eapol_test.c 33 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283
  1. /*
  2. * WPA Supplicant - test code
  3. * Copyright (c) 2003-2011, Jouni Malinen <j@w1.fi>
  4. *
  5. * This program is free software; you can redistribute it and/or modify
  6. * it under the terms of the GNU General Public License version 2 as
  7. * published by the Free Software Foundation.
  8. *
  9. * Alternatively, this software may be distributed under the terms of BSD
  10. * license.
  11. *
  12. * See README and COPYING for more details.
  13. *
  14. * IEEE 802.1X Supplicant test code (to be used in place of wpa_supplicant.c.
  15. * Not used in production version.
  16. */
  17. #include "includes.h"
  18. #include <assert.h>
  19. #include "common.h"
  20. #include "config.h"
  21. #include "eapol_supp/eapol_supp_sm.h"
  22. #include "eap_peer/eap.h"
  23. #include "eap_server/eap_methods.h"
  24. #include "eloop.h"
  25. #include "utils/base64.h"
  26. #include "rsn_supp/wpa.h"
  27. #include "eap_peer/eap_i.h"
  28. #include "wpa_supplicant_i.h"
  29. #include "radius/radius.h"
  30. #include "radius/radius_client.h"
  31. #include "common/wpa_ctrl.h"
  32. #include "ctrl_iface.h"
  33. #include "pcsc_funcs.h"
  34. extern int wpa_debug_level;
  35. extern int wpa_debug_show_keys;
  36. struct wpa_driver_ops *wpa_drivers[] = { NULL };
  37. struct extra_radius_attr {
  38. u8 type;
  39. char syntax;
  40. char *data;
  41. struct extra_radius_attr *next;
  42. };
  43. struct eapol_test_data {
  44. struct wpa_supplicant *wpa_s;
  45. int eapol_test_num_reauths;
  46. int no_mppe_keys;
  47. int num_mppe_ok, num_mppe_mismatch;
  48. u8 radius_identifier;
  49. struct radius_msg *last_recv_radius;
  50. struct in_addr own_ip_addr;
  51. struct radius_client_data *radius;
  52. struct hostapd_radius_servers *radius_conf;
  53. u8 *last_eap_radius; /* last received EAP Response from Authentication
  54. * Server */
  55. size_t last_eap_radius_len;
  56. u8 authenticator_pmk[PMK_LEN];
  57. size_t authenticator_pmk_len;
  58. int radius_access_accept_received;
  59. int radius_access_reject_received;
  60. int auth_timed_out;
  61. u8 *eap_identity;
  62. size_t eap_identity_len;
  63. char *connect_info;
  64. u8 own_addr[ETH_ALEN];
  65. struct extra_radius_attr *extra_attrs;
  66. FILE *server_cert_file;
  67. };
  68. static struct eapol_test_data eapol_test;
  69. static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx);
  70. static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
  71. int level, const char *txt, size_t len)
  72. {
  73. if (addr)
  74. wpa_printf(MSG_DEBUG, "STA " MACSTR ": %s\n",
  75. MAC2STR(addr), txt);
  76. else
  77. wpa_printf(MSG_DEBUG, "%s", txt);
  78. }
  79. static int add_extra_attr(struct radius_msg *msg,
  80. struct extra_radius_attr *attr)
  81. {
  82. size_t len;
  83. char *pos;
  84. u32 val;
  85. char buf[128];
  86. switch (attr->syntax) {
  87. case 's':
  88. os_snprintf(buf, sizeof(buf), "%s", attr->data);
  89. len = os_strlen(buf);
  90. break;
  91. case 'n':
  92. buf[0] = '\0';
  93. len = 1;
  94. break;
  95. case 'x':
  96. pos = attr->data;
  97. if (pos[0] == '0' && pos[1] == 'x')
  98. pos += 2;
  99. len = os_strlen(pos);
  100. if ((len & 1) || (len / 2) > sizeof(buf)) {
  101. printf("Invalid extra attribute hexstring\n");
  102. return -1;
  103. }
  104. len /= 2;
  105. if (hexstr2bin(pos, (u8 *) buf, len) < 0) {
  106. printf("Invalid extra attribute hexstring\n");
  107. return -1;
  108. }
  109. break;
  110. case 'd':
  111. val = htonl(atoi(attr->data));
  112. os_memcpy(buf, &val, 4);
  113. len = 4;
  114. break;
  115. default:
  116. printf("Incorrect extra attribute syntax specification\n");
  117. return -1;
  118. }
  119. if (!radius_msg_add_attr(msg, attr->type, (u8 *) buf, len)) {
  120. printf("Could not add attribute %d\n", attr->type);
  121. return -1;
  122. }
  123. return 0;
  124. }
  125. static int add_extra_attrs(struct radius_msg *msg,
  126. struct extra_radius_attr *attrs)
  127. {
  128. struct extra_radius_attr *p;
  129. for (p = attrs; p; p = p->next) {
  130. if (add_extra_attr(msg, p) < 0)
  131. return -1;
  132. }
  133. return 0;
  134. }
  135. static struct extra_radius_attr *
  136. find_extra_attr(struct extra_radius_attr *attrs, u8 type)
  137. {
  138. struct extra_radius_attr *p;
  139. for (p = attrs; p; p = p->next) {
  140. if (p->type == type)
  141. return p;
  142. }
  143. return NULL;
  144. }
  145. static void ieee802_1x_encapsulate_radius(struct eapol_test_data *e,
  146. const u8 *eap, size_t len)
  147. {
  148. struct radius_msg *msg;
  149. char buf[128];
  150. const struct eap_hdr *hdr;
  151. const u8 *pos;
  152. wpa_printf(MSG_DEBUG, "Encapsulating EAP message into a RADIUS "
  153. "packet");
  154. e->radius_identifier = radius_client_get_id(e->radius);
  155. msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST,
  156. e->radius_identifier);
  157. if (msg == NULL) {
  158. printf("Could not create net RADIUS packet\n");
  159. return;
  160. }
  161. radius_msg_make_authenticator(msg, (u8 *) e, sizeof(*e));
  162. hdr = (const struct eap_hdr *) eap;
  163. pos = (const u8 *) (hdr + 1);
  164. if (len > sizeof(*hdr) && hdr->code == EAP_CODE_RESPONSE &&
  165. pos[0] == EAP_TYPE_IDENTITY) {
  166. pos++;
  167. os_free(e->eap_identity);
  168. e->eap_identity_len = len - sizeof(*hdr) - 1;
  169. e->eap_identity = os_malloc(e->eap_identity_len);
  170. if (e->eap_identity) {
  171. os_memcpy(e->eap_identity, pos, e->eap_identity_len);
  172. wpa_hexdump(MSG_DEBUG, "Learned identity from "
  173. "EAP-Response-Identity",
  174. e->eap_identity, e->eap_identity_len);
  175. }
  176. }
  177. if (e->eap_identity &&
  178. !radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME,
  179. e->eap_identity, e->eap_identity_len)) {
  180. printf("Could not add User-Name\n");
  181. goto fail;
  182. }
  183. if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_IP_ADDRESS) &&
  184. !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
  185. (u8 *) &e->own_ip_addr, 4)) {
  186. printf("Could not add NAS-IP-Address\n");
  187. goto fail;
  188. }
  189. os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
  190. MAC2STR(e->wpa_s->own_addr));
  191. if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CALLING_STATION_ID)
  192. &&
  193. !radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
  194. (u8 *) buf, os_strlen(buf))) {
  195. printf("Could not add Calling-Station-Id\n");
  196. goto fail;
  197. }
  198. /* TODO: should probably check MTU from driver config; 2304 is max for
  199. * IEEE 802.11, but use 1400 to avoid problems with too large packets
  200. */
  201. if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_FRAMED_MTU) &&
  202. !radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) {
  203. printf("Could not add Framed-MTU\n");
  204. goto fail;
  205. }
  206. if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_PORT_TYPE) &&
  207. !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE,
  208. RADIUS_NAS_PORT_TYPE_IEEE_802_11)) {
  209. printf("Could not add NAS-Port-Type\n");
  210. goto fail;
  211. }
  212. os_snprintf(buf, sizeof(buf), "%s", e->connect_info);
  213. if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CONNECT_INFO) &&
  214. !radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
  215. (u8 *) buf, os_strlen(buf))) {
  216. printf("Could not add Connect-Info\n");
  217. goto fail;
  218. }
  219. if (add_extra_attrs(msg, e->extra_attrs) < 0)
  220. goto fail;
  221. if (eap && !radius_msg_add_eap(msg, eap, len)) {
  222. printf("Could not add EAP-Message\n");
  223. goto fail;
  224. }
  225. /* State attribute must be copied if and only if this packet is
  226. * Access-Request reply to the previous Access-Challenge */
  227. if (e->last_recv_radius &&
  228. radius_msg_get_hdr(e->last_recv_radius)->code ==
  229. RADIUS_CODE_ACCESS_CHALLENGE) {
  230. int res = radius_msg_copy_attr(msg, e->last_recv_radius,
  231. RADIUS_ATTR_STATE);
  232. if (res < 0) {
  233. printf("Could not copy State attribute from previous "
  234. "Access-Challenge\n");
  235. goto fail;
  236. }
  237. if (res > 0) {
  238. wpa_printf(MSG_DEBUG, " Copied RADIUS State "
  239. "Attribute");
  240. }
  241. }
  242. radius_client_send(e->radius, msg, RADIUS_AUTH, e->wpa_s->own_addr);
  243. return;
  244. fail:
  245. radius_msg_free(msg);
  246. }
  247. static int eapol_test_eapol_send(void *ctx, int type, const u8 *buf,
  248. size_t len)
  249. {
  250. printf("WPA: eapol_test_eapol_send(type=%d len=%lu)\n",
  251. type, (unsigned long) len);
  252. if (type == IEEE802_1X_TYPE_EAP_PACKET) {
  253. wpa_hexdump(MSG_DEBUG, "TX EAP -> RADIUS", buf, len);
  254. ieee802_1x_encapsulate_radius(&eapol_test, buf, len);
  255. }
  256. return 0;
  257. }
  258. static void eapol_test_set_config_blob(void *ctx,
  259. struct wpa_config_blob *blob)
  260. {
  261. struct eapol_test_data *e = ctx;
  262. wpa_config_set_blob(e->wpa_s->conf, blob);
  263. }
  264. static const struct wpa_config_blob *
  265. eapol_test_get_config_blob(void *ctx, const char *name)
  266. {
  267. struct eapol_test_data *e = ctx;
  268. return wpa_config_get_blob(e->wpa_s->conf, name);
  269. }
  270. static void eapol_test_eapol_done_cb(void *ctx)
  271. {
  272. printf("WPA: EAPOL processing complete\n");
  273. }
  274. static void eapol_sm_reauth(void *eloop_ctx, void *timeout_ctx)
  275. {
  276. struct eapol_test_data *e = eloop_ctx;
  277. printf("\n\n\n\n\neapol_test: Triggering EAP reauthentication\n\n");
  278. e->radius_access_accept_received = 0;
  279. send_eap_request_identity(e->wpa_s, NULL);
  280. }
  281. static int eapol_test_compare_pmk(struct eapol_test_data *e)
  282. {
  283. u8 pmk[PMK_LEN];
  284. int ret = 1;
  285. if (eapol_sm_get_key(e->wpa_s->eapol, pmk, PMK_LEN) == 0) {
  286. wpa_hexdump(MSG_DEBUG, "PMK from EAPOL", pmk, PMK_LEN);
  287. if (os_memcmp(pmk, e->authenticator_pmk, PMK_LEN) != 0) {
  288. printf("WARNING: PMK mismatch\n");
  289. wpa_hexdump(MSG_DEBUG, "PMK from AS",
  290. e->authenticator_pmk, PMK_LEN);
  291. } else if (e->radius_access_accept_received)
  292. ret = 0;
  293. } else if (e->authenticator_pmk_len == 16 &&
  294. eapol_sm_get_key(e->wpa_s->eapol, pmk, 16) == 0) {
  295. wpa_hexdump(MSG_DEBUG, "LEAP PMK from EAPOL", pmk, 16);
  296. if (os_memcmp(pmk, e->authenticator_pmk, 16) != 0) {
  297. printf("WARNING: PMK mismatch\n");
  298. wpa_hexdump(MSG_DEBUG, "PMK from AS",
  299. e->authenticator_pmk, 16);
  300. } else if (e->radius_access_accept_received)
  301. ret = 0;
  302. } else if (e->radius_access_accept_received && e->no_mppe_keys) {
  303. /* No keying material expected */
  304. ret = 0;
  305. }
  306. if (ret && !e->no_mppe_keys)
  307. e->num_mppe_mismatch++;
  308. else if (!e->no_mppe_keys)
  309. e->num_mppe_ok++;
  310. return ret;
  311. }
  312. static void eapol_sm_cb(struct eapol_sm *eapol, int success, void *ctx)
  313. {
  314. struct eapol_test_data *e = ctx;
  315. printf("eapol_sm_cb: success=%d\n", success);
  316. e->eapol_test_num_reauths--;
  317. if (e->eapol_test_num_reauths < 0)
  318. eloop_terminate();
  319. else {
  320. eapol_test_compare_pmk(e);
  321. eloop_register_timeout(0, 100000, eapol_sm_reauth, e, NULL);
  322. }
  323. }
  324. static void eapol_test_write_cert(FILE *f, const char *subject,
  325. const struct wpabuf *cert)
  326. {
  327. unsigned char *encoded;
  328. encoded = base64_encode(wpabuf_head(cert), wpabuf_len(cert), NULL);
  329. if (encoded == NULL)
  330. return;
  331. fprintf(f, "%s\n-----BEGIN CERTIFICATE-----\n%s"
  332. "-----END CERTIFICATE-----\n\n", subject, encoded);
  333. os_free(encoded);
  334. }
  335. static void eapol_test_cert_cb(void *ctx, int depth, const char *subject,
  336. const char *cert_hash,
  337. const struct wpabuf *cert)
  338. {
  339. struct eapol_test_data *e = ctx;
  340. wpa_msg(e->wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT
  341. "depth=%d subject='%s'%s%s",
  342. depth, subject,
  343. cert_hash ? " hash=" : "",
  344. cert_hash ? cert_hash : "");
  345. if (cert) {
  346. char *cert_hex;
  347. size_t len = wpabuf_len(cert) * 2 + 1;
  348. cert_hex = os_malloc(len);
  349. if (cert_hex) {
  350. wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert),
  351. wpabuf_len(cert));
  352. wpa_msg_ctrl(e->wpa_s, MSG_INFO,
  353. WPA_EVENT_EAP_PEER_CERT
  354. "depth=%d subject='%s' cert=%s",
  355. depth, subject, cert_hex);
  356. os_free(cert_hex);
  357. }
  358. if (e->server_cert_file)
  359. eapol_test_write_cert(e->server_cert_file,
  360. subject, cert);
  361. }
  362. }
  363. static int test_eapol(struct eapol_test_data *e, struct wpa_supplicant *wpa_s,
  364. struct wpa_ssid *ssid)
  365. {
  366. struct eapol_config eapol_conf;
  367. struct eapol_ctx *ctx;
  368. ctx = os_zalloc(sizeof(*ctx));
  369. if (ctx == NULL) {
  370. printf("Failed to allocate EAPOL context.\n");
  371. return -1;
  372. }
  373. ctx->ctx = e;
  374. ctx->msg_ctx = wpa_s;
  375. ctx->scard_ctx = wpa_s->scard;
  376. ctx->cb = eapol_sm_cb;
  377. ctx->cb_ctx = e;
  378. ctx->eapol_send_ctx = wpa_s;
  379. ctx->preauth = 0;
  380. ctx->eapol_done_cb = eapol_test_eapol_done_cb;
  381. ctx->eapol_send = eapol_test_eapol_send;
  382. ctx->set_config_blob = eapol_test_set_config_blob;
  383. ctx->get_config_blob = eapol_test_get_config_blob;
  384. ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
  385. ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
  386. ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
  387. ctx->cert_cb = eapol_test_cert_cb;
  388. ctx->cert_in_cb = 1;
  389. wpa_s->eapol = eapol_sm_init(ctx);
  390. if (wpa_s->eapol == NULL) {
  391. os_free(ctx);
  392. printf("Failed to initialize EAPOL state machines.\n");
  393. return -1;
  394. }
  395. wpa_s->current_ssid = ssid;
  396. os_memset(&eapol_conf, 0, sizeof(eapol_conf));
  397. eapol_conf.accept_802_1x_keys = 1;
  398. eapol_conf.required_keys = 0;
  399. eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
  400. eapol_conf.workaround = ssid->eap_workaround;
  401. eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
  402. eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
  403. eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
  404. /* 802.1X::portControl = Auto */
  405. eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);
  406. return 0;
  407. }
  408. static void test_eapol_clean(struct eapol_test_data *e,
  409. struct wpa_supplicant *wpa_s)
  410. {
  411. struct extra_radius_attr *p, *prev;
  412. radius_client_deinit(e->radius);
  413. os_free(e->last_eap_radius);
  414. radius_msg_free(e->last_recv_radius);
  415. e->last_recv_radius = NULL;
  416. os_free(e->eap_identity);
  417. e->eap_identity = NULL;
  418. eapol_sm_deinit(wpa_s->eapol);
  419. wpa_s->eapol = NULL;
  420. if (e->radius_conf && e->radius_conf->auth_server) {
  421. os_free(e->radius_conf->auth_server->shared_secret);
  422. os_free(e->radius_conf->auth_server);
  423. }
  424. os_free(e->radius_conf);
  425. e->radius_conf = NULL;
  426. scard_deinit(wpa_s->scard);
  427. if (wpa_s->ctrl_iface) {
  428. wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
  429. wpa_s->ctrl_iface = NULL;
  430. }
  431. wpa_config_free(wpa_s->conf);
  432. p = e->extra_attrs;
  433. while (p) {
  434. prev = p;
  435. p = p->next;
  436. os_free(prev);
  437. }
  438. }
  439. static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx)
  440. {
  441. struct wpa_supplicant *wpa_s = eloop_ctx;
  442. u8 buf[100], *pos;
  443. struct ieee802_1x_hdr *hdr;
  444. struct eap_hdr *eap;
  445. hdr = (struct ieee802_1x_hdr *) buf;
  446. hdr->version = EAPOL_VERSION;
  447. hdr->type = IEEE802_1X_TYPE_EAP_PACKET;
  448. hdr->length = htons(5);
  449. eap = (struct eap_hdr *) (hdr + 1);
  450. eap->code = EAP_CODE_REQUEST;
  451. eap->identifier = 0;
  452. eap->length = htons(5);
  453. pos = (u8 *) (eap + 1);
  454. *pos = EAP_TYPE_IDENTITY;
  455. printf("Sending fake EAP-Request-Identity\n");
  456. eapol_sm_rx_eapol(wpa_s->eapol, wpa_s->bssid, buf,
  457. sizeof(*hdr) + 5);
  458. }
  459. static void eapol_test_timeout(void *eloop_ctx, void *timeout_ctx)
  460. {
  461. struct eapol_test_data *e = eloop_ctx;
  462. printf("EAPOL test timed out\n");
  463. e->auth_timed_out = 1;
  464. eloop_terminate();
  465. }
  466. static char *eap_type_text(u8 type)
  467. {
  468. switch (type) {
  469. case EAP_TYPE_IDENTITY: return "Identity";
  470. case EAP_TYPE_NOTIFICATION: return "Notification";
  471. case EAP_TYPE_NAK: return "Nak";
  472. case EAP_TYPE_TLS: return "TLS";
  473. case EAP_TYPE_TTLS: return "TTLS";
  474. case EAP_TYPE_PEAP: return "PEAP";
  475. case EAP_TYPE_SIM: return "SIM";
  476. case EAP_TYPE_GTC: return "GTC";
  477. case EAP_TYPE_MD5: return "MD5";
  478. case EAP_TYPE_OTP: return "OTP";
  479. case EAP_TYPE_FAST: return "FAST";
  480. case EAP_TYPE_SAKE: return "SAKE";
  481. case EAP_TYPE_PSK: return "PSK";
  482. default: return "Unknown";
  483. }
  484. }
  485. static void ieee802_1x_decapsulate_radius(struct eapol_test_data *e)
  486. {
  487. u8 *eap;
  488. size_t len;
  489. struct eap_hdr *hdr;
  490. int eap_type = -1;
  491. char buf[64];
  492. struct radius_msg *msg;
  493. if (e->last_recv_radius == NULL)
  494. return;
  495. msg = e->last_recv_radius;
  496. eap = radius_msg_get_eap(msg, &len);
  497. if (eap == NULL) {
  498. /* draft-aboba-radius-rfc2869bis-20.txt, Chap. 2.6.3:
  499. * RADIUS server SHOULD NOT send Access-Reject/no EAP-Message
  500. * attribute */
  501. wpa_printf(MSG_DEBUG, "could not extract "
  502. "EAP-Message from RADIUS message");
  503. os_free(e->last_eap_radius);
  504. e->last_eap_radius = NULL;
  505. e->last_eap_radius_len = 0;
  506. return;
  507. }
  508. if (len < sizeof(*hdr)) {
  509. wpa_printf(MSG_DEBUG, "too short EAP packet "
  510. "received from authentication server");
  511. os_free(eap);
  512. return;
  513. }
  514. if (len > sizeof(*hdr))
  515. eap_type = eap[sizeof(*hdr)];
  516. hdr = (struct eap_hdr *) eap;
  517. switch (hdr->code) {
  518. case EAP_CODE_REQUEST:
  519. os_snprintf(buf, sizeof(buf), "EAP-Request-%s (%d)",
  520. eap_type >= 0 ? eap_type_text(eap_type) : "??",
  521. eap_type);
  522. break;
  523. case EAP_CODE_RESPONSE:
  524. os_snprintf(buf, sizeof(buf), "EAP Response-%s (%d)",
  525. eap_type >= 0 ? eap_type_text(eap_type) : "??",
  526. eap_type);
  527. break;
  528. case EAP_CODE_SUCCESS:
  529. os_strlcpy(buf, "EAP Success", sizeof(buf));
  530. /* LEAP uses EAP Success within an authentication, so must not
  531. * stop here with eloop_terminate(); */
  532. break;
  533. case EAP_CODE_FAILURE:
  534. os_strlcpy(buf, "EAP Failure", sizeof(buf));
  535. eloop_terminate();
  536. break;
  537. default:
  538. os_strlcpy(buf, "unknown EAP code", sizeof(buf));
  539. wpa_hexdump(MSG_DEBUG, "Decapsulated EAP packet", eap, len);
  540. break;
  541. }
  542. wpa_printf(MSG_DEBUG, "decapsulated EAP packet (code=%d "
  543. "id=%d len=%d) from RADIUS server: %s",
  544. hdr->code, hdr->identifier, ntohs(hdr->length), buf);
  545. /* sta->eapol_sm->be_auth.idFromServer = hdr->identifier; */
  546. os_free(e->last_eap_radius);
  547. e->last_eap_radius = eap;
  548. e->last_eap_radius_len = len;
  549. {
  550. struct ieee802_1x_hdr *dot1x;
  551. dot1x = os_malloc(sizeof(*dot1x) + len);
  552. assert(dot1x != NULL);
  553. dot1x->version = EAPOL_VERSION;
  554. dot1x->type = IEEE802_1X_TYPE_EAP_PACKET;
  555. dot1x->length = htons(len);
  556. os_memcpy((u8 *) (dot1x + 1), eap, len);
  557. eapol_sm_rx_eapol(e->wpa_s->eapol, e->wpa_s->bssid,
  558. (u8 *) dot1x, sizeof(*dot1x) + len);
  559. os_free(dot1x);
  560. }
  561. }
  562. static void ieee802_1x_get_keys(struct eapol_test_data *e,
  563. struct radius_msg *msg, struct radius_msg *req,
  564. const u8 *shared_secret,
  565. size_t shared_secret_len)
  566. {
  567. struct radius_ms_mppe_keys *keys;
  568. keys = radius_msg_get_ms_keys(msg, req, shared_secret,
  569. shared_secret_len);
  570. if (keys && keys->send == NULL && keys->recv == NULL) {
  571. os_free(keys);
  572. keys = radius_msg_get_cisco_keys(msg, req, shared_secret,
  573. shared_secret_len);
  574. }
  575. if (keys) {
  576. if (keys->send) {
  577. wpa_hexdump(MSG_DEBUG, "MS-MPPE-Send-Key (sign)",
  578. keys->send, keys->send_len);
  579. }
  580. if (keys->recv) {
  581. wpa_hexdump(MSG_DEBUG, "MS-MPPE-Recv-Key (crypt)",
  582. keys->recv, keys->recv_len);
  583. e->authenticator_pmk_len =
  584. keys->recv_len > PMK_LEN ? PMK_LEN :
  585. keys->recv_len;
  586. os_memcpy(e->authenticator_pmk, keys->recv,
  587. e->authenticator_pmk_len);
  588. if (e->authenticator_pmk_len == 16 && keys->send &&
  589. keys->send_len == 16) {
  590. /* MS-CHAP-v2 derives 16 octet keys */
  591. wpa_printf(MSG_DEBUG, "Use MS-MPPE-Send-Key "
  592. "to extend PMK to 32 octets");
  593. os_memcpy(e->authenticator_pmk +
  594. e->authenticator_pmk_len,
  595. keys->send, keys->send_len);
  596. e->authenticator_pmk_len += keys->send_len;
  597. }
  598. }
  599. os_free(keys->send);
  600. os_free(keys->recv);
  601. os_free(keys);
  602. }
  603. }
  604. /* Process the RADIUS frames from Authentication Server */
  605. static RadiusRxResult
  606. ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
  607. const u8 *shared_secret, size_t shared_secret_len,
  608. void *data)
  609. {
  610. struct eapol_test_data *e = data;
  611. struct radius_hdr *hdr = radius_msg_get_hdr(msg);
  612. /* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be
  613. * present when packet contains an EAP-Message attribute */
  614. if (hdr->code == RADIUS_CODE_ACCESS_REJECT &&
  615. radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,
  616. 0) < 0 &&
  617. radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {
  618. wpa_printf(MSG_DEBUG, "Allowing RADIUS "
  619. "Access-Reject without Message-Authenticator "
  620. "since it does not include EAP-Message\n");
  621. } else if (radius_msg_verify(msg, shared_secret, shared_secret_len,
  622. req, 1)) {
  623. printf("Incoming RADIUS packet did not have correct "
  624. "Message-Authenticator - dropped\n");
  625. return RADIUS_RX_UNKNOWN;
  626. }
  627. if (hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
  628. hdr->code != RADIUS_CODE_ACCESS_REJECT &&
  629. hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {
  630. printf("Unknown RADIUS message code\n");
  631. return RADIUS_RX_UNKNOWN;
  632. }
  633. e->radius_identifier = -1;
  634. wpa_printf(MSG_DEBUG, "RADIUS packet matching with station");
  635. radius_msg_free(e->last_recv_radius);
  636. e->last_recv_radius = msg;
  637. switch (hdr->code) {
  638. case RADIUS_CODE_ACCESS_ACCEPT:
  639. e->radius_access_accept_received = 1;
  640. ieee802_1x_get_keys(e, msg, req, shared_secret,
  641. shared_secret_len);
  642. break;
  643. case RADIUS_CODE_ACCESS_REJECT:
  644. e->radius_access_reject_received = 1;
  645. break;
  646. }
  647. ieee802_1x_decapsulate_radius(e);
  648. if ((hdr->code == RADIUS_CODE_ACCESS_ACCEPT &&
  649. e->eapol_test_num_reauths < 0) ||
  650. hdr->code == RADIUS_CODE_ACCESS_REJECT) {
  651. eloop_terminate();
  652. }
  653. return RADIUS_RX_QUEUED;
  654. }
  655. static void wpa_init_conf(struct eapol_test_data *e,
  656. struct wpa_supplicant *wpa_s, const char *authsrv,
  657. int port, const char *secret,
  658. const char *cli_addr)
  659. {
  660. struct hostapd_radius_server *as;
  661. int res;
  662. wpa_s->bssid[5] = 1;
  663. os_memcpy(wpa_s->own_addr, e->own_addr, ETH_ALEN);
  664. e->own_ip_addr.s_addr = htonl((127 << 24) | 1);
  665. os_strlcpy(wpa_s->ifname, "test", sizeof(wpa_s->ifname));
  666. e->radius_conf = os_zalloc(sizeof(struct hostapd_radius_servers));
  667. assert(e->radius_conf != NULL);
  668. e->radius_conf->num_auth_servers = 1;
  669. as = os_zalloc(sizeof(struct hostapd_radius_server));
  670. assert(as != NULL);
  671. #if defined(CONFIG_NATIVE_WINDOWS) || defined(CONFIG_ANSI_C_EXTRA)
  672. {
  673. int a[4];
  674. u8 *pos;
  675. sscanf(authsrv, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]);
  676. pos = (u8 *) &as->addr.u.v4;
  677. *pos++ = a[0];
  678. *pos++ = a[1];
  679. *pos++ = a[2];
  680. *pos++ = a[3];
  681. }
  682. #else /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */
  683. inet_aton(authsrv, &as->addr.u.v4);
  684. #endif /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */
  685. as->addr.af = AF_INET;
  686. as->port = port;
  687. as->shared_secret = (u8 *) os_strdup(secret);
  688. as->shared_secret_len = os_strlen(secret);
  689. e->radius_conf->auth_server = as;
  690. e->radius_conf->auth_servers = as;
  691. e->radius_conf->msg_dumps = 1;
  692. if (cli_addr) {
  693. if (hostapd_parse_ip_addr(cli_addr,
  694. &e->radius_conf->client_addr) == 0)
  695. e->radius_conf->force_client_addr = 1;
  696. else {
  697. wpa_printf(MSG_ERROR, "Invalid IP address '%s'",
  698. cli_addr);
  699. assert(0);
  700. }
  701. }
  702. e->radius = radius_client_init(wpa_s, e->radius_conf);
  703. assert(e->radius != NULL);
  704. res = radius_client_register(e->radius, RADIUS_AUTH,
  705. ieee802_1x_receive_auth, e);
  706. assert(res == 0);
  707. }
  708. static int scard_test(void)
  709. {
  710. struct scard_data *scard;
  711. size_t len;
  712. char imsi[20];
  713. unsigned char _rand[16];
  714. #ifdef PCSC_FUNCS
  715. unsigned char sres[4];
  716. unsigned char kc[8];
  717. #endif /* PCSC_FUNCS */
  718. #define num_triplets 5
  719. unsigned char rand_[num_triplets][16];
  720. unsigned char sres_[num_triplets][4];
  721. unsigned char kc_[num_triplets][8];
  722. int i, res;
  723. size_t j;
  724. #define AKA_RAND_LEN 16
  725. #define AKA_AUTN_LEN 16
  726. #define AKA_AUTS_LEN 14
  727. #define RES_MAX_LEN 16
  728. #define IK_LEN 16
  729. #define CK_LEN 16
  730. unsigned char aka_rand[AKA_RAND_LEN];
  731. unsigned char aka_autn[AKA_AUTN_LEN];
  732. unsigned char aka_auts[AKA_AUTS_LEN];
  733. unsigned char aka_res[RES_MAX_LEN];
  734. size_t aka_res_len;
  735. unsigned char aka_ik[IK_LEN];
  736. unsigned char aka_ck[CK_LEN];
  737. scard = scard_init(SCARD_TRY_BOTH);
  738. if (scard == NULL)
  739. return -1;
  740. if (scard_set_pin(scard, "1234")) {
  741. wpa_printf(MSG_WARNING, "PIN validation failed");
  742. scard_deinit(scard);
  743. return -1;
  744. }
  745. len = sizeof(imsi);
  746. if (scard_get_imsi(scard, imsi, &len))
  747. goto failed;
  748. wpa_hexdump_ascii(MSG_DEBUG, "SCARD: IMSI", (u8 *) imsi, len);
  749. /* NOTE: Permanent Username: 1 | IMSI */
  750. wpa_printf(MSG_DEBUG, "SCARD: MNC length %d",
  751. scard_get_mnc_len(scard));
  752. os_memset(_rand, 0, sizeof(_rand));
  753. if (scard_gsm_auth(scard, _rand, sres, kc))
  754. goto failed;
  755. os_memset(_rand, 0xff, sizeof(_rand));
  756. if (scard_gsm_auth(scard, _rand, sres, kc))
  757. goto failed;
  758. for (i = 0; i < num_triplets; i++) {
  759. os_memset(rand_[i], i, sizeof(rand_[i]));
  760. if (scard_gsm_auth(scard, rand_[i], sres_[i], kc_[i]))
  761. goto failed;
  762. }
  763. for (i = 0; i < num_triplets; i++) {
  764. printf("1");
  765. for (j = 0; j < len; j++)
  766. printf("%c", imsi[j]);
  767. printf(",");
  768. for (j = 0; j < 16; j++)
  769. printf("%02X", rand_[i][j]);
  770. printf(",");
  771. for (j = 0; j < 4; j++)
  772. printf("%02X", sres_[i][j]);
  773. printf(",");
  774. for (j = 0; j < 8; j++)
  775. printf("%02X", kc_[i][j]);
  776. printf("\n");
  777. }
  778. wpa_printf(MSG_DEBUG, "Trying to use UMTS authentication");
  779. /* seq 39 (0x28) */
  780. os_memset(aka_rand, 0xaa, 16);
  781. os_memcpy(aka_autn, "\x86\x71\x31\xcb\xa2\xfc\x61\xdf"
  782. "\xa3\xb3\x97\x9d\x07\x32\xa2\x12", 16);
  783. res = scard_umts_auth(scard, aka_rand, aka_autn, aka_res, &aka_res_len,
  784. aka_ik, aka_ck, aka_auts);
  785. if (res == 0) {
  786. wpa_printf(MSG_DEBUG, "UMTS auth completed successfully");
  787. wpa_hexdump(MSG_DEBUG, "RES", aka_res, aka_res_len);
  788. wpa_hexdump(MSG_DEBUG, "IK", aka_ik, IK_LEN);
  789. wpa_hexdump(MSG_DEBUG, "CK", aka_ck, CK_LEN);
  790. } else if (res == -2) {
  791. wpa_printf(MSG_DEBUG, "UMTS auth resulted in synchronization "
  792. "failure");
  793. wpa_hexdump(MSG_DEBUG, "AUTS", aka_auts, AKA_AUTS_LEN);
  794. } else {
  795. wpa_printf(MSG_DEBUG, "UMTS auth failed");
  796. }
  797. failed:
  798. scard_deinit(scard);
  799. return 0;
  800. #undef num_triplets
  801. }
  802. static int scard_get_triplets(int argc, char *argv[])
  803. {
  804. struct scard_data *scard;
  805. size_t len;
  806. char imsi[20];
  807. unsigned char _rand[16];
  808. unsigned char sres[4];
  809. unsigned char kc[8];
  810. int num_triplets;
  811. int i;
  812. size_t j;
  813. if (argc < 2 || ((num_triplets = atoi(argv[1])) <= 0)) {
  814. printf("invalid parameters for sim command\n");
  815. return -1;
  816. }
  817. if (argc <= 2 || os_strcmp(argv[2], "debug") != 0) {
  818. /* disable debug output */
  819. wpa_debug_level = 99;
  820. }
  821. scard = scard_init(SCARD_GSM_SIM_ONLY);
  822. if (scard == NULL) {
  823. printf("Failed to open smartcard connection\n");
  824. return -1;
  825. }
  826. if (scard_set_pin(scard, argv[0])) {
  827. wpa_printf(MSG_WARNING, "PIN validation failed");
  828. scard_deinit(scard);
  829. return -1;
  830. }
  831. len = sizeof(imsi);
  832. if (scard_get_imsi(scard, imsi, &len)) {
  833. scard_deinit(scard);
  834. return -1;
  835. }
  836. for (i = 0; i < num_triplets; i++) {
  837. os_memset(_rand, i, sizeof(_rand));
  838. if (scard_gsm_auth(scard, _rand, sres, kc))
  839. break;
  840. /* IMSI:Kc:SRES:RAND */
  841. for (j = 0; j < len; j++)
  842. printf("%c", imsi[j]);
  843. printf(":");
  844. for (j = 0; j < 8; j++)
  845. printf("%02X", kc[j]);
  846. printf(":");
  847. for (j = 0; j < 4; j++)
  848. printf("%02X", sres[j]);
  849. printf(":");
  850. for (j = 0; j < 16; j++)
  851. printf("%02X", _rand[j]);
  852. printf("\n");
  853. }
  854. scard_deinit(scard);
  855. return 0;
  856. }
  857. static void eapol_test_terminate(int sig, void *signal_ctx)
  858. {
  859. struct wpa_supplicant *wpa_s = signal_ctx;
  860. wpa_msg(wpa_s, MSG_INFO, "Signal %d received - terminating", sig);
  861. eloop_terminate();
  862. }
  863. static void usage(void)
  864. {
  865. printf("usage:\n"
  866. "eapol_test [-nWS] -c<conf> [-a<AS IP>] [-p<AS port>] "
  867. "[-s<AS secret>]\\\n"
  868. " [-r<count>] [-t<timeout>] [-C<Connect-Info>] \\\n"
  869. " [-M<client MAC address>] [-o<server cert file] \\\n"
  870. " [-N<attr spec>] \\\n"
  871. " [-A<client IP>]\n"
  872. "eapol_test scard\n"
  873. "eapol_test sim <PIN> <num triplets> [debug]\n"
  874. "\n");
  875. printf("options:\n"
  876. " -c<conf> = configuration file\n"
  877. " -a<AS IP> = IP address of the authentication server, "
  878. "default 127.0.0.1\n"
  879. " -p<AS port> = UDP port of the authentication server, "
  880. "default 1812\n"
  881. " -s<AS secret> = shared secret with the authentication "
  882. "server, default 'radius'\n"
  883. " -A<client IP> = IP address of the client, default: select "
  884. "automatically\n"
  885. " -r<count> = number of re-authentications\n"
  886. " -W = wait for a control interface monitor before starting\n"
  887. " -S = save configuration after authentication\n"
  888. " -n = no MPPE keys expected\n"
  889. " -t<timeout> = sets timeout in seconds (default: 30 s)\n"
  890. " -C<Connect-Info> = RADIUS Connect-Info (default: "
  891. "CONNECT 11Mbps 802.11b)\n"
  892. " -M<client MAC address> = Set own MAC address "
  893. "(Calling-Station-Id,\n"
  894. " default: 02:00:00:00:00:01)\n"
  895. " -o<server cert file> = Write received server certificate\n"
  896. " chain to the specified file\n"
  897. " -N<attr spec> = send arbitrary attribute specified by:\n"
  898. " attr_id:syntax:value or attr_id\n"
  899. " attr_id - number id of the attribute\n"
  900. " syntax - one of: s, d, x\n"
  901. " s = string\n"
  902. " d = integer\n"
  903. " x = octet string\n"
  904. " value - attribute value.\n"
  905. " When only attr_id is specified, NULL will be used as "
  906. "value.\n"
  907. " Multiple attributes can be specified by using the "
  908. "option several times.\n");
  909. }
  910. int main(int argc, char *argv[])
  911. {
  912. struct wpa_supplicant wpa_s;
  913. int c, ret = 1, wait_for_monitor = 0, save_config = 0;
  914. char *as_addr = "127.0.0.1";
  915. int as_port = 1812;
  916. char *as_secret = "radius";
  917. char *cli_addr = NULL;
  918. char *conf = NULL;
  919. int timeout = 30;
  920. char *pos;
  921. struct extra_radius_attr *p = NULL, *p1;
  922. if (os_program_init())
  923. return -1;
  924. hostapd_logger_register_cb(hostapd_logger_cb);
  925. os_memset(&eapol_test, 0, sizeof(eapol_test));
  926. eapol_test.connect_info = "CONNECT 11Mbps 802.11b";
  927. os_memcpy(eapol_test.own_addr, "\x02\x00\x00\x00\x00\x01", ETH_ALEN);
  928. wpa_debug_level = 0;
  929. wpa_debug_show_keys = 1;
  930. for (;;) {
  931. c = getopt(argc, argv, "a:A:c:C:M:nN:o:p:r:s:St:W");
  932. if (c < 0)
  933. break;
  934. switch (c) {
  935. case 'a':
  936. as_addr = optarg;
  937. break;
  938. case 'A':
  939. cli_addr = optarg;
  940. break;
  941. case 'c':
  942. conf = optarg;
  943. break;
  944. case 'C':
  945. eapol_test.connect_info = optarg;
  946. break;
  947. case 'M':
  948. if (hwaddr_aton(optarg, eapol_test.own_addr)) {
  949. usage();
  950. return -1;
  951. }
  952. break;
  953. case 'n':
  954. eapol_test.no_mppe_keys++;
  955. break;
  956. case 'o':
  957. if (eapol_test.server_cert_file)
  958. fclose(eapol_test.server_cert_file);
  959. eapol_test.server_cert_file = fopen(optarg, "w");
  960. if (eapol_test.server_cert_file == NULL) {
  961. printf("Could not open '%s' for writing\n",
  962. optarg);
  963. return -1;
  964. }
  965. break;
  966. case 'p':
  967. as_port = atoi(optarg);
  968. break;
  969. case 'r':
  970. eapol_test.eapol_test_num_reauths = atoi(optarg);
  971. break;
  972. case 's':
  973. as_secret = optarg;
  974. break;
  975. case 'S':
  976. save_config++;
  977. break;
  978. case 't':
  979. timeout = atoi(optarg);
  980. break;
  981. case 'W':
  982. wait_for_monitor++;
  983. break;
  984. case 'N':
  985. p1 = os_zalloc(sizeof(p1));
  986. if (p1 == NULL)
  987. break;
  988. if (!p)
  989. eapol_test.extra_attrs = p1;
  990. else
  991. p->next = p1;
  992. p = p1;
  993. p->type = atoi(optarg);
  994. pos = os_strchr(optarg, ':');
  995. if (pos == NULL) {
  996. p->syntax = 'n';
  997. p->data = NULL;
  998. break;
  999. }
  1000. pos++;
  1001. if (pos[0] == '\0' || pos[1] != ':') {
  1002. printf("Incorrect format of attribute "
  1003. "specification\n");
  1004. break;
  1005. }
  1006. p->syntax = pos[0];
  1007. p->data = pos + 2;
  1008. break;
  1009. default:
  1010. usage();
  1011. return -1;
  1012. }
  1013. }
  1014. if (argc > optind && os_strcmp(argv[optind], "scard") == 0) {
  1015. return scard_test();
  1016. }
  1017. if (argc > optind && os_strcmp(argv[optind], "sim") == 0) {
  1018. return scard_get_triplets(argc - optind - 1,
  1019. &argv[optind + 1]);
  1020. }
  1021. if (conf == NULL) {
  1022. usage();
  1023. printf("Configuration file is required.\n");
  1024. return -1;
  1025. }
  1026. if (eap_register_methods()) {
  1027. wpa_printf(MSG_ERROR, "Failed to register EAP methods");
  1028. return -1;
  1029. }
  1030. if (eloop_init()) {
  1031. wpa_printf(MSG_ERROR, "Failed to initialize event loop");
  1032. return -1;
  1033. }
  1034. os_memset(&wpa_s, 0, sizeof(wpa_s));
  1035. eapol_test.wpa_s = &wpa_s;
  1036. wpa_s.conf = wpa_config_read(conf);
  1037. if (wpa_s.conf == NULL) {
  1038. printf("Failed to parse configuration file '%s'.\n", conf);
  1039. return -1;
  1040. }
  1041. if (wpa_s.conf->ssid == NULL) {
  1042. printf("No networks defined.\n");
  1043. return -1;
  1044. }
  1045. wpa_init_conf(&eapol_test, &wpa_s, as_addr, as_port, as_secret,
  1046. cli_addr);
  1047. wpa_s.ctrl_iface = wpa_supplicant_ctrl_iface_init(&wpa_s);
  1048. if (wpa_s.ctrl_iface == NULL) {
  1049. printf("Failed to initialize control interface '%s'.\n"
  1050. "You may have another eapol_test process already "
  1051. "running or the file was\n"
  1052. "left by an unclean termination of eapol_test in "
  1053. "which case you will need\n"
  1054. "to manually remove this file before starting "
  1055. "eapol_test again.\n",
  1056. wpa_s.conf->ctrl_interface);
  1057. return -1;
  1058. }
  1059. if (wpa_supplicant_scard_init(&wpa_s, wpa_s.conf->ssid))
  1060. return -1;
  1061. if (test_eapol(&eapol_test, &wpa_s, wpa_s.conf->ssid))
  1062. return -1;
  1063. if (wait_for_monitor)
  1064. wpa_supplicant_ctrl_iface_wait(wpa_s.ctrl_iface);
  1065. eloop_register_timeout(timeout, 0, eapol_test_timeout, &eapol_test,
  1066. NULL);
  1067. eloop_register_timeout(0, 0, send_eap_request_identity, &wpa_s, NULL);
  1068. eloop_register_signal_terminate(eapol_test_terminate, &wpa_s);
  1069. eloop_register_signal_reconfig(eapol_test_terminate, &wpa_s);
  1070. eloop_run();
  1071. eloop_cancel_timeout(eapol_test_timeout, &eapol_test, NULL);
  1072. eloop_cancel_timeout(eapol_sm_reauth, &eapol_test, NULL);
  1073. if (eapol_test_compare_pmk(&eapol_test) == 0 ||
  1074. eapol_test.no_mppe_keys)
  1075. ret = 0;
  1076. if (eapol_test.auth_timed_out)
  1077. ret = -2;
  1078. if (eapol_test.radius_access_reject_received)
  1079. ret = -3;
  1080. if (save_config)
  1081. wpa_config_write(conf, wpa_s.conf);
  1082. test_eapol_clean(&eapol_test, &wpa_s);
  1083. eap_peer_unregister_methods();
  1084. #ifdef CONFIG_AP
  1085. eap_server_unregister_methods();
  1086. #endif /* CONFIG_AP */
  1087. eloop_destroy();
  1088. if (eapol_test.server_cert_file)
  1089. fclose(eapol_test.server_cert_file);
  1090. printf("MPPE keys OK: %d mismatch: %d\n",
  1091. eapol_test.num_mppe_ok, eapol_test.num_mppe_mismatch);
  1092. if (eapol_test.num_mppe_mismatch)
  1093. ret = -4;
  1094. if (ret)
  1095. printf("FAILURE\n");
  1096. else
  1097. printf("SUCCESS\n");
  1098. os_program_deinit();
  1099. return ret;
  1100. }