eapol_test.c 31 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215
  1. /*
  2. * WPA Supplicant - test code
  3. * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
  4. *
  5. * This program is free software; you can redistribute it and/or modify
  6. * it under the terms of the GNU General Public License version 2 as
  7. * published by the Free Software Foundation.
  8. *
  9. * Alternatively, this software may be distributed under the terms of BSD
  10. * license.
  11. *
  12. * See README and COPYING for more details.
  13. *
  14. * IEEE 802.1X Supplicant test code (to be used in place of wpa_supplicant.c.
  15. * Not used in production version.
  16. */
  17. #include "includes.h"
  18. #include <assert.h>
  19. #include "common.h"
  20. #include "config.h"
  21. #include "eapol_supp/eapol_supp_sm.h"
  22. #include "eap_peer/eap.h"
  23. #include "eloop.h"
  24. #include "rsn_supp/wpa.h"
  25. #include "eap_peer/eap_i.h"
  26. #include "wpa_supplicant_i.h"
  27. #include "radius/radius.h"
  28. #include "radius/radius_client.h"
  29. #include "ctrl_iface.h"
  30. #include "pcsc_funcs.h"
  31. extern int wpa_debug_level;
  32. extern int wpa_debug_show_keys;
  33. struct wpa_driver_ops *wpa_drivers[] = { NULL };
  34. struct extra_radius_attr {
  35. u8 type;
  36. char syntax;
  37. char *data;
  38. struct extra_radius_attr *next;
  39. };
  40. struct eapol_test_data {
  41. struct wpa_supplicant *wpa_s;
  42. int eapol_test_num_reauths;
  43. int no_mppe_keys;
  44. int num_mppe_ok, num_mppe_mismatch;
  45. u8 radius_identifier;
  46. struct radius_msg *last_recv_radius;
  47. struct in_addr own_ip_addr;
  48. struct radius_client_data *radius;
  49. struct hostapd_radius_servers *radius_conf;
  50. u8 *last_eap_radius; /* last received EAP Response from Authentication
  51. * Server */
  52. size_t last_eap_radius_len;
  53. u8 authenticator_pmk[PMK_LEN];
  54. size_t authenticator_pmk_len;
  55. int radius_access_accept_received;
  56. int radius_access_reject_received;
  57. int auth_timed_out;
  58. u8 *eap_identity;
  59. size_t eap_identity_len;
  60. char *connect_info;
  61. u8 own_addr[ETH_ALEN];
  62. struct extra_radius_attr *extra_attrs;
  63. };
  64. static struct eapol_test_data eapol_test;
  65. static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx);
  66. static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
  67. int level, const char *txt, size_t len)
  68. {
  69. if (addr)
  70. wpa_printf(MSG_DEBUG, "STA " MACSTR ": %s\n",
  71. MAC2STR(addr), txt);
  72. else
  73. wpa_printf(MSG_DEBUG, "%s", txt);
  74. }
  75. static int add_extra_attr(struct radius_msg *msg,
  76. struct extra_radius_attr *attr)
  77. {
  78. size_t len;
  79. char *pos;
  80. u32 val;
  81. char buf[128];
  82. switch (attr->syntax) {
  83. case 's':
  84. os_snprintf(buf, sizeof(buf), "%s", attr->data);
  85. len = os_strlen(buf);
  86. break;
  87. case 'n':
  88. buf[0] = '\0';
  89. len = 1;
  90. break;
  91. case 'x':
  92. pos = attr->data;
  93. if (pos[0] == '0' && pos[1] == 'x')
  94. pos += 2;
  95. len = os_strlen(pos);
  96. if ((len & 1) || (len / 2) > sizeof(buf)) {
  97. printf("Invalid extra attribute hexstring\n");
  98. return -1;
  99. }
  100. len /= 2;
  101. if (hexstr2bin(pos, (u8 *) buf, len) < 0) {
  102. printf("Invalid extra attribute hexstring\n");
  103. return -1;
  104. }
  105. break;
  106. case 'd':
  107. val = htonl(atoi(attr->data));
  108. os_memcpy(buf, &val, 4);
  109. len = 4;
  110. break;
  111. default:
  112. printf("Incorrect extra attribute syntax specification\n");
  113. return -1;
  114. }
  115. if (!radius_msg_add_attr(msg, attr->type, (u8 *) buf, len)) {
  116. printf("Could not add attribute %d\n", attr->type);
  117. return -1;
  118. }
  119. return 0;
  120. }
  121. static int add_extra_attrs(struct radius_msg *msg,
  122. struct extra_radius_attr *attrs)
  123. {
  124. struct extra_radius_attr *p;
  125. for (p = attrs; p; p = p->next) {
  126. if (add_extra_attr(msg, p) < 0)
  127. return -1;
  128. }
  129. return 0;
  130. }
  131. static struct extra_radius_attr *
  132. find_extra_attr(struct extra_radius_attr *attrs, u8 type)
  133. {
  134. struct extra_radius_attr *p;
  135. for (p = attrs; p; p = p->next) {
  136. if (p->type == type)
  137. return p;
  138. }
  139. return NULL;
  140. }
  141. static void ieee802_1x_encapsulate_radius(struct eapol_test_data *e,
  142. const u8 *eap, size_t len)
  143. {
  144. struct radius_msg *msg;
  145. char buf[128];
  146. const struct eap_hdr *hdr;
  147. const u8 *pos;
  148. wpa_printf(MSG_DEBUG, "Encapsulating EAP message into a RADIUS "
  149. "packet");
  150. e->radius_identifier = radius_client_get_id(e->radius);
  151. msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST,
  152. e->radius_identifier);
  153. if (msg == NULL) {
  154. printf("Could not create net RADIUS packet\n");
  155. return;
  156. }
  157. radius_msg_make_authenticator(msg, (u8 *) e, sizeof(*e));
  158. hdr = (const struct eap_hdr *) eap;
  159. pos = (const u8 *) (hdr + 1);
  160. if (len > sizeof(*hdr) && hdr->code == EAP_CODE_RESPONSE &&
  161. pos[0] == EAP_TYPE_IDENTITY) {
  162. pos++;
  163. os_free(e->eap_identity);
  164. e->eap_identity_len = len - sizeof(*hdr) - 1;
  165. e->eap_identity = os_malloc(e->eap_identity_len);
  166. if (e->eap_identity) {
  167. os_memcpy(e->eap_identity, pos, e->eap_identity_len);
  168. wpa_hexdump(MSG_DEBUG, "Learned identity from "
  169. "EAP-Response-Identity",
  170. e->eap_identity, e->eap_identity_len);
  171. }
  172. }
  173. if (e->eap_identity &&
  174. !radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME,
  175. e->eap_identity, e->eap_identity_len)) {
  176. printf("Could not add User-Name\n");
  177. goto fail;
  178. }
  179. if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_IP_ADDRESS) &&
  180. !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
  181. (u8 *) &e->own_ip_addr, 4)) {
  182. printf("Could not add NAS-IP-Address\n");
  183. goto fail;
  184. }
  185. os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
  186. MAC2STR(e->wpa_s->own_addr));
  187. if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CALLING_STATION_ID)
  188. &&
  189. !radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
  190. (u8 *) buf, os_strlen(buf))) {
  191. printf("Could not add Calling-Station-Id\n");
  192. goto fail;
  193. }
  194. /* TODO: should probably check MTU from driver config; 2304 is max for
  195. * IEEE 802.11, but use 1400 to avoid problems with too large packets
  196. */
  197. if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_FRAMED_MTU) &&
  198. !radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) {
  199. printf("Could not add Framed-MTU\n");
  200. goto fail;
  201. }
  202. if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_PORT_TYPE) &&
  203. !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE,
  204. RADIUS_NAS_PORT_TYPE_IEEE_802_11)) {
  205. printf("Could not add NAS-Port-Type\n");
  206. goto fail;
  207. }
  208. os_snprintf(buf, sizeof(buf), "%s", e->connect_info);
  209. if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CONNECT_INFO) &&
  210. !radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
  211. (u8 *) buf, os_strlen(buf))) {
  212. printf("Could not add Connect-Info\n");
  213. goto fail;
  214. }
  215. if (add_extra_attrs(msg, e->extra_attrs) < 0)
  216. goto fail;
  217. if (eap && !radius_msg_add_eap(msg, eap, len)) {
  218. printf("Could not add EAP-Message\n");
  219. goto fail;
  220. }
  221. /* State attribute must be copied if and only if this packet is
  222. * Access-Request reply to the previous Access-Challenge */
  223. if (e->last_recv_radius && e->last_recv_radius->hdr->code ==
  224. RADIUS_CODE_ACCESS_CHALLENGE) {
  225. int res = radius_msg_copy_attr(msg, e->last_recv_radius,
  226. RADIUS_ATTR_STATE);
  227. if (res < 0) {
  228. printf("Could not copy State attribute from previous "
  229. "Access-Challenge\n");
  230. goto fail;
  231. }
  232. if (res > 0) {
  233. wpa_printf(MSG_DEBUG, " Copied RADIUS State "
  234. "Attribute");
  235. }
  236. }
  237. radius_client_send(e->radius, msg, RADIUS_AUTH, e->wpa_s->own_addr);
  238. return;
  239. fail:
  240. radius_msg_free(msg);
  241. os_free(msg);
  242. }
  243. static int eapol_test_eapol_send(void *ctx, int type, const u8 *buf,
  244. size_t len)
  245. {
  246. /* struct wpa_supplicant *wpa_s = ctx; */
  247. printf("WPA: eapol_test_eapol_send(type=%d len=%lu)\n",
  248. type, (unsigned long) len);
  249. if (type == IEEE802_1X_TYPE_EAP_PACKET) {
  250. wpa_hexdump(MSG_DEBUG, "TX EAP -> RADIUS", buf, len);
  251. ieee802_1x_encapsulate_radius(&eapol_test, buf, len);
  252. }
  253. return 0;
  254. }
  255. static void eapol_test_set_config_blob(void *ctx,
  256. struct wpa_config_blob *blob)
  257. {
  258. struct wpa_supplicant *wpa_s = ctx;
  259. wpa_config_set_blob(wpa_s->conf, blob);
  260. }
  261. static const struct wpa_config_blob *
  262. eapol_test_get_config_blob(void *ctx, const char *name)
  263. {
  264. struct wpa_supplicant *wpa_s = ctx;
  265. return wpa_config_get_blob(wpa_s->conf, name);
  266. }
  267. static void eapol_test_eapol_done_cb(void *ctx)
  268. {
  269. printf("WPA: EAPOL processing complete\n");
  270. }
  271. static void eapol_sm_reauth(void *eloop_ctx, void *timeout_ctx)
  272. {
  273. struct eapol_test_data *e = eloop_ctx;
  274. printf("\n\n\n\n\neapol_test: Triggering EAP reauthentication\n\n");
  275. e->radius_access_accept_received = 0;
  276. send_eap_request_identity(e->wpa_s, NULL);
  277. }
  278. static int eapol_test_compare_pmk(struct eapol_test_data *e)
  279. {
  280. u8 pmk[PMK_LEN];
  281. int ret = 1;
  282. if (eapol_sm_get_key(e->wpa_s->eapol, pmk, PMK_LEN) == 0) {
  283. wpa_hexdump(MSG_DEBUG, "PMK from EAPOL", pmk, PMK_LEN);
  284. if (os_memcmp(pmk, e->authenticator_pmk, PMK_LEN) != 0) {
  285. printf("WARNING: PMK mismatch\n");
  286. wpa_hexdump(MSG_DEBUG, "PMK from AS",
  287. e->authenticator_pmk, PMK_LEN);
  288. } else if (e->radius_access_accept_received)
  289. ret = 0;
  290. } else if (e->authenticator_pmk_len == 16 &&
  291. eapol_sm_get_key(e->wpa_s->eapol, pmk, 16) == 0) {
  292. wpa_hexdump(MSG_DEBUG, "LEAP PMK from EAPOL", pmk, 16);
  293. if (os_memcmp(pmk, e->authenticator_pmk, 16) != 0) {
  294. printf("WARNING: PMK mismatch\n");
  295. wpa_hexdump(MSG_DEBUG, "PMK from AS",
  296. e->authenticator_pmk, 16);
  297. } else if (e->radius_access_accept_received)
  298. ret = 0;
  299. } else if (e->radius_access_accept_received && e->no_mppe_keys) {
  300. /* No keying material expected */
  301. ret = 0;
  302. }
  303. if (ret && !e->no_mppe_keys)
  304. e->num_mppe_mismatch++;
  305. else if (!e->no_mppe_keys)
  306. e->num_mppe_ok++;
  307. return ret;
  308. }
  309. static void eapol_sm_cb(struct eapol_sm *eapol, int success, void *ctx)
  310. {
  311. struct eapol_test_data *e = ctx;
  312. printf("eapol_sm_cb: success=%d\n", success);
  313. e->eapol_test_num_reauths--;
  314. if (e->eapol_test_num_reauths < 0)
  315. eloop_terminate();
  316. else {
  317. eapol_test_compare_pmk(e);
  318. eloop_register_timeout(0, 100000, eapol_sm_reauth, e, NULL);
  319. }
  320. }
  321. static int test_eapol(struct eapol_test_data *e, struct wpa_supplicant *wpa_s,
  322. struct wpa_ssid *ssid)
  323. {
  324. struct eapol_config eapol_conf;
  325. struct eapol_ctx *ctx;
  326. ctx = os_zalloc(sizeof(*ctx));
  327. if (ctx == NULL) {
  328. printf("Failed to allocate EAPOL context.\n");
  329. return -1;
  330. }
  331. ctx->ctx = wpa_s;
  332. ctx->msg_ctx = wpa_s;
  333. ctx->scard_ctx = wpa_s->scard;
  334. ctx->cb = eapol_sm_cb;
  335. ctx->cb_ctx = e;
  336. ctx->eapol_send_ctx = wpa_s;
  337. ctx->preauth = 0;
  338. ctx->eapol_done_cb = eapol_test_eapol_done_cb;
  339. ctx->eapol_send = eapol_test_eapol_send;
  340. ctx->set_config_blob = eapol_test_set_config_blob;
  341. ctx->get_config_blob = eapol_test_get_config_blob;
  342. ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
  343. ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
  344. ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
  345. wpa_s->eapol = eapol_sm_init(ctx);
  346. if (wpa_s->eapol == NULL) {
  347. os_free(ctx);
  348. printf("Failed to initialize EAPOL state machines.\n");
  349. return -1;
  350. }
  351. wpa_s->current_ssid = ssid;
  352. os_memset(&eapol_conf, 0, sizeof(eapol_conf));
  353. eapol_conf.accept_802_1x_keys = 1;
  354. eapol_conf.required_keys = 0;
  355. eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
  356. eapol_conf.workaround = ssid->eap_workaround;
  357. eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
  358. eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
  359. eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
  360. /* 802.1X::portControl = Auto */
  361. eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);
  362. return 0;
  363. }
  364. static void test_eapol_clean(struct eapol_test_data *e,
  365. struct wpa_supplicant *wpa_s)
  366. {
  367. struct extra_radius_attr *p, *prev;
  368. radius_client_deinit(e->radius);
  369. os_free(e->last_eap_radius);
  370. if (e->last_recv_radius) {
  371. radius_msg_free(e->last_recv_radius);
  372. os_free(e->last_recv_radius);
  373. }
  374. os_free(e->eap_identity);
  375. e->eap_identity = NULL;
  376. eapol_sm_deinit(wpa_s->eapol);
  377. wpa_s->eapol = NULL;
  378. if (e->radius_conf && e->radius_conf->auth_server) {
  379. os_free(e->radius_conf->auth_server->shared_secret);
  380. os_free(e->radius_conf->auth_server);
  381. }
  382. os_free(e->radius_conf);
  383. e->radius_conf = NULL;
  384. scard_deinit(wpa_s->scard);
  385. if (wpa_s->ctrl_iface) {
  386. wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
  387. wpa_s->ctrl_iface = NULL;
  388. }
  389. wpa_config_free(wpa_s->conf);
  390. p = e->extra_attrs;
  391. while (p) {
  392. prev = p;
  393. p = p->next;
  394. os_free(prev);
  395. }
  396. }
  397. static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx)
  398. {
  399. struct wpa_supplicant *wpa_s = eloop_ctx;
  400. u8 buf[100], *pos;
  401. struct ieee802_1x_hdr *hdr;
  402. struct eap_hdr *eap;
  403. hdr = (struct ieee802_1x_hdr *) buf;
  404. hdr->version = EAPOL_VERSION;
  405. hdr->type = IEEE802_1X_TYPE_EAP_PACKET;
  406. hdr->length = htons(5);
  407. eap = (struct eap_hdr *) (hdr + 1);
  408. eap->code = EAP_CODE_REQUEST;
  409. eap->identifier = 0;
  410. eap->length = htons(5);
  411. pos = (u8 *) (eap + 1);
  412. *pos = EAP_TYPE_IDENTITY;
  413. printf("Sending fake EAP-Request-Identity\n");
  414. eapol_sm_rx_eapol(wpa_s->eapol, wpa_s->bssid, buf,
  415. sizeof(*hdr) + 5);
  416. }
  417. static void eapol_test_timeout(void *eloop_ctx, void *timeout_ctx)
  418. {
  419. struct eapol_test_data *e = eloop_ctx;
  420. printf("EAPOL test timed out\n");
  421. e->auth_timed_out = 1;
  422. eloop_terminate();
  423. }
  424. static char *eap_type_text(u8 type)
  425. {
  426. switch (type) {
  427. case EAP_TYPE_IDENTITY: return "Identity";
  428. case EAP_TYPE_NOTIFICATION: return "Notification";
  429. case EAP_TYPE_NAK: return "Nak";
  430. case EAP_TYPE_TLS: return "TLS";
  431. case EAP_TYPE_TTLS: return "TTLS";
  432. case EAP_TYPE_PEAP: return "PEAP";
  433. case EAP_TYPE_SIM: return "SIM";
  434. case EAP_TYPE_GTC: return "GTC";
  435. case EAP_TYPE_MD5: return "MD5";
  436. case EAP_TYPE_OTP: return "OTP";
  437. case EAP_TYPE_FAST: return "FAST";
  438. case EAP_TYPE_SAKE: return "SAKE";
  439. case EAP_TYPE_PSK: return "PSK";
  440. default: return "Unknown";
  441. }
  442. }
  443. static void ieee802_1x_decapsulate_radius(struct eapol_test_data *e)
  444. {
  445. u8 *eap;
  446. size_t len;
  447. struct eap_hdr *hdr;
  448. int eap_type = -1;
  449. char buf[64];
  450. struct radius_msg *msg;
  451. if (e->last_recv_radius == NULL)
  452. return;
  453. msg = e->last_recv_radius;
  454. eap = radius_msg_get_eap(msg, &len);
  455. if (eap == NULL) {
  456. /* draft-aboba-radius-rfc2869bis-20.txt, Chap. 2.6.3:
  457. * RADIUS server SHOULD NOT send Access-Reject/no EAP-Message
  458. * attribute */
  459. wpa_printf(MSG_DEBUG, "could not extract "
  460. "EAP-Message from RADIUS message");
  461. os_free(e->last_eap_radius);
  462. e->last_eap_radius = NULL;
  463. e->last_eap_radius_len = 0;
  464. return;
  465. }
  466. if (len < sizeof(*hdr)) {
  467. wpa_printf(MSG_DEBUG, "too short EAP packet "
  468. "received from authentication server");
  469. os_free(eap);
  470. return;
  471. }
  472. if (len > sizeof(*hdr))
  473. eap_type = eap[sizeof(*hdr)];
  474. hdr = (struct eap_hdr *) eap;
  475. switch (hdr->code) {
  476. case EAP_CODE_REQUEST:
  477. os_snprintf(buf, sizeof(buf), "EAP-Request-%s (%d)",
  478. eap_type >= 0 ? eap_type_text(eap_type) : "??",
  479. eap_type);
  480. break;
  481. case EAP_CODE_RESPONSE:
  482. os_snprintf(buf, sizeof(buf), "EAP Response-%s (%d)",
  483. eap_type >= 0 ? eap_type_text(eap_type) : "??",
  484. eap_type);
  485. break;
  486. case EAP_CODE_SUCCESS:
  487. os_strlcpy(buf, "EAP Success", sizeof(buf));
  488. /* LEAP uses EAP Success within an authentication, so must not
  489. * stop here with eloop_terminate(); */
  490. break;
  491. case EAP_CODE_FAILURE:
  492. os_strlcpy(buf, "EAP Failure", sizeof(buf));
  493. eloop_terminate();
  494. break;
  495. default:
  496. os_strlcpy(buf, "unknown EAP code", sizeof(buf));
  497. wpa_hexdump(MSG_DEBUG, "Decapsulated EAP packet", eap, len);
  498. break;
  499. }
  500. wpa_printf(MSG_DEBUG, "decapsulated EAP packet (code=%d "
  501. "id=%d len=%d) from RADIUS server: %s",
  502. hdr->code, hdr->identifier, ntohs(hdr->length), buf);
  503. /* sta->eapol_sm->be_auth.idFromServer = hdr->identifier; */
  504. os_free(e->last_eap_radius);
  505. e->last_eap_radius = eap;
  506. e->last_eap_radius_len = len;
  507. {
  508. struct ieee802_1x_hdr *dot1x;
  509. dot1x = os_malloc(sizeof(*dot1x) + len);
  510. assert(dot1x != NULL);
  511. dot1x->version = EAPOL_VERSION;
  512. dot1x->type = IEEE802_1X_TYPE_EAP_PACKET;
  513. dot1x->length = htons(len);
  514. os_memcpy((u8 *) (dot1x + 1), eap, len);
  515. eapol_sm_rx_eapol(e->wpa_s->eapol, e->wpa_s->bssid,
  516. (u8 *) dot1x, sizeof(*dot1x) + len);
  517. os_free(dot1x);
  518. }
  519. }
  520. static void ieee802_1x_get_keys(struct eapol_test_data *e,
  521. struct radius_msg *msg, struct radius_msg *req,
  522. const u8 *shared_secret,
  523. size_t shared_secret_len)
  524. {
  525. struct radius_ms_mppe_keys *keys;
  526. keys = radius_msg_get_ms_keys(msg, req, shared_secret,
  527. shared_secret_len);
  528. if (keys && keys->send == NULL && keys->recv == NULL) {
  529. os_free(keys);
  530. keys = radius_msg_get_cisco_keys(msg, req, shared_secret,
  531. shared_secret_len);
  532. }
  533. if (keys) {
  534. if (keys->send) {
  535. wpa_hexdump(MSG_DEBUG, "MS-MPPE-Send-Key (sign)",
  536. keys->send, keys->send_len);
  537. }
  538. if (keys->recv) {
  539. wpa_hexdump(MSG_DEBUG, "MS-MPPE-Recv-Key (crypt)",
  540. keys->recv, keys->recv_len);
  541. e->authenticator_pmk_len =
  542. keys->recv_len > PMK_LEN ? PMK_LEN :
  543. keys->recv_len;
  544. os_memcpy(e->authenticator_pmk, keys->recv,
  545. e->authenticator_pmk_len);
  546. if (e->authenticator_pmk_len == 16 && keys->send &&
  547. keys->send_len == 16) {
  548. /* MS-CHAP-v2 derives 16 octet keys */
  549. wpa_printf(MSG_DEBUG, "Use MS-MPPE-Send-Key "
  550. "to extend PMK to 32 octets");
  551. os_memcpy(e->authenticator_pmk +
  552. e->authenticator_pmk_len,
  553. keys->send, keys->send_len);
  554. e->authenticator_pmk_len += keys->send_len;
  555. }
  556. }
  557. os_free(keys->send);
  558. os_free(keys->recv);
  559. os_free(keys);
  560. }
  561. }
  562. /* Process the RADIUS frames from Authentication Server */
  563. static RadiusRxResult
  564. ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
  565. const u8 *shared_secret, size_t shared_secret_len,
  566. void *data)
  567. {
  568. struct eapol_test_data *e = data;
  569. /* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be
  570. * present when packet contains an EAP-Message attribute */
  571. if (msg->hdr->code == RADIUS_CODE_ACCESS_REJECT &&
  572. radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,
  573. 0) < 0 &&
  574. radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {
  575. wpa_printf(MSG_DEBUG, "Allowing RADIUS "
  576. "Access-Reject without Message-Authenticator "
  577. "since it does not include EAP-Message\n");
  578. } else if (radius_msg_verify(msg, shared_secret, shared_secret_len,
  579. req, 1)) {
  580. printf("Incoming RADIUS packet did not have correct "
  581. "Message-Authenticator - dropped\n");
  582. return RADIUS_RX_UNKNOWN;
  583. }
  584. if (msg->hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
  585. msg->hdr->code != RADIUS_CODE_ACCESS_REJECT &&
  586. msg->hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {
  587. printf("Unknown RADIUS message code\n");
  588. return RADIUS_RX_UNKNOWN;
  589. }
  590. e->radius_identifier = -1;
  591. wpa_printf(MSG_DEBUG, "RADIUS packet matching with station");
  592. if (e->last_recv_radius) {
  593. radius_msg_free(e->last_recv_radius);
  594. os_free(e->last_recv_radius);
  595. }
  596. e->last_recv_radius = msg;
  597. switch (msg->hdr->code) {
  598. case RADIUS_CODE_ACCESS_ACCEPT:
  599. e->radius_access_accept_received = 1;
  600. ieee802_1x_get_keys(e, msg, req, shared_secret,
  601. shared_secret_len);
  602. break;
  603. case RADIUS_CODE_ACCESS_REJECT:
  604. e->radius_access_reject_received = 1;
  605. break;
  606. }
  607. ieee802_1x_decapsulate_radius(e);
  608. if ((msg->hdr->code == RADIUS_CODE_ACCESS_ACCEPT &&
  609. e->eapol_test_num_reauths < 0) ||
  610. msg->hdr->code == RADIUS_CODE_ACCESS_REJECT) {
  611. eloop_terminate();
  612. }
  613. return RADIUS_RX_QUEUED;
  614. }
  615. static void wpa_init_conf(struct eapol_test_data *e,
  616. struct wpa_supplicant *wpa_s, const char *authsrv,
  617. int port, const char *secret,
  618. const char *cli_addr)
  619. {
  620. struct hostapd_radius_server *as;
  621. int res;
  622. wpa_s->bssid[5] = 1;
  623. os_memcpy(wpa_s->own_addr, e->own_addr, ETH_ALEN);
  624. e->own_ip_addr.s_addr = htonl((127 << 24) | 1);
  625. os_strlcpy(wpa_s->ifname, "test", sizeof(wpa_s->ifname));
  626. e->radius_conf = os_zalloc(sizeof(struct hostapd_radius_servers));
  627. assert(e->radius_conf != NULL);
  628. e->radius_conf->num_auth_servers = 1;
  629. as = os_zalloc(sizeof(struct hostapd_radius_server));
  630. assert(as != NULL);
  631. #if defined(CONFIG_NATIVE_WINDOWS) || defined(CONFIG_ANSI_C_EXTRA)
  632. {
  633. int a[4];
  634. u8 *pos;
  635. sscanf(authsrv, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]);
  636. pos = (u8 *) &as->addr.u.v4;
  637. *pos++ = a[0];
  638. *pos++ = a[1];
  639. *pos++ = a[2];
  640. *pos++ = a[3];
  641. }
  642. #else /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */
  643. inet_aton(authsrv, &as->addr.u.v4);
  644. #endif /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */
  645. as->addr.af = AF_INET;
  646. as->port = port;
  647. as->shared_secret = (u8 *) os_strdup(secret);
  648. as->shared_secret_len = os_strlen(secret);
  649. e->radius_conf->auth_server = as;
  650. e->radius_conf->auth_servers = as;
  651. e->radius_conf->msg_dumps = 1;
  652. if (cli_addr) {
  653. if (hostapd_parse_ip_addr(cli_addr,
  654. &e->radius_conf->client_addr) == 0)
  655. e->radius_conf->force_client_addr = 1;
  656. else {
  657. wpa_printf(MSG_ERROR, "Invalid IP address '%s'",
  658. cli_addr);
  659. assert(0);
  660. }
  661. }
  662. e->radius = radius_client_init(wpa_s, e->radius_conf);
  663. assert(e->radius != NULL);
  664. res = radius_client_register(e->radius, RADIUS_AUTH,
  665. ieee802_1x_receive_auth, e);
  666. assert(res == 0);
  667. }
  668. static int scard_test(void)
  669. {
  670. struct scard_data *scard;
  671. size_t len;
  672. char imsi[20];
  673. unsigned char _rand[16];
  674. #ifdef PCSC_FUNCS
  675. unsigned char sres[4];
  676. unsigned char kc[8];
  677. #endif /* PCSC_FUNCS */
  678. #define num_triplets 5
  679. unsigned char rand_[num_triplets][16];
  680. unsigned char sres_[num_triplets][4];
  681. unsigned char kc_[num_triplets][8];
  682. int i, res;
  683. size_t j;
  684. #define AKA_RAND_LEN 16
  685. #define AKA_AUTN_LEN 16
  686. #define AKA_AUTS_LEN 14
  687. #define RES_MAX_LEN 16
  688. #define IK_LEN 16
  689. #define CK_LEN 16
  690. unsigned char aka_rand[AKA_RAND_LEN];
  691. unsigned char aka_autn[AKA_AUTN_LEN];
  692. unsigned char aka_auts[AKA_AUTS_LEN];
  693. unsigned char aka_res[RES_MAX_LEN];
  694. size_t aka_res_len;
  695. unsigned char aka_ik[IK_LEN];
  696. unsigned char aka_ck[CK_LEN];
  697. scard = scard_init(SCARD_TRY_BOTH);
  698. if (scard == NULL)
  699. return -1;
  700. if (scard_set_pin(scard, "1234")) {
  701. wpa_printf(MSG_WARNING, "PIN validation failed");
  702. scard_deinit(scard);
  703. return -1;
  704. }
  705. len = sizeof(imsi);
  706. if (scard_get_imsi(scard, imsi, &len))
  707. goto failed;
  708. wpa_hexdump_ascii(MSG_DEBUG, "SCARD: IMSI", (u8 *) imsi, len);
  709. /* NOTE: Permanent Username: 1 | IMSI */
  710. os_memset(_rand, 0, sizeof(_rand));
  711. if (scard_gsm_auth(scard, _rand, sres, kc))
  712. goto failed;
  713. os_memset(_rand, 0xff, sizeof(_rand));
  714. if (scard_gsm_auth(scard, _rand, sres, kc))
  715. goto failed;
  716. for (i = 0; i < num_triplets; i++) {
  717. os_memset(rand_[i], i, sizeof(rand_[i]));
  718. if (scard_gsm_auth(scard, rand_[i], sres_[i], kc_[i]))
  719. goto failed;
  720. }
  721. for (i = 0; i < num_triplets; i++) {
  722. printf("1");
  723. for (j = 0; j < len; j++)
  724. printf("%c", imsi[j]);
  725. printf(",");
  726. for (j = 0; j < 16; j++)
  727. printf("%02X", rand_[i][j]);
  728. printf(",");
  729. for (j = 0; j < 4; j++)
  730. printf("%02X", sres_[i][j]);
  731. printf(",");
  732. for (j = 0; j < 8; j++)
  733. printf("%02X", kc_[i][j]);
  734. printf("\n");
  735. }
  736. wpa_printf(MSG_DEBUG, "Trying to use UMTS authentication");
  737. /* seq 39 (0x28) */
  738. os_memset(aka_rand, 0xaa, 16);
  739. os_memcpy(aka_autn, "\x86\x71\x31\xcb\xa2\xfc\x61\xdf"
  740. "\xa3\xb3\x97\x9d\x07\x32\xa2\x12", 16);
  741. res = scard_umts_auth(scard, aka_rand, aka_autn, aka_res, &aka_res_len,
  742. aka_ik, aka_ck, aka_auts);
  743. if (res == 0) {
  744. wpa_printf(MSG_DEBUG, "UMTS auth completed successfully");
  745. wpa_hexdump(MSG_DEBUG, "RES", aka_res, aka_res_len);
  746. wpa_hexdump(MSG_DEBUG, "IK", aka_ik, IK_LEN);
  747. wpa_hexdump(MSG_DEBUG, "CK", aka_ck, CK_LEN);
  748. } else if (res == -2) {
  749. wpa_printf(MSG_DEBUG, "UMTS auth resulted in synchronization "
  750. "failure");
  751. wpa_hexdump(MSG_DEBUG, "AUTS", aka_auts, AKA_AUTS_LEN);
  752. } else {
  753. wpa_printf(MSG_DEBUG, "UMTS auth failed");
  754. }
  755. failed:
  756. scard_deinit(scard);
  757. return 0;
  758. #undef num_triplets
  759. }
  760. static int scard_get_triplets(int argc, char *argv[])
  761. {
  762. struct scard_data *scard;
  763. size_t len;
  764. char imsi[20];
  765. unsigned char _rand[16];
  766. unsigned char sres[4];
  767. unsigned char kc[8];
  768. int num_triplets;
  769. int i;
  770. size_t j;
  771. if (argc < 2 || ((num_triplets = atoi(argv[1])) <= 0)) {
  772. printf("invalid parameters for sim command\n");
  773. return -1;
  774. }
  775. if (argc <= 2 || os_strcmp(argv[2], "debug") != 0) {
  776. /* disable debug output */
  777. wpa_debug_level = 99;
  778. }
  779. scard = scard_init(SCARD_GSM_SIM_ONLY);
  780. if (scard == NULL) {
  781. printf("Failed to open smartcard connection\n");
  782. return -1;
  783. }
  784. if (scard_set_pin(scard, argv[0])) {
  785. wpa_printf(MSG_WARNING, "PIN validation failed");
  786. scard_deinit(scard);
  787. return -1;
  788. }
  789. len = sizeof(imsi);
  790. if (scard_get_imsi(scard, imsi, &len)) {
  791. scard_deinit(scard);
  792. return -1;
  793. }
  794. for (i = 0; i < num_triplets; i++) {
  795. os_memset(_rand, i, sizeof(_rand));
  796. if (scard_gsm_auth(scard, _rand, sres, kc))
  797. break;
  798. /* IMSI:Kc:SRES:RAND */
  799. for (j = 0; j < len; j++)
  800. printf("%c", imsi[j]);
  801. printf(":");
  802. for (j = 0; j < 8; j++)
  803. printf("%02X", kc[j]);
  804. printf(":");
  805. for (j = 0; j < 4; j++)
  806. printf("%02X", sres[j]);
  807. printf(":");
  808. for (j = 0; j < 16; j++)
  809. printf("%02X", _rand[j]);
  810. printf("\n");
  811. }
  812. scard_deinit(scard);
  813. return 0;
  814. }
  815. static void eapol_test_terminate(int sig, void *eloop_ctx,
  816. void *signal_ctx)
  817. {
  818. struct wpa_supplicant *wpa_s = eloop_ctx;
  819. wpa_msg(wpa_s, MSG_INFO, "Signal %d received - terminating", sig);
  820. eloop_terminate();
  821. }
  822. static void usage(void)
  823. {
  824. printf("usage:\n"
  825. "eapol_test [-nWS] -c<conf> [-a<AS IP>] [-p<AS port>] "
  826. "[-s<AS secret>]\\\n"
  827. " [-r<count>] [-t<timeout>] [-C<Connect-Info>] \\\n"
  828. " [-M<client MAC address>] \\\n"
  829. " [-N<attr spec>] \\\n"
  830. " [-A<client IP>]\n"
  831. "eapol_test scard\n"
  832. "eapol_test sim <PIN> <num triplets> [debug]\n"
  833. "\n");
  834. printf("options:\n"
  835. " -c<conf> = configuration file\n"
  836. " -a<AS IP> = IP address of the authentication server, "
  837. "default 127.0.0.1\n"
  838. " -p<AS port> = UDP port of the authentication server, "
  839. "default 1812\n"
  840. " -s<AS secret> = shared secret with the authentication "
  841. "server, default 'radius'\n"
  842. " -A<client IP> = IP address of the client, default: select "
  843. "automatically\n"
  844. " -r<count> = number of re-authentications\n"
  845. " -W = wait for a control interface monitor before starting\n"
  846. " -S = save configuration after authentication\n"
  847. " -n = no MPPE keys expected\n"
  848. " -t<timeout> = sets timeout in seconds (default: 30 s)\n"
  849. " -C<Connect-Info> = RADIUS Connect-Info (default: "
  850. "CONNECT 11Mbps 802.11b)\n"
  851. " -M<client MAC address> = Set own MAC address "
  852. "(Calling-Station-Id,\n"
  853. " default: 02:00:00:00:00:01)\n"
  854. " -N<attr spec> = send arbitrary attribute specified by:\n"
  855. " attr_id:syntax:value or attr_id\n"
  856. " attr_id - number id of the attribute\n"
  857. " syntax - one of: s, d, x\n"
  858. " s = string\n"
  859. " d = integer\n"
  860. " x = octet string\n"
  861. " value - attribute value.\n"
  862. " When only attr_id is specified, NULL will be used as "
  863. "value.\n"
  864. " Multiple attributes can be specified by using the "
  865. "option several times.\n");
  866. }
  867. int main(int argc, char *argv[])
  868. {
  869. struct wpa_supplicant wpa_s;
  870. int c, ret = 1, wait_for_monitor = 0, save_config = 0;
  871. char *as_addr = "127.0.0.1";
  872. int as_port = 1812;
  873. char *as_secret = "radius";
  874. char *cli_addr = NULL;
  875. char *conf = NULL;
  876. int timeout = 30;
  877. char *pos;
  878. struct extra_radius_attr *p = NULL, *p1;
  879. if (os_program_init())
  880. return -1;
  881. hostapd_logger_register_cb(hostapd_logger_cb);
  882. os_memset(&eapol_test, 0, sizeof(eapol_test));
  883. eapol_test.connect_info = "CONNECT 11Mbps 802.11b";
  884. os_memcpy(eapol_test.own_addr, "\x02\x00\x00\x00\x00\x01", ETH_ALEN);
  885. wpa_debug_level = 0;
  886. wpa_debug_show_keys = 1;
  887. for (;;) {
  888. c = getopt(argc, argv, "a:A:c:C:M:nN:p:r:s:St:W");
  889. if (c < 0)
  890. break;
  891. switch (c) {
  892. case 'a':
  893. as_addr = optarg;
  894. break;
  895. case 'A':
  896. cli_addr = optarg;
  897. break;
  898. case 'c':
  899. conf = optarg;
  900. break;
  901. case 'C':
  902. eapol_test.connect_info = optarg;
  903. break;
  904. case 'M':
  905. if (hwaddr_aton(optarg, eapol_test.own_addr)) {
  906. usage();
  907. return -1;
  908. }
  909. break;
  910. case 'n':
  911. eapol_test.no_mppe_keys++;
  912. break;
  913. case 'p':
  914. as_port = atoi(optarg);
  915. break;
  916. case 'r':
  917. eapol_test.eapol_test_num_reauths = atoi(optarg);
  918. break;
  919. case 's':
  920. as_secret = optarg;
  921. break;
  922. case 'S':
  923. save_config++;
  924. break;
  925. case 't':
  926. timeout = atoi(optarg);
  927. break;
  928. case 'W':
  929. wait_for_monitor++;
  930. break;
  931. case 'N':
  932. p1 = os_zalloc(sizeof(p1));
  933. if (p1 == NULL)
  934. break;
  935. if (!p)
  936. eapol_test.extra_attrs = p1;
  937. else
  938. p->next = p1;
  939. p = p1;
  940. p->type = atoi(optarg);
  941. pos = os_strchr(optarg, ':');
  942. if (pos == NULL) {
  943. p->syntax = 'n';
  944. p->data = NULL;
  945. break;
  946. }
  947. pos++;
  948. if (pos[0] == '\0' || pos[1] != ':') {
  949. printf("Incorrect format of attribute "
  950. "specification\n");
  951. break;
  952. }
  953. p->syntax = pos[0];
  954. p->data = pos + 2;
  955. break;
  956. default:
  957. usage();
  958. return -1;
  959. }
  960. }
  961. if (argc > optind && os_strcmp(argv[optind], "scard") == 0) {
  962. return scard_test();
  963. }
  964. if (argc > optind && os_strcmp(argv[optind], "sim") == 0) {
  965. return scard_get_triplets(argc - optind - 1,
  966. &argv[optind + 1]);
  967. }
  968. if (conf == NULL) {
  969. usage();
  970. printf("Configuration file is required.\n");
  971. return -1;
  972. }
  973. if (eap_register_methods()) {
  974. wpa_printf(MSG_ERROR, "Failed to register EAP methods");
  975. return -1;
  976. }
  977. if (eloop_init(&wpa_s)) {
  978. wpa_printf(MSG_ERROR, "Failed to initialize event loop");
  979. return -1;
  980. }
  981. os_memset(&wpa_s, 0, sizeof(wpa_s));
  982. eapol_test.wpa_s = &wpa_s;
  983. wpa_s.conf = wpa_config_read(conf);
  984. if (wpa_s.conf == NULL) {
  985. printf("Failed to parse configuration file '%s'.\n", conf);
  986. return -1;
  987. }
  988. if (wpa_s.conf->ssid == NULL) {
  989. printf("No networks defined.\n");
  990. return -1;
  991. }
  992. wpa_init_conf(&eapol_test, &wpa_s, as_addr, as_port, as_secret,
  993. cli_addr);
  994. wpa_s.ctrl_iface = wpa_supplicant_ctrl_iface_init(&wpa_s);
  995. if (wpa_s.ctrl_iface == NULL) {
  996. printf("Failed to initialize control interface '%s'.\n"
  997. "You may have another eapol_test process already "
  998. "running or the file was\n"
  999. "left by an unclean termination of eapol_test in "
  1000. "which case you will need\n"
  1001. "to manually remove this file before starting "
  1002. "eapol_test again.\n",
  1003. wpa_s.conf->ctrl_interface);
  1004. return -1;
  1005. }
  1006. if (wpa_supplicant_scard_init(&wpa_s, wpa_s.conf->ssid))
  1007. return -1;
  1008. if (test_eapol(&eapol_test, &wpa_s, wpa_s.conf->ssid))
  1009. return -1;
  1010. if (wait_for_monitor)
  1011. wpa_supplicant_ctrl_iface_wait(wpa_s.ctrl_iface);
  1012. eloop_register_timeout(timeout, 0, eapol_test_timeout, &eapol_test,
  1013. NULL);
  1014. eloop_register_timeout(0, 0, send_eap_request_identity, &wpa_s, NULL);
  1015. eloop_register_signal_terminate(eapol_test_terminate, NULL);
  1016. eloop_register_signal_reconfig(eapol_test_terminate, NULL);
  1017. eloop_run();
  1018. eloop_cancel_timeout(eapol_test_timeout, &eapol_test, NULL);
  1019. eloop_cancel_timeout(eapol_sm_reauth, &eapol_test, NULL);
  1020. if (eapol_test_compare_pmk(&eapol_test) == 0 ||
  1021. eapol_test.no_mppe_keys)
  1022. ret = 0;
  1023. if (eapol_test.auth_timed_out)
  1024. ret = -2;
  1025. if (eapol_test.radius_access_reject_received)
  1026. ret = -3;
  1027. if (save_config)
  1028. wpa_config_write(conf, wpa_s.conf);
  1029. test_eapol_clean(&eapol_test, &wpa_s);
  1030. eap_peer_unregister_methods();
  1031. eloop_destroy();
  1032. printf("MPPE keys OK: %d mismatch: %d\n",
  1033. eapol_test.num_mppe_ok, eapol_test.num_mppe_mismatch);
  1034. if (eapol_test.num_mppe_mismatch)
  1035. ret = -4;
  1036. if (ret)
  1037. printf("FAILURE\n");
  1038. else
  1039. printf("SUCCESS\n");
  1040. os_program_deinit();
  1041. return ret;
  1042. }