2.1.26
by Kel Modderman
* New upstream release. |
1 |
/*
|
2 |
* WPA Supplicant - test code
|
|
3 |
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
|
|
4 |
*
|
|
5 |
* This program is free software; you can redistribute it and/or modify
|
|
6 |
* it under the terms of the GNU General Public License version 2 as
|
|
7 |
* published by the Free Software Foundation.
|
|
8 |
*
|
|
9 |
* Alternatively, this software may be distributed under the terms of BSD
|
|
10 |
* license.
|
|
11 |
*
|
|
12 |
* See README and COPYING for more details.
|
|
13 |
*
|
|
14 |
* IEEE 802.1X Supplicant test code (to be used in place of wpa_supplicant.c.
|
|
15 |
* Not used in production version.
|
|
16 |
*/
|
|
17 |
||
18 |
#include "includes.h" |
|
19 |
#include <assert.h> |
|
20 |
||
21 |
#include "common.h" |
|
22 |
#include "config.h" |
|
23 |
#include "eapol_supp/eapol_supp_sm.h" |
|
24 |
#include "eap_peer/eap.h" |
|
25 |
#include "eloop.h" |
|
26 |
#include "wpa.h" |
|
27 |
#include "eap_peer/eap_i.h" |
|
28 |
#include "wpa_supplicant_i.h" |
|
29 |
#include "radius/radius.h" |
|
30 |
#include "radius/radius_client.h" |
|
31 |
#include "ctrl_iface.h" |
|
32 |
#include "pcsc_funcs.h" |
|
33 |
||
34 |
||
35 |
extern int wpa_debug_level; |
|
36 |
extern int wpa_debug_show_keys; |
|
37 |
||
38 |
struct wpa_driver_ops *wpa_supplicant_drivers[] = { NULL }; |
|
39 |
||
40 |
||
41 |
struct eapol_test_data { |
|
42 |
struct wpa_supplicant *wpa_s; |
|
43 |
||
44 |
int eapol_test_num_reauths; |
|
45 |
int no_mppe_keys; |
|
46 |
int num_mppe_ok, num_mppe_mismatch; |
|
47 |
||
48 |
u8 radius_identifier; |
|
49 |
struct radius_msg *last_recv_radius; |
|
50 |
struct in_addr own_ip_addr; |
|
51 |
struct radius_client_data *radius; |
|
52 |
struct hostapd_radius_servers *radius_conf; |
|
53 |
||
54 |
u8 *last_eap_radius; /* last received EAP Response from Authentication |
|
55 |
* Server */
|
|
56 |
size_t last_eap_radius_len; |
|
57 |
||
58 |
u8 authenticator_pmk[PMK_LEN]; |
|
59 |
size_t authenticator_pmk_len; |
|
60 |
int radius_access_accept_received; |
|
61 |
int radius_access_reject_received; |
|
62 |
int auth_timed_out; |
|
63 |
||
64 |
u8 *eap_identity; |
|
65 |
size_t eap_identity_len; |
|
66 |
||
67 |
char *connect_info; |
|
68 |
u8 own_addr[ETH_ALEN]; |
|
2.1.28
by Kel Modderman, Kel Modderman, Reinhard Tartler
[ Kel Modderman ] |
69 |
int cui_flag; |
70 |
char *cui_str; |
|
2.1.26
by Kel Modderman
* New upstream release. |
71 |
};
|
72 |
||
73 |
static struct eapol_test_data eapol_test; |
|
74 |
||
75 |
||
76 |
static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx); |
|
77 |
||
78 |
||
79 |
static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module, |
|
80 |
int level, const char *txt, size_t len) |
|
81 |
{
|
|
82 |
if (addr) |
|
83 |
wpa_printf(MSG_DEBUG, "STA " MACSTR ": %s\n", |
|
84 |
MAC2STR(addr), txt); |
|
85 |
else
|
|
86 |
wpa_printf(MSG_DEBUG, "%s", txt); |
|
87 |
}
|
|
88 |
||
89 |
||
90 |
static void ieee802_1x_encapsulate_radius(struct eapol_test_data *e, |
|
91 |
const u8 *eap, size_t len) |
|
92 |
{
|
|
93 |
struct radius_msg *msg; |
|
94 |
char buf[128]; |
|
95 |
const struct eap_hdr *hdr; |
|
96 |
const u8 *pos; |
|
97 |
||
98 |
wpa_printf(MSG_DEBUG, "Encapsulating EAP message into a RADIUS " |
|
99 |
"packet"); |
|
100 |
||
101 |
e->radius_identifier = radius_client_get_id(e->radius); |
|
102 |
msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST, |
|
103 |
e->radius_identifier); |
|
104 |
if (msg == NULL) { |
|
105 |
printf("Could not create net RADIUS packet\n"); |
|
106 |
return; |
|
107 |
}
|
|
108 |
||
109 |
radius_msg_make_authenticator(msg, (u8 *) e, sizeof(*e)); |
|
110 |
||
111 |
hdr = (const struct eap_hdr *) eap; |
|
112 |
pos = (const u8 *) (hdr + 1); |
|
113 |
if (len > sizeof(*hdr) && hdr->code == EAP_CODE_RESPONSE && |
|
114 |
pos[0] == EAP_TYPE_IDENTITY) { |
|
115 |
pos++; |
|
116 |
os_free(e->eap_identity); |
|
117 |
e->eap_identity_len = len - sizeof(*hdr) - 1; |
|
118 |
e->eap_identity = os_malloc(e->eap_identity_len); |
|
119 |
if (e->eap_identity) { |
|
120 |
os_memcpy(e->eap_identity, pos, e->eap_identity_len); |
|
121 |
wpa_hexdump(MSG_DEBUG, "Learned identity from " |
|
122 |
"EAP-Response-Identity", |
|
123 |
e->eap_identity, e->eap_identity_len); |
|
124 |
}
|
|
125 |
}
|
|
126 |
||
127 |
if (e->eap_identity && |
|
128 |
!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, |
|
129 |
e->eap_identity, e->eap_identity_len)) { |
|
130 |
printf("Could not add User-Name\n"); |
|
131 |
goto fail; |
|
132 |
}
|
|
133 |
||
134 |
if (!radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS, |
|
135 |
(u8 *) &e->own_ip_addr, 4)) { |
|
136 |
printf("Could not add NAS-IP-Address\n"); |
|
137 |
goto fail; |
|
138 |
}
|
|
139 |
||
140 |
os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT, |
|
141 |
MAC2STR(e->wpa_s->own_addr)); |
|
142 |
if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID, |
|
143 |
(u8 *) buf, os_strlen(buf))) { |
|
144 |
printf("Could not add Calling-Station-Id\n"); |
|
145 |
goto fail; |
|
146 |
}
|
|
147 |
||
148 |
/* TODO: should probably check MTU from driver config; 2304 is max for
|
|
149 |
* IEEE 802.11, but use 1400 to avoid problems with too large packets
|
|
150 |
*/
|
|
151 |
if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) { |
|
152 |
printf("Could not add Framed-MTU\n"); |
|
153 |
goto fail; |
|
154 |
}
|
|
155 |
||
156 |
if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE, |
|
157 |
RADIUS_NAS_PORT_TYPE_IEEE_802_11)) { |
|
158 |
printf("Could not add NAS-Port-Type\n"); |
|
159 |
goto fail; |
|
160 |
}
|
|
161 |
||
162 |
os_snprintf(buf, sizeof(buf), "%s", e->connect_info); |
|
163 |
if (!radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO, |
|
164 |
(u8 *) buf, os_strlen(buf))) { |
|
165 |
printf("Could not add Connect-Info\n"); |
|
166 |
goto fail; |
|
167 |
}
|
|
168 |
||
2.1.28
by Kel Modderman, Kel Modderman, Reinhard Tartler
[ Kel Modderman ] |
169 |
if (e->cui_flag) { |
170 |
int l = 0; |
|
171 |
if (e->cui_flag == 1) { |
|
172 |
l = 1; |
|
173 |
buf[0] = '\0'; |
|
174 |
} else if (e->cui_flag == 2) { |
|
175 |
os_snprintf(buf, sizeof(buf), "%s", e->cui_str); |
|
176 |
l = os_strlen(buf); |
|
177 |
}
|
|
178 |
if (!radius_msg_add_attr(msg, |
|
179 |
RADIUS_ATTR_CHARGEABLE_USER_IDENTITY, |
|
180 |
(u8 *) buf, l)) { |
|
181 |
printf("Could not add Chargeable-User-Identity\n"); |
|
182 |
goto fail; |
|
183 |
}
|
|
184 |
}
|
|
185 |
||
2.1.26
by Kel Modderman
* New upstream release. |
186 |
if (eap && !radius_msg_add_eap(msg, eap, len)) { |
187 |
printf("Could not add EAP-Message\n"); |
|
188 |
goto fail; |
|
189 |
}
|
|
190 |
||
191 |
/* State attribute must be copied if and only if this packet is
|
|
192 |
* Access-Request reply to the previous Access-Challenge */
|
|
193 |
if (e->last_recv_radius && e->last_recv_radius->hdr->code == |
|
194 |
RADIUS_CODE_ACCESS_CHALLENGE) { |
|
195 |
int res = radius_msg_copy_attr(msg, e->last_recv_radius, |
|
196 |
RADIUS_ATTR_STATE); |
|
197 |
if (res < 0) { |
|
198 |
printf("Could not copy State attribute from previous " |
|
199 |
"Access-Challenge\n"); |
|
200 |
goto fail; |
|
201 |
}
|
|
202 |
if (res > 0) { |
|
203 |
wpa_printf(MSG_DEBUG, " Copied RADIUS State " |
|
204 |
"Attribute"); |
|
205 |
}
|
|
206 |
}
|
|
207 |
||
208 |
radius_client_send(e->radius, msg, RADIUS_AUTH, e->wpa_s->own_addr); |
|
209 |
return; |
|
210 |
||
211 |
fail: |
|
212 |
radius_msg_free(msg); |
|
213 |
os_free(msg); |
|
214 |
}
|
|
215 |
||
216 |
||
217 |
static int eapol_test_eapol_send(void *ctx, int type, const u8 *buf, |
|
218 |
size_t len) |
|
219 |
{
|
|
220 |
/* struct wpa_supplicant *wpa_s = ctx; */
|
|
221 |
printf("WPA: eapol_test_eapol_send(type=%d len=%lu)\n", |
|
222 |
type, (unsigned long) len); |
|
223 |
if (type == IEEE802_1X_TYPE_EAP_PACKET) { |
|
224 |
wpa_hexdump(MSG_DEBUG, "TX EAP -> RADIUS", buf, len); |
|
225 |
ieee802_1x_encapsulate_radius(&eapol_test, buf, len); |
|
226 |
}
|
|
227 |
return 0; |
|
228 |
}
|
|
229 |
||
230 |
||
231 |
static void eapol_test_set_config_blob(void *ctx, |
|
232 |
struct wpa_config_blob *blob) |
|
233 |
{
|
|
234 |
struct wpa_supplicant *wpa_s = ctx; |
|
235 |
wpa_config_set_blob(wpa_s->conf, blob); |
|
236 |
}
|
|
237 |
||
238 |
||
239 |
static const struct wpa_config_blob * |
|
240 |
eapol_test_get_config_blob(void *ctx, const char *name) |
|
241 |
{
|
|
242 |
struct wpa_supplicant *wpa_s = ctx; |
|
243 |
return wpa_config_get_blob(wpa_s->conf, name); |
|
244 |
}
|
|
245 |
||
246 |
||
247 |
static void eapol_test_eapol_done_cb(void *ctx) |
|
248 |
{
|
|
249 |
printf("WPA: EAPOL processing complete\n"); |
|
250 |
}
|
|
251 |
||
252 |
||
253 |
static void eapol_sm_reauth(void *eloop_ctx, void *timeout_ctx) |
|
254 |
{
|
|
255 |
struct eapol_test_data *e = eloop_ctx; |
|
256 |
printf("\n\n\n\n\neapol_test: Triggering EAP reauthentication\n\n"); |
|
257 |
e->radius_access_accept_received = 0; |
|
258 |
send_eap_request_identity(e->wpa_s, NULL); |
|
259 |
}
|
|
260 |
||
261 |
||
262 |
static int eapol_test_compare_pmk(struct eapol_test_data *e) |
|
263 |
{
|
|
264 |
u8 pmk[PMK_LEN]; |
|
265 |
int ret = 1; |
|
266 |
||
267 |
if (eapol_sm_get_key(e->wpa_s->eapol, pmk, PMK_LEN) == 0) { |
|
268 |
wpa_hexdump(MSG_DEBUG, "PMK from EAPOL", pmk, PMK_LEN); |
|
269 |
if (os_memcmp(pmk, e->authenticator_pmk, PMK_LEN) != 0) { |
|
270 |
printf("WARNING: PMK mismatch\n"); |
|
271 |
wpa_hexdump(MSG_DEBUG, "PMK from AS", |
|
272 |
e->authenticator_pmk, PMK_LEN); |
|
273 |
} else if (e->radius_access_accept_received) |
|
274 |
ret = 0; |
|
275 |
} else if (e->authenticator_pmk_len == 16 && |
|
276 |
eapol_sm_get_key(e->wpa_s->eapol, pmk, 16) == 0) { |
|
277 |
wpa_hexdump(MSG_DEBUG, "LEAP PMK from EAPOL", pmk, 16); |
|
278 |
if (os_memcmp(pmk, e->authenticator_pmk, 16) != 0) { |
|
279 |
printf("WARNING: PMK mismatch\n"); |
|
280 |
wpa_hexdump(MSG_DEBUG, "PMK from AS", |
|
281 |
e->authenticator_pmk, 16); |
|
282 |
} else if (e->radius_access_accept_received) |
|
283 |
ret = 0; |
|
284 |
} else if (e->radius_access_accept_received && e->no_mppe_keys) { |
|
285 |
/* No keying material expected */
|
|
286 |
ret = 0; |
|
287 |
}
|
|
288 |
||
289 |
if (ret && !e->no_mppe_keys) |
|
290 |
e->num_mppe_mismatch++; |
|
291 |
else if (!e->no_mppe_keys) |
|
292 |
e->num_mppe_ok++; |
|
293 |
||
294 |
return ret; |
|
295 |
}
|
|
296 |
||
297 |
||
298 |
static void eapol_sm_cb(struct eapol_sm *eapol, int success, void *ctx) |
|
299 |
{
|
|
300 |
struct eapol_test_data *e = ctx; |
|
301 |
printf("eapol_sm_cb: success=%d\n", success); |
|
302 |
e->eapol_test_num_reauths--; |
|
303 |
if (e->eapol_test_num_reauths < 0) |
|
304 |
eloop_terminate(); |
|
305 |
else { |
|
306 |
eapol_test_compare_pmk(e); |
|
307 |
eloop_register_timeout(0, 100000, eapol_sm_reauth, e, NULL); |
|
308 |
}
|
|
309 |
}
|
|
310 |
||
311 |
||
312 |
static int test_eapol(struct eapol_test_data *e, struct wpa_supplicant *wpa_s, |
|
313 |
struct wpa_ssid *ssid) |
|
314 |
{
|
|
315 |
struct eapol_config eapol_conf; |
|
316 |
struct eapol_ctx *ctx; |
|
317 |
||
318 |
ctx = os_zalloc(sizeof(*ctx)); |
|
319 |
if (ctx == NULL) { |
|
320 |
printf("Failed to allocate EAPOL context.\n"); |
|
321 |
return -1; |
|
322 |
}
|
|
323 |
ctx->ctx = wpa_s; |
|
324 |
ctx->msg_ctx = wpa_s; |
|
325 |
ctx->scard_ctx = wpa_s->scard; |
|
326 |
ctx->cb = eapol_sm_cb; |
|
327 |
ctx->cb_ctx = e; |
|
328 |
ctx->eapol_send_ctx = wpa_s; |
|
329 |
ctx->preauth = 0; |
|
330 |
ctx->eapol_done_cb = eapol_test_eapol_done_cb; |
|
331 |
ctx->eapol_send = eapol_test_eapol_send; |
|
332 |
ctx->set_config_blob = eapol_test_set_config_blob; |
|
333 |
ctx->get_config_blob = eapol_test_get_config_blob; |
|
334 |
#ifdef EAP_TLS_OPENSSL
|
|
335 |
ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path; |
|
336 |
ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path; |
|
337 |
ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path; |
|
338 |
#endif /* EAP_TLS_OPENSSL */ |
|
339 |
||
340 |
wpa_s->eapol = eapol_sm_init(ctx); |
|
341 |
if (wpa_s->eapol == NULL) { |
|
342 |
os_free(ctx); |
|
343 |
printf("Failed to initialize EAPOL state machines.\n"); |
|
344 |
return -1; |
|
345 |
}
|
|
346 |
||
347 |
wpa_s->current_ssid = ssid; |
|
348 |
os_memset(&eapol_conf, 0, sizeof(eapol_conf)); |
|
349 |
eapol_conf.accept_802_1x_keys = 1; |
|
350 |
eapol_conf.required_keys = 0; |
|
351 |
eapol_conf.fast_reauth = wpa_s->conf->fast_reauth; |
|
352 |
eapol_conf.workaround = ssid->eap_workaround; |
|
353 |
eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf); |
|
354 |
eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard); |
|
355 |
||
356 |
||
357 |
eapol_sm_notify_portValid(wpa_s->eapol, FALSE); |
|
358 |
/* 802.1X::portControl = Auto */
|
|
359 |
eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE); |
|
360 |
||
361 |
return 0; |
|
362 |
}
|
|
363 |
||
364 |
||
365 |
static void test_eapol_clean(struct eapol_test_data *e, |
|
366 |
struct wpa_supplicant *wpa_s) |
|
367 |
{
|
|
368 |
radius_client_deinit(e->radius); |
|
369 |
os_free(e->last_eap_radius); |
|
370 |
if (e->last_recv_radius) { |
|
371 |
radius_msg_free(e->last_recv_radius); |
|
372 |
os_free(e->last_recv_radius); |
|
373 |
}
|
|
374 |
os_free(e->eap_identity); |
|
375 |
e->eap_identity = NULL; |
|
376 |
eapol_sm_deinit(wpa_s->eapol); |
|
377 |
wpa_s->eapol = NULL; |
|
378 |
if (e->radius_conf && e->radius_conf->auth_server) { |
|
379 |
os_free(e->radius_conf->auth_server->shared_secret); |
|
380 |
os_free(e->radius_conf->auth_server); |
|
381 |
}
|
|
382 |
os_free(e->radius_conf); |
|
383 |
e->radius_conf = NULL; |
|
384 |
scard_deinit(wpa_s->scard); |
|
385 |
if (wpa_s->ctrl_iface) { |
|
386 |
wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface); |
|
387 |
wpa_s->ctrl_iface = NULL; |
|
388 |
}
|
|
389 |
wpa_config_free(wpa_s->conf); |
|
390 |
}
|
|
391 |
||
392 |
||
393 |
static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx) |
|
394 |
{
|
|
395 |
struct wpa_supplicant *wpa_s = eloop_ctx; |
|
396 |
u8 buf[100], *pos; |
|
397 |
struct ieee802_1x_hdr *hdr; |
|
398 |
struct eap_hdr *eap; |
|
399 |
||
400 |
hdr = (struct ieee802_1x_hdr *) buf; |
|
401 |
hdr->version = EAPOL_VERSION; |
|
402 |
hdr->type = IEEE802_1X_TYPE_EAP_PACKET; |
|
403 |
hdr->length = htons(5); |
|
404 |
||
405 |
eap = (struct eap_hdr *) (hdr + 1); |
|
406 |
eap->code = EAP_CODE_REQUEST; |
|
407 |
eap->identifier = 0; |
|
408 |
eap->length = htons(5); |
|
409 |
pos = (u8 *) (eap + 1); |
|
410 |
*pos = EAP_TYPE_IDENTITY; |
|
411 |
||
412 |
printf("Sending fake EAP-Request-Identity\n"); |
|
413 |
eapol_sm_rx_eapol(wpa_s->eapol, wpa_s->bssid, buf, |
|
414 |
sizeof(*hdr) + 5); |
|
415 |
}
|
|
416 |
||
417 |
||
418 |
static void eapol_test_timeout(void *eloop_ctx, void *timeout_ctx) |
|
419 |
{
|
|
420 |
struct eapol_test_data *e = eloop_ctx; |
|
421 |
printf("EAPOL test timed out\n"); |
|
422 |
e->auth_timed_out = 1; |
|
423 |
eloop_terminate(); |
|
424 |
}
|
|
425 |
||
426 |
||
427 |
static char *eap_type_text(u8 type) |
|
428 |
{
|
|
429 |
switch (type) { |
|
430 |
case EAP_TYPE_IDENTITY: return "Identity"; |
|
431 |
case EAP_TYPE_NOTIFICATION: return "Notification"; |
|
432 |
case EAP_TYPE_NAK: return "Nak"; |
|
433 |
case EAP_TYPE_TLS: return "TLS"; |
|
434 |
case EAP_TYPE_TTLS: return "TTLS"; |
|
435 |
case EAP_TYPE_PEAP: return "PEAP"; |
|
436 |
case EAP_TYPE_SIM: return "SIM"; |
|
437 |
case EAP_TYPE_GTC: return "GTC"; |
|
438 |
case EAP_TYPE_MD5: return "MD5"; |
|
439 |
case EAP_TYPE_OTP: return "OTP"; |
|
440 |
case EAP_TYPE_FAST: return "FAST"; |
|
441 |
case EAP_TYPE_SAKE: return "SAKE"; |
|
442 |
case EAP_TYPE_PSK: return "PSK"; |
|
443 |
default: return "Unknown"; |
|
444 |
}
|
|
445 |
}
|
|
446 |
||
447 |
||
448 |
static void ieee802_1x_decapsulate_radius(struct eapol_test_data *e) |
|
449 |
{
|
|
450 |
u8 *eap; |
|
451 |
size_t len; |
|
452 |
struct eap_hdr *hdr; |
|
453 |
int eap_type = -1; |
|
454 |
char buf[64]; |
|
455 |
struct radius_msg *msg; |
|
456 |
||
457 |
if (e->last_recv_radius == NULL) |
|
458 |
return; |
|
459 |
||
460 |
msg = e->last_recv_radius; |
|
461 |
||
462 |
eap = radius_msg_get_eap(msg, &len); |
|
463 |
if (eap == NULL) { |
|
464 |
/* draft-aboba-radius-rfc2869bis-20.txt, Chap. 2.6.3:
|
|
465 |
* RADIUS server SHOULD NOT send Access-Reject/no EAP-Message
|
|
466 |
* attribute */
|
|
467 |
wpa_printf(MSG_DEBUG, "could not extract " |
|
468 |
"EAP-Message from RADIUS message"); |
|
469 |
os_free(e->last_eap_radius); |
|
470 |
e->last_eap_radius = NULL; |
|
471 |
e->last_eap_radius_len = 0; |
|
472 |
return; |
|
473 |
}
|
|
474 |
||
475 |
if (len < sizeof(*hdr)) { |
|
476 |
wpa_printf(MSG_DEBUG, "too short EAP packet " |
|
477 |
"received from authentication server"); |
|
478 |
os_free(eap); |
|
479 |
return; |
|
480 |
}
|
|
481 |
||
482 |
if (len > sizeof(*hdr)) |
|
483 |
eap_type = eap[sizeof(*hdr)]; |
|
484 |
||
485 |
hdr = (struct eap_hdr *) eap; |
|
486 |
switch (hdr->code) { |
|
487 |
case EAP_CODE_REQUEST: |
|
488 |
os_snprintf(buf, sizeof(buf), "EAP-Request-%s (%d)", |
|
489 |
eap_type >= 0 ? eap_type_text(eap_type) : "??", |
|
490 |
eap_type); |
|
491 |
break; |
|
492 |
case EAP_CODE_RESPONSE: |
|
493 |
os_snprintf(buf, sizeof(buf), "EAP Response-%s (%d)", |
|
494 |
eap_type >= 0 ? eap_type_text(eap_type) : "??", |
|
495 |
eap_type); |
|
496 |
break; |
|
497 |
case EAP_CODE_SUCCESS: |
|
498 |
os_strlcpy(buf, "EAP Success", sizeof(buf)); |
|
499 |
/* LEAP uses EAP Success within an authentication, so must not
|
|
500 |
* stop here with eloop_terminate(); */
|
|
501 |
break; |
|
502 |
case EAP_CODE_FAILURE: |
|
503 |
os_strlcpy(buf, "EAP Failure", sizeof(buf)); |
|
504 |
eloop_terminate(); |
|
505 |
break; |
|
506 |
default: |
|
507 |
os_strlcpy(buf, "unknown EAP code", sizeof(buf)); |
|
508 |
wpa_hexdump(MSG_DEBUG, "Decapsulated EAP packet", eap, len); |
|
509 |
break; |
|
510 |
}
|
|
511 |
wpa_printf(MSG_DEBUG, "decapsulated EAP packet (code=%d " |
|
512 |
"id=%d len=%d) from RADIUS server: %s", |
|
513 |
hdr->code, hdr->identifier, ntohs(hdr->length), buf); |
|
514 |
||
515 |
/* sta->eapol_sm->be_auth.idFromServer = hdr->identifier; */
|
|
516 |
||
517 |
os_free(e->last_eap_radius); |
|
518 |
e->last_eap_radius = eap; |
|
519 |
e->last_eap_radius_len = len; |
|
520 |
||
521 |
{
|
|
522 |
struct ieee802_1x_hdr *dot1x; |
|
523 |
dot1x = os_malloc(sizeof(*dot1x) + len); |
|
524 |
assert(dot1x != NULL); |
|
525 |
dot1x->version = EAPOL_VERSION; |
|
526 |
dot1x->type = IEEE802_1X_TYPE_EAP_PACKET; |
|
527 |
dot1x->length = htons(len); |
|
528 |
os_memcpy((u8 *) (dot1x + 1), eap, len); |
|
529 |
eapol_sm_rx_eapol(e->wpa_s->eapol, e->wpa_s->bssid, |
|
530 |
(u8 *) dot1x, sizeof(*dot1x) + len); |
|
531 |
os_free(dot1x); |
|
532 |
}
|
|
533 |
}
|
|
534 |
||
535 |
||
536 |
static void ieee802_1x_get_keys(struct eapol_test_data *e, |
|
537 |
struct radius_msg *msg, struct radius_msg *req, |
|
538 |
u8 *shared_secret, size_t shared_secret_len) |
|
539 |
{
|
|
540 |
struct radius_ms_mppe_keys *keys; |
|
541 |
||
542 |
keys = radius_msg_get_ms_keys(msg, req, shared_secret, |
|
543 |
shared_secret_len); |
|
544 |
if (keys && keys->send == NULL && keys->recv == NULL) { |
|
545 |
os_free(keys); |
|
546 |
keys = radius_msg_get_cisco_keys(msg, req, shared_secret, |
|
547 |
shared_secret_len); |
|
548 |
}
|
|
549 |
||
550 |
if (keys) { |
|
551 |
if (keys->send) { |
|
552 |
wpa_hexdump(MSG_DEBUG, "MS-MPPE-Send-Key (sign)", |
|
553 |
keys->send, keys->send_len); |
|
554 |
}
|
|
555 |
if (keys->recv) { |
|
556 |
wpa_hexdump(MSG_DEBUG, "MS-MPPE-Recv-Key (crypt)", |
|
557 |
keys->recv, keys->recv_len); |
|
558 |
e->authenticator_pmk_len = |
|
559 |
keys->recv_len > PMK_LEN ? PMK_LEN : |
|
560 |
keys->recv_len; |
|
561 |
os_memcpy(e->authenticator_pmk, keys->recv, |
|
562 |
e->authenticator_pmk_len); |
|
563 |
}
|
|
564 |
||
565 |
os_free(keys->send); |
|
566 |
os_free(keys->recv); |
|
567 |
os_free(keys); |
|
568 |
}
|
|
569 |
}
|
|
570 |
||
571 |
||
572 |
/* Process the RADIUS frames from Authentication Server */
|
|
573 |
static RadiusRxResult |
|
574 |
ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req, |
|
575 |
u8 *shared_secret, size_t shared_secret_len, |
|
576 |
void *data) |
|
577 |
{
|
|
578 |
struct eapol_test_data *e = data; |
|
579 |
||
580 |
/* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be
|
|
581 |
* present when packet contains an EAP-Message attribute */
|
|
582 |
if (msg->hdr->code == RADIUS_CODE_ACCESS_REJECT && |
|
583 |
radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL, |
|
584 |
0) < 0 && |
|
585 |
radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) { |
|
586 |
wpa_printf(MSG_DEBUG, "Allowing RADIUS " |
|
587 |
"Access-Reject without Message-Authenticator "
|
|
588 |
"since it does not include EAP-Message\n"); |
|
589 |
} else if (radius_msg_verify(msg, shared_secret, shared_secret_len, |
|
590 |
req, 1)) { |
|
591 |
printf("Incoming RADIUS packet did not have correct " |
|
592 |
"Message-Authenticator - dropped\n"); |
|
593 |
return RADIUS_RX_UNKNOWN; |
|
594 |
}
|
|
595 |
||
596 |
if (msg->hdr->code != RADIUS_CODE_ACCESS_ACCEPT && |
|
597 |
msg->hdr->code != RADIUS_CODE_ACCESS_REJECT && |
|
598 |
msg->hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) { |
|
599 |
printf("Unknown RADIUS message code\n"); |
|
600 |
return RADIUS_RX_UNKNOWN; |
|
601 |
}
|
|
602 |
||
603 |
e->radius_identifier = -1; |
|
604 |
wpa_printf(MSG_DEBUG, "RADIUS packet matching with station"); |
|
605 |
||
606 |
if (e->last_recv_radius) { |
|
607 |
radius_msg_free(e->last_recv_radius); |
|
608 |
os_free(e->last_recv_radius); |
|
609 |
}
|
|
610 |
||
611 |
e->last_recv_radius = msg; |
|
612 |
||
613 |
switch (msg->hdr->code) { |
|
614 |
case RADIUS_CODE_ACCESS_ACCEPT: |
|
615 |
e->radius_access_accept_received = 1; |
|
616 |
ieee802_1x_get_keys(e, msg, req, shared_secret, |
|
617 |
shared_secret_len); |
|
618 |
break; |
|
619 |
case RADIUS_CODE_ACCESS_REJECT: |
|
620 |
e->radius_access_reject_received = 1; |
|
621 |
break; |
|
622 |
}
|
|
623 |
||
624 |
ieee802_1x_decapsulate_radius(e); |
|
625 |
||
626 |
if ((msg->hdr->code == RADIUS_CODE_ACCESS_ACCEPT && |
|
627 |
e->eapol_test_num_reauths < 0) || |
|
628 |
msg->hdr->code == RADIUS_CODE_ACCESS_REJECT) { |
|
629 |
eloop_terminate(); |
|
630 |
}
|
|
631 |
||
632 |
return RADIUS_RX_QUEUED; |
|
633 |
}
|
|
634 |
||
635 |
||
636 |
static void wpa_init_conf(struct eapol_test_data *e, |
|
637 |
struct wpa_supplicant *wpa_s, const char *authsrv, |
|
2.1.28
by Kel Modderman, Kel Modderman, Reinhard Tartler
[ Kel Modderman ] |
638 |
int port, const char *secret, |
639 |
const char *cli_addr) |
|
2.1.26
by Kel Modderman
* New upstream release. |
640 |
{
|
641 |
struct hostapd_radius_server *as; |
|
642 |
int res; |
|
643 |
||
644 |
wpa_s->bssid[5] = 1; |
|
645 |
os_memcpy(wpa_s->own_addr, e->own_addr, ETH_ALEN); |
|
646 |
e->own_ip_addr.s_addr = htonl((127 << 24) | 1); |
|
647 |
os_strlcpy(wpa_s->ifname, "test", sizeof(wpa_s->ifname)); |
|
648 |
||
649 |
e->radius_conf = os_zalloc(sizeof(struct hostapd_radius_servers)); |
|
650 |
assert(e->radius_conf != NULL); |
|
651 |
e->radius_conf->num_auth_servers = 1; |
|
652 |
as = os_zalloc(sizeof(struct hostapd_radius_server)); |
|
653 |
assert(as != NULL); |
|
654 |
#if defined(CONFIG_NATIVE_WINDOWS) || defined(CONFIG_ANSI_C_EXTRA)
|
|
655 |
{
|
|
656 |
int a[4]; |
|
657 |
u8 *pos; |
|
658 |
sscanf(authsrv, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]); |
|
659 |
pos = (u8 *) &as->addr.u.v4; |
|
660 |
*pos++ = a[0]; |
|
661 |
*pos++ = a[1]; |
|
662 |
*pos++ = a[2]; |
|
663 |
*pos++ = a[3]; |
|
664 |
}
|
|
665 |
#else /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */ |
|
666 |
inet_aton(authsrv, &as->addr.u.v4); |
|
667 |
#endif /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */ |
|
668 |
as->addr.af = AF_INET; |
|
669 |
as->port = port; |
|
670 |
as->shared_secret = (u8 *) os_strdup(secret); |
|
671 |
as->shared_secret_len = os_strlen(secret); |
|
672 |
e->radius_conf->auth_server = as; |
|
673 |
e->radius_conf->auth_servers = as; |
|
674 |
e->radius_conf->msg_dumps = 1; |
|
2.1.28
by Kel Modderman, Kel Modderman, Reinhard Tartler
[ Kel Modderman ] |
675 |
if (cli_addr) { |
676 |
if (hostapd_parse_ip_addr(cli_addr, |
|
677 |
&e->radius_conf->client_addr) == 0) |
|
678 |
e->radius_conf->force_client_addr = 1; |
|
679 |
else { |
|
680 |
wpa_printf(MSG_ERROR, "Invalid IP address '%s'", |
|
681 |
cli_addr); |
|
682 |
assert(0); |
|
683 |
}
|
|
684 |
}
|
|
2.1.26
by Kel Modderman
* New upstream release. |
685 |
|
686 |
e->radius = radius_client_init(wpa_s, e->radius_conf); |
|
687 |
assert(e->radius != NULL); |
|
688 |
||
689 |
res = radius_client_register(e->radius, RADIUS_AUTH, |
|
690 |
ieee802_1x_receive_auth, e); |
|
691 |
assert(res == 0); |
|
692 |
}
|
|
693 |
||
694 |
||
695 |
static int scard_test(void) |
|
696 |
{
|
|
697 |
struct scard_data *scard; |
|
698 |
size_t len; |
|
699 |
char imsi[20]; |
|
700 |
unsigned char _rand[16]; |
|
701 |
#ifdef PCSC_FUNCS
|
|
702 |
unsigned char sres[4]; |
|
703 |
unsigned char kc[8]; |
|
704 |
#endif /* PCSC_FUNCS */ |
|
705 |
#define num_triplets 5
|
|
706 |
unsigned char rand_[num_triplets][16]; |
|
707 |
unsigned char sres_[num_triplets][4]; |
|
708 |
unsigned char kc_[num_triplets][8]; |
|
709 |
int i, res; |
|
710 |
size_t j; |
|
711 |
||
712 |
#define AKA_RAND_LEN 16
|
|
713 |
#define AKA_AUTN_LEN 16
|
|
714 |
#define AKA_AUTS_LEN 14
|
|
715 |
#define RES_MAX_LEN 16
|
|
716 |
#define IK_LEN 16
|
|
717 |
#define CK_LEN 16
|
|
718 |
unsigned char aka_rand[AKA_RAND_LEN]; |
|
719 |
unsigned char aka_autn[AKA_AUTN_LEN]; |
|
720 |
unsigned char aka_auts[AKA_AUTS_LEN]; |
|
721 |
unsigned char aka_res[RES_MAX_LEN]; |
|
722 |
size_t aka_res_len; |
|
723 |
unsigned char aka_ik[IK_LEN]; |
|
724 |
unsigned char aka_ck[CK_LEN]; |
|
725 |
||
726 |
scard = scard_init(SCARD_TRY_BOTH); |
|
727 |
if (scard == NULL) |
|
728 |
return -1; |
|
729 |
if (scard_set_pin(scard, "1234")) { |
|
730 |
wpa_printf(MSG_WARNING, "PIN validation failed"); |
|
731 |
scard_deinit(scard); |
|
732 |
return -1; |
|
733 |
}
|
|
734 |
||
735 |
len = sizeof(imsi); |
|
736 |
if (scard_get_imsi(scard, imsi, &len)) |
|
737 |
goto failed; |
|
738 |
wpa_hexdump_ascii(MSG_DEBUG, "SCARD: IMSI", (u8 *) imsi, len); |
|
739 |
/* NOTE: Permanent Username: 1 | IMSI */
|
|
740 |
||
741 |
os_memset(_rand, 0, sizeof(_rand)); |
|
742 |
if (scard_gsm_auth(scard, _rand, sres, kc)) |
|
743 |
goto failed; |
|
744 |
||
745 |
os_memset(_rand, 0xff, sizeof(_rand)); |
|
746 |
if (scard_gsm_auth(scard, _rand, sres, kc)) |
|
747 |
goto failed; |
|
748 |
||
749 |
for (i = 0; i < num_triplets; i++) { |
|
750 |
os_memset(rand_[i], i, sizeof(rand_[i])); |
|
751 |
if (scard_gsm_auth(scard, rand_[i], sres_[i], kc_[i])) |
|
752 |
goto failed; |
|
753 |
}
|
|
754 |
||
755 |
for (i = 0; i < num_triplets; i++) { |
|
756 |
printf("1"); |
|
757 |
for (j = 0; j < len; j++) |
|
758 |
printf("%c", imsi[j]); |
|
759 |
printf(","); |
|
760 |
for (j = 0; j < 16; j++) |
|
761 |
printf("%02X", rand_[i][j]); |
|
762 |
printf(","); |
|
763 |
for (j = 0; j < 4; j++) |
|
764 |
printf("%02X", sres_[i][j]); |
|
765 |
printf(","); |
|
766 |
for (j = 0; j < 8; j++) |
|
767 |
printf("%02X", kc_[i][j]); |
|
768 |
printf("\n"); |
|
769 |
}
|
|
770 |
||
771 |
wpa_printf(MSG_DEBUG, "Trying to use UMTS authentication"); |
|
772 |
||
773 |
/* seq 39 (0x28) */
|
|
774 |
os_memset(aka_rand, 0xaa, 16); |
|
775 |
os_memcpy(aka_autn, "\x86\x71\x31\xcb\xa2\xfc\x61\xdf" |
|
776 |
"\xa3\xb3\x97\x9d\x07\x32\xa2\x12", 16); |
|
777 |
||
778 |
res = scard_umts_auth(scard, aka_rand, aka_autn, aka_res, &aka_res_len, |
|
779 |
aka_ik, aka_ck, aka_auts); |
|
780 |
if (res == 0) { |
|
781 |
wpa_printf(MSG_DEBUG, "UMTS auth completed successfully"); |
|
782 |
wpa_hexdump(MSG_DEBUG, "RES", aka_res, aka_res_len); |
|
783 |
wpa_hexdump(MSG_DEBUG, "IK", aka_ik, IK_LEN); |
|
784 |
wpa_hexdump(MSG_DEBUG, "CK", aka_ck, CK_LEN); |
|
785 |
} else if (res == -2) { |
|
786 |
wpa_printf(MSG_DEBUG, "UMTS auth resulted in synchronization " |
|
787 |
"failure"); |
|
788 |
wpa_hexdump(MSG_DEBUG, "AUTS", aka_auts, AKA_AUTS_LEN); |
|
789 |
} else { |
|
790 |
wpa_printf(MSG_DEBUG, "UMTS auth failed"); |
|
791 |
}
|
|
792 |
||
793 |
failed: |
|
794 |
scard_deinit(scard); |
|
795 |
||
796 |
return 0; |
|
797 |
#undef num_triplets
|
|
798 |
}
|
|
799 |
||
800 |
||
801 |
static int scard_get_triplets(int argc, char *argv[]) |
|
802 |
{
|
|
803 |
struct scard_data *scard; |
|
804 |
size_t len; |
|
805 |
char imsi[20]; |
|
806 |
unsigned char _rand[16]; |
|
807 |
unsigned char sres[4]; |
|
808 |
unsigned char kc[8]; |
|
809 |
int num_triplets; |
|
810 |
int i; |
|
811 |
size_t j; |
|
812 |
||
813 |
if (argc < 2 || ((num_triplets = atoi(argv[1])) <= 0)) { |
|
814 |
printf("invalid parameters for sim command\n"); |
|
815 |
return -1; |
|
816 |
}
|
|
817 |
||
818 |
if (argc <= 2 || os_strcmp(argv[2], "debug") != 0) { |
|
819 |
/* disable debug output */
|
|
820 |
wpa_debug_level = 99; |
|
821 |
}
|
|
822 |
||
823 |
scard = scard_init(SCARD_GSM_SIM_ONLY); |
|
824 |
if (scard == NULL) { |
|
825 |
printf("Failed to open smartcard connection\n"); |
|
826 |
return -1; |
|
827 |
}
|
|
828 |
if (scard_set_pin(scard, argv[0])) { |
|
829 |
wpa_printf(MSG_WARNING, "PIN validation failed"); |
|
830 |
scard_deinit(scard); |
|
831 |
return -1; |
|
832 |
}
|
|
833 |
||
834 |
len = sizeof(imsi); |
|
835 |
if (scard_get_imsi(scard, imsi, &len)) { |
|
836 |
scard_deinit(scard); |
|
837 |
return -1; |
|
838 |
}
|
|
839 |
||
840 |
for (i = 0; i < num_triplets; i++) { |
|
841 |
os_memset(_rand, i, sizeof(_rand)); |
|
842 |
if (scard_gsm_auth(scard, _rand, sres, kc)) |
|
843 |
break; |
|
844 |
||
845 |
/* IMSI:Kc:SRES:RAND */
|
|
846 |
for (j = 0; j < len; j++) |
|
847 |
printf("%c", imsi[j]); |
|
848 |
printf(":"); |
|
849 |
for (j = 0; j < 8; j++) |
|
850 |
printf("%02X", kc[j]); |
|
851 |
printf(":"); |
|
852 |
for (j = 0; j < 4; j++) |
|
853 |
printf("%02X", sres[j]); |
|
854 |
printf(":"); |
|
855 |
for (j = 0; j < 16; j++) |
|
856 |
printf("%02X", _rand[j]); |
|
857 |
printf("\n"); |
|
858 |
}
|
|
859 |
||
860 |
scard_deinit(scard); |
|
861 |
||
862 |
return 0; |
|
863 |
}
|
|
864 |
||
865 |
||
866 |
static void eapol_test_terminate(int sig, void *eloop_ctx, |
|
867 |
void *signal_ctx) |
|
868 |
{
|
|
869 |
struct wpa_supplicant *wpa_s = eloop_ctx; |
|
870 |
wpa_msg(wpa_s, MSG_INFO, "Signal %d received - terminating", sig); |
|
871 |
eloop_terminate(); |
|
872 |
}
|
|
873 |
||
874 |
||
875 |
static void usage(void) |
|
876 |
{
|
|
877 |
printf("usage:\n" |
|
878 |
"eapol_test [-nWS] -c<conf> [-a<AS IP>] [-p<AS port>] "
|
|
2.1.28
by Kel Modderman, Kel Modderman, Reinhard Tartler
[ Kel Modderman ] |
879 |
"[-s<AS secret>]\\\n" |
2.1.26
by Kel Modderman
* New upstream release. |
880 |
" [-r<count>] [-t<timeout>] [-C<Connect-Info>] \\\n" |
2.1.28
by Kel Modderman, Kel Modderman, Reinhard Tartler
[ Kel Modderman ] |
881 |
" [-M<client MAC address>] \\\n" |
882 |
" [-I<CUI>] [-i] [-A<client IP>]\n" |
|
2.1.26
by Kel Modderman
* New upstream release. |
883 |
"eapol_test scard\n" |
884 |
"eapol_test sim <PIN> <num triplets> [debug]\n" |
|
885 |
"\n"); |
|
886 |
printf("options:\n" |
|
887 |
" -c<conf> = configuration file\n" |
|
888 |
" -a<AS IP> = IP address of the authentication server, "
|
|
889 |
"default 127.0.0.1\n" |
|
890 |
" -p<AS port> = UDP port of the authentication server, "
|
|
891 |
"default 1812\n" |
|
892 |
" -s<AS secret> = shared secret with the authentication "
|
|
893 |
"server, default 'radius'\n" |
|
2.1.28
by Kel Modderman, Kel Modderman, Reinhard Tartler
[ Kel Modderman ] |
894 |
" -A<client IP> = IP address of the client, default: select "
|
895 |
"automatically\n" |
|
2.1.26
by Kel Modderman
* New upstream release. |
896 |
" -r<count> = number of re-authentications\n" |
897 |
" -W = wait for a control interface monitor before starting\n" |
|
898 |
" -S = save configuration after authentiation\n" |
|
899 |
" -n = no MPPE keys expected\n" |
|
900 |
" -t<timeout> = sets timeout in seconds (default: 30 s)\n" |
|
901 |
" -C<Connect-Info> = RADIUS Connect-Info (default: "
|
|
902 |
"CONNECT 11Mbps 802.11b)\n" |
|
903 |
" -M<client MAC address> = Set own MAC address "
|
|
904 |
"(Calling-Station-Id,\n" |
|
2.1.28
by Kel Modderman, Kel Modderman, Reinhard Tartler
[ Kel Modderman ] |
905 |
" default: 02:00:00:00:00:01)\n" |
906 |
" -I<CUI> = send Chargeable-User-Identity containing the "
|
|
907 |
"value of CUI\n" |
|
908 |
" -i = send NUL value in Chargeable-User-Identity\n"); |
|
2.1.26
by Kel Modderman
* New upstream release. |
909 |
}
|
910 |
||
911 |
||
912 |
int main(int argc, char *argv[]) |
|
913 |
{
|
|
914 |
struct wpa_supplicant wpa_s; |
|
915 |
int c, ret = 1, wait_for_monitor = 0, save_config = 0; |
|
916 |
char *as_addr = "127.0.0.1"; |
|
917 |
int as_port = 1812; |
|
918 |
char *as_secret = "radius"; |
|
2.1.28
by Kel Modderman, Kel Modderman, Reinhard Tartler
[ Kel Modderman ] |
919 |
char *cli_addr = NULL; |
2.1.26
by Kel Modderman
* New upstream release. |
920 |
char *conf = NULL; |
921 |
int timeout = 30; |
|
922 |
||
923 |
if (os_program_init()) |
|
924 |
return -1; |
|
925 |
||
926 |
hostapd_logger_register_cb(hostapd_logger_cb); |
|
927 |
||
928 |
os_memset(&eapol_test, 0, sizeof(eapol_test)); |
|
929 |
eapol_test.connect_info = "CONNECT 11Mbps 802.11b"; |
|
930 |
os_memcpy(eapol_test.own_addr, "\x02\x00\x00\x00\x00\x01", ETH_ALEN); |
|
931 |
||
932 |
wpa_debug_level = 0; |
|
933 |
wpa_debug_show_keys = 1; |
|
934 |
||
935 |
for (;;) { |
|
2.1.28
by Kel Modderman, Kel Modderman, Reinhard Tartler
[ Kel Modderman ] |
936 |
c = getopt(argc, argv, "a:A:c:C:iI:M:np:r:s:St:W"); |
2.1.26
by Kel Modderman
* New upstream release. |
937 |
if (c < 0) |
938 |
break; |
|
939 |
switch (c) { |
|
940 |
case 'a': |
|
941 |
as_addr = optarg; |
|
942 |
break; |
|
2.1.28
by Kel Modderman, Kel Modderman, Reinhard Tartler
[ Kel Modderman ] |
943 |
case 'A': |
944 |
cli_addr = optarg; |
|
945 |
break; |
|
2.1.26
by Kel Modderman
* New upstream release. |
946 |
case 'c': |
947 |
conf = optarg; |
|
948 |
break; |
|
949 |
case 'C': |
|
950 |
eapol_test.connect_info = optarg; |
|
951 |
break; |
|
2.1.28
by Kel Modderman, Kel Modderman, Reinhard Tartler
[ Kel Modderman ] |
952 |
case 'i': |
953 |
eapol_test.cui_flag = 1; |
|
954 |
break; |
|
955 |
case 'I': |
|
956 |
eapol_test.cui_flag = 2; |
|
957 |
eapol_test.cui_str = optarg; |
|
958 |
break; |
|
2.1.26
by Kel Modderman
* New upstream release. |
959 |
case 'M': |
960 |
if (hwaddr_aton(optarg, eapol_test.own_addr)) { |
|
961 |
usage(); |
|
962 |
return -1; |
|
963 |
}
|
|
964 |
break; |
|
965 |
case 'n': |
|
966 |
eapol_test.no_mppe_keys++; |
|
967 |
break; |
|
968 |
case 'p': |
|
969 |
as_port = atoi(optarg); |
|
970 |
break; |
|
971 |
case 'r': |
|
972 |
eapol_test.eapol_test_num_reauths = atoi(optarg); |
|
973 |
break; |
|
974 |
case 's': |
|
975 |
as_secret = optarg; |
|
976 |
break; |
|
977 |
case 'S': |
|
978 |
save_config++; |
|
979 |
break; |
|
980 |
case 't': |
|
981 |
timeout = atoi(optarg); |
|
982 |
break; |
|
983 |
case 'W': |
|
984 |
wait_for_monitor++; |
|
985 |
break; |
|
986 |
default: |
|
987 |
usage(); |
|
988 |
return -1; |
|
989 |
}
|
|
990 |
}
|
|
991 |
||
992 |
if (argc > optind && os_strcmp(argv[optind], "scard") == 0) { |
|
993 |
return scard_test(); |
|
994 |
}
|
|
995 |
||
996 |
if (argc > optind && os_strcmp(argv[optind], "sim") == 0) { |
|
997 |
return scard_get_triplets(argc - optind - 1, |
|
998 |
&argv[optind + 1]); |
|
999 |
}
|
|
1000 |
||
1001 |
if (conf == NULL) { |
|
1002 |
usage(); |
|
1003 |
printf("Configuration file is required.\n"); |
|
1004 |
return -1; |
|
1005 |
}
|
|
1006 |
||
1007 |
if (eap_peer_register_methods()) { |
|
1008 |
wpa_printf(MSG_ERROR, "Failed to register EAP methods"); |
|
1009 |
return -1; |
|
1010 |
}
|
|
1011 |
||
1012 |
if (eloop_init(&wpa_s)) { |
|
1013 |
wpa_printf(MSG_ERROR, "Failed to initialize event loop"); |
|
1014 |
return -1; |
|
1015 |
}
|
|
1016 |
||
1017 |
os_memset(&wpa_s, 0, sizeof(wpa_s)); |
|
1018 |
eapol_test.wpa_s = &wpa_s; |
|
1019 |
wpa_s.conf = wpa_config_read(conf); |
|
1020 |
if (wpa_s.conf == NULL) { |
|
1021 |
printf("Failed to parse configuration file '%s'.\n", conf); |
|
1022 |
return -1; |
|
1023 |
}
|
|
1024 |
if (wpa_s.conf->ssid == NULL) { |
|
1025 |
printf("No networks defined.\n"); |
|
1026 |
return -1; |
|
1027 |
}
|
|
1028 |
||
2.1.28
by Kel Modderman, Kel Modderman, Reinhard Tartler
[ Kel Modderman ] |
1029 |
wpa_init_conf(&eapol_test, &wpa_s, as_addr, as_port, as_secret, |
1030 |
cli_addr); |
|
2.1.26
by Kel Modderman
* New upstream release. |
1031 |
wpa_s.ctrl_iface = wpa_supplicant_ctrl_iface_init(&wpa_s); |
1032 |
if (wpa_s.ctrl_iface == NULL) { |
|
1033 |
printf("Failed to initialize control interface '%s'.\n" |
|
1034 |
"You may have another eapol_test process already "
|
|
1035 |
"running or the file was\n" |
|
1036 |
"left by an unclean termination of eapol_test in "
|
|
1037 |
"which case you will need\n" |
|
1038 |
"to manually remove this file before starting "
|
|
1039 |
"eapol_test again.\n", |
|
1040 |
wpa_s.conf->ctrl_interface); |
|
1041 |
return -1; |
|
1042 |
}
|
|
1043 |
if (wpa_supplicant_scard_init(&wpa_s, wpa_s.conf->ssid)) |
|
1044 |
return -1; |
|
1045 |
||
1046 |
if (test_eapol(&eapol_test, &wpa_s, wpa_s.conf->ssid)) |
|
1047 |
return -1; |
|
1048 |
||
1049 |
if (wait_for_monitor) |
|
1050 |
wpa_supplicant_ctrl_iface_wait(wpa_s.ctrl_iface); |
|
1051 |
||
1052 |
eloop_register_timeout(timeout, 0, eapol_test_timeout, &eapol_test, |
|
1053 |
NULL); |
|
1054 |
eloop_register_timeout(0, 0, send_eap_request_identity, &wpa_s, NULL); |
|
1055 |
eloop_register_signal_terminate(eapol_test_terminate, NULL); |
|
1056 |
eloop_register_signal_reconfig(eapol_test_terminate, NULL); |
|
1057 |
eloop_run(); |
|
1058 |
||
1059 |
eloop_cancel_timeout(eapol_test_timeout, &eapol_test, NULL); |
|
1060 |
eloop_cancel_timeout(eapol_sm_reauth, &eapol_test, NULL); |
|
1061 |
||
1062 |
if (eapol_test_compare_pmk(&eapol_test) == 0 || |
|
1063 |
eapol_test.no_mppe_keys) |
|
1064 |
ret = 0; |
|
1065 |
if (eapol_test.auth_timed_out) |
|
1066 |
ret = -2; |
|
1067 |
if (eapol_test.radius_access_reject_received) |
|
1068 |
ret = -3; |
|
1069 |
||
1070 |
if (save_config) |
|
1071 |
wpa_config_write(conf, wpa_s.conf); |
|
1072 |
||
1073 |
test_eapol_clean(&eapol_test, &wpa_s); |
|
1074 |
||
1075 |
eap_peer_unregister_methods(); |
|
1076 |
||
1077 |
eloop_destroy(); |
|
1078 |
||
1079 |
printf("MPPE keys OK: %d mismatch: %d\n", |
|
1080 |
eapol_test.num_mppe_ok, eapol_test.num_mppe_mismatch); |
|
1081 |
if (eapol_test.num_mppe_mismatch) |
|
1082 |
ret = -4; |
|
1083 |
if (ret) |
|
1084 |
printf("FAILURE\n"); |
|
1085 |
else
|
|
1086 |
printf("SUCCESS\n"); |
|
1087 |
||
1088 |
os_program_deinit(); |
|
1089 |
||
1090 |
return ret; |
|
1091 |
}
|