '18129'
358 params['eap_server'] = '1'
359 params['eap_user_file'] = 'auth_serv/eap_user.conf'
360 params['ca_cert'] = 'auth_serv/ca.pem'
361 params['server_cert'] = 'auth_serv/server.pem'
362 params['private_key'] = 'auth_serv/server.key'
363 hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
365 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
366 eap="PSK", identity="psk.user@example.com",
367 password_hex="0123456789abcdef0123456789abcdef",
370 if "OK" not in hapd.request("EAPOL_SET %s serverTimeout 1" % addr0):
371 raise Exception("Failed to set serverTimeout")
372 hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
373 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
376 mib = hapd.get_sta(addr0, info="eapol")
377 val = int(mib['aWhile'])
382 raise Exception("aWhile did not increase")
386 mib = hapd.get_sta(addr0, info="eapol")
387 val = int(mib['aWhile'])
391 ev = hapd.wait_event(["CTRL-EVENT-EAP-PROPOSED"], timeout=10)
393 raise Exception("Authentication restart not seen")