eapol_test.c 31 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209
  1. /*
  2. * WPA Supplicant - test code
  3. * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
  4. *
  5. * This program is free software; you can redistribute it and/or modify
  6. * it under the terms of the GNU General Public License version 2 as
  7. * published by the Free Software Foundation.
  8. *
  9. * Alternatively, this software may be distributed under the terms of BSD
  10. * license.
  11. *
  12. * See README and COPYING for more details.
  13. *
  14. * IEEE 802.1X Supplicant test code (to be used in place of wpa_supplicant.c.
  15. * Not used in production version.
  16. */
  17. #include "includes.h"
  18. #include <assert.h>
  19. #include "common.h"
  20. #include "config.h"
  21. #include "eapol_supp/eapol_supp_sm.h"
  22. #include "eap_peer/eap.h"
  23. #include "eloop.h"
  24. #include "rsn_supp/wpa.h"
  25. #include "eap_peer/eap_i.h"
  26. #include "wpa_supplicant_i.h"
  27. #include "radius/radius.h"
  28. #include "radius/radius_client.h"
  29. #include "ctrl_iface.h"
  30. #include "pcsc_funcs.h"
  31. extern int wpa_debug_level;
  32. extern int wpa_debug_show_keys;
  33. struct wpa_driver_ops *wpa_drivers[] = { NULL };
  34. struct extra_radius_attr {
  35. u8 type;
  36. char syntax;
  37. char *data;
  38. struct extra_radius_attr *next;
  39. };
  40. struct eapol_test_data {
  41. struct wpa_supplicant *wpa_s;
  42. int eapol_test_num_reauths;
  43. int no_mppe_keys;
  44. int num_mppe_ok, num_mppe_mismatch;
  45. u8 radius_identifier;
  46. struct radius_msg *last_recv_radius;
  47. struct in_addr own_ip_addr;
  48. struct radius_client_data *radius;
  49. struct hostapd_radius_servers *radius_conf;
  50. u8 *last_eap_radius; /* last received EAP Response from Authentication
  51. * Server */
  52. size_t last_eap_radius_len;
  53. u8 authenticator_pmk[PMK_LEN];
  54. size_t authenticator_pmk_len;
  55. int radius_access_accept_received;
  56. int radius_access_reject_received;
  57. int auth_timed_out;
  58. u8 *eap_identity;
  59. size_t eap_identity_len;
  60. char *connect_info;
  61. u8 own_addr[ETH_ALEN];
  62. struct extra_radius_attr *extra_attrs;
  63. };
  64. static struct eapol_test_data eapol_test;
  65. static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx);
  66. static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
  67. int level, const char *txt, size_t len)
  68. {
  69. if (addr)
  70. wpa_printf(MSG_DEBUG, "STA " MACSTR ": %s\n",
  71. MAC2STR(addr), txt);
  72. else
  73. wpa_printf(MSG_DEBUG, "%s", txt);
  74. }
  75. static int add_extra_attr(struct radius_msg *msg,
  76. struct extra_radius_attr *attr)
  77. {
  78. size_t len;
  79. char *pos;
  80. u32 val;
  81. char buf[128];
  82. switch (attr->syntax) {
  83. case 's':
  84. os_snprintf(buf, sizeof(buf), "%s", attr->data);
  85. len = os_strlen(buf);
  86. break;
  87. case 'n':
  88. buf[0] = '\0';
  89. len = 1;
  90. break;
  91. case 'x':
  92. pos = attr->data;
  93. if (pos[0] == '0' && pos[1] == 'x')
  94. pos += 2;
  95. len = os_strlen(pos);
  96. if ((len & 1) || (len / 2) > sizeof(buf)) {
  97. printf("Invalid extra attribute hexstring\n");
  98. return -1;
  99. }
  100. len /= 2;
  101. if (hexstr2bin(pos, (u8 *) buf, len) < 0) {
  102. printf("Invalid extra attribute hexstring\n");
  103. return -1;
  104. }
  105. break;
  106. case 'd':
  107. val = htonl(atoi(attr->data));
  108. os_memcpy(buf, &val, 4);
  109. len = 4;
  110. break;
  111. default:
  112. printf("Incorrect extra attribute syntax specification\n");
  113. return -1;
  114. }
  115. if (!radius_msg_add_attr(msg, attr->type, (u8 *) buf, len)) {
  116. printf("Could not add attribute %d\n", attr->type);
  117. return -1;
  118. }
  119. return 0;
  120. }
  121. static int add_extra_attrs(struct radius_msg *msg,
  122. struct extra_radius_attr *attrs)
  123. {
  124. struct extra_radius_attr *p;
  125. for (p = attrs; p; p = p->next) {
  126. if (add_extra_attr(msg, p) < 0)
  127. return -1;
  128. }
  129. return 0;
  130. }
  131. static struct extra_radius_attr *
  132. find_extra_attr(struct extra_radius_attr *attrs, u8 type)
  133. {
  134. struct extra_radius_attr *p;
  135. for (p = attrs; p; p = p->next) {
  136. if (p->type == type)
  137. return p;
  138. }
  139. return NULL;
  140. }
  141. static void ieee802_1x_encapsulate_radius(struct eapol_test_data *e,
  142. const u8 *eap, size_t len)
  143. {
  144. struct radius_msg *msg;
  145. char buf[128];
  146. const struct eap_hdr *hdr;
  147. const u8 *pos;
  148. wpa_printf(MSG_DEBUG, "Encapsulating EAP message into a RADIUS "
  149. "packet");
  150. e->radius_identifier = radius_client_get_id(e->radius);
  151. msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST,
  152. e->radius_identifier);
  153. if (msg == NULL) {
  154. printf("Could not create net RADIUS packet\n");
  155. return;
  156. }
  157. radius_msg_make_authenticator(msg, (u8 *) e, sizeof(*e));
  158. hdr = (const struct eap_hdr *) eap;
  159. pos = (const u8 *) (hdr + 1);
  160. if (len > sizeof(*hdr) && hdr->code == EAP_CODE_RESPONSE &&
  161. pos[0] == EAP_TYPE_IDENTITY) {
  162. pos++;
  163. os_free(e->eap_identity);
  164. e->eap_identity_len = len - sizeof(*hdr) - 1;
  165. e->eap_identity = os_malloc(e->eap_identity_len);
  166. if (e->eap_identity) {
  167. os_memcpy(e->eap_identity, pos, e->eap_identity_len);
  168. wpa_hexdump(MSG_DEBUG, "Learned identity from "
  169. "EAP-Response-Identity",
  170. e->eap_identity, e->eap_identity_len);
  171. }
  172. }
  173. if (e->eap_identity &&
  174. !radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME,
  175. e->eap_identity, e->eap_identity_len)) {
  176. printf("Could not add User-Name\n");
  177. goto fail;
  178. }
  179. if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_IP_ADDRESS) &&
  180. !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
  181. (u8 *) &e->own_ip_addr, 4)) {
  182. printf("Could not add NAS-IP-Address\n");
  183. goto fail;
  184. }
  185. os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
  186. MAC2STR(e->wpa_s->own_addr));
  187. if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CALLING_STATION_ID)
  188. &&
  189. !radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
  190. (u8 *) buf, os_strlen(buf))) {
  191. printf("Could not add Calling-Station-Id\n");
  192. goto fail;
  193. }
  194. /* TODO: should probably check MTU from driver config; 2304 is max for
  195. * IEEE 802.11, but use 1400 to avoid problems with too large packets
  196. */
  197. if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_FRAMED_MTU) &&
  198. !radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) {
  199. printf("Could not add Framed-MTU\n");
  200. goto fail;
  201. }
  202. if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_PORT_TYPE) &&
  203. !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE,
  204. RADIUS_NAS_PORT_TYPE_IEEE_802_11)) {
  205. printf("Could not add NAS-Port-Type\n");
  206. goto fail;
  207. }
  208. os_snprintf(buf, sizeof(buf), "%s", e->connect_info);
  209. if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CONNECT_INFO) &&
  210. !radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
  211. (u8 *) buf, os_strlen(buf))) {
  212. printf("Could not add Connect-Info\n");
  213. goto fail;
  214. }
  215. if (add_extra_attrs(msg, e->extra_attrs) < 0)
  216. goto fail;
  217. if (eap && !radius_msg_add_eap(msg, eap, len)) {
  218. printf("Could not add EAP-Message\n");
  219. goto fail;
  220. }
  221. /* State attribute must be copied if and only if this packet is
  222. * Access-Request reply to the previous Access-Challenge */
  223. if (e->last_recv_radius &&
  224. radius_msg_get_hdr(e->last_recv_radius)->code ==
  225. RADIUS_CODE_ACCESS_CHALLENGE) {
  226. int res = radius_msg_copy_attr(msg, e->last_recv_radius,
  227. RADIUS_ATTR_STATE);
  228. if (res < 0) {
  229. printf("Could not copy State attribute from previous "
  230. "Access-Challenge\n");
  231. goto fail;
  232. }
  233. if (res > 0) {
  234. wpa_printf(MSG_DEBUG, " Copied RADIUS State "
  235. "Attribute");
  236. }
  237. }
  238. radius_client_send(e->radius, msg, RADIUS_AUTH, e->wpa_s->own_addr);
  239. return;
  240. fail:
  241. radius_msg_free(msg);
  242. }
  243. static int eapol_test_eapol_send(void *ctx, int type, const u8 *buf,
  244. size_t len)
  245. {
  246. /* struct wpa_supplicant *wpa_s = ctx; */
  247. printf("WPA: eapol_test_eapol_send(type=%d len=%lu)\n",
  248. type, (unsigned long) len);
  249. if (type == IEEE802_1X_TYPE_EAP_PACKET) {
  250. wpa_hexdump(MSG_DEBUG, "TX EAP -> RADIUS", buf, len);
  251. ieee802_1x_encapsulate_radius(&eapol_test, buf, len);
  252. }
  253. return 0;
  254. }
  255. static void eapol_test_set_config_blob(void *ctx,
  256. struct wpa_config_blob *blob)
  257. {
  258. struct wpa_supplicant *wpa_s = ctx;
  259. wpa_config_set_blob(wpa_s->conf, blob);
  260. }
  261. static const struct wpa_config_blob *
  262. eapol_test_get_config_blob(void *ctx, const char *name)
  263. {
  264. struct wpa_supplicant *wpa_s = ctx;
  265. return wpa_config_get_blob(wpa_s->conf, name);
  266. }
  267. static void eapol_test_eapol_done_cb(void *ctx)
  268. {
  269. printf("WPA: EAPOL processing complete\n");
  270. }
  271. static void eapol_sm_reauth(void *eloop_ctx, void *timeout_ctx)
  272. {
  273. struct eapol_test_data *e = eloop_ctx;
  274. printf("\n\n\n\n\neapol_test: Triggering EAP reauthentication\n\n");
  275. e->radius_access_accept_received = 0;
  276. send_eap_request_identity(e->wpa_s, NULL);
  277. }
  278. static int eapol_test_compare_pmk(struct eapol_test_data *e)
  279. {
  280. u8 pmk[PMK_LEN];
  281. int ret = 1;
  282. if (eapol_sm_get_key(e->wpa_s->eapol, pmk, PMK_LEN) == 0) {
  283. wpa_hexdump(MSG_DEBUG, "PMK from EAPOL", pmk, PMK_LEN);
  284. if (os_memcmp(pmk, e->authenticator_pmk, PMK_LEN) != 0) {
  285. printf("WARNING: PMK mismatch\n");
  286. wpa_hexdump(MSG_DEBUG, "PMK from AS",
  287. e->authenticator_pmk, PMK_LEN);
  288. } else if (e->radius_access_accept_received)
  289. ret = 0;
  290. } else if (e->authenticator_pmk_len == 16 &&
  291. eapol_sm_get_key(e->wpa_s->eapol, pmk, 16) == 0) {
  292. wpa_hexdump(MSG_DEBUG, "LEAP PMK from EAPOL", pmk, 16);
  293. if (os_memcmp(pmk, e->authenticator_pmk, 16) != 0) {
  294. printf("WARNING: PMK mismatch\n");
  295. wpa_hexdump(MSG_DEBUG, "PMK from AS",
  296. e->authenticator_pmk, 16);
  297. } else if (e->radius_access_accept_received)
  298. ret = 0;
  299. } else if (e->radius_access_accept_received && e->no_mppe_keys) {
  300. /* No keying material expected */
  301. ret = 0;
  302. }
  303. if (ret && !e->no_mppe_keys)
  304. e->num_mppe_mismatch++;
  305. else if (!e->no_mppe_keys)
  306. e->num_mppe_ok++;
  307. return ret;
  308. }
  309. static void eapol_sm_cb(struct eapol_sm *eapol, int success, void *ctx)
  310. {
  311. struct eapol_test_data *e = ctx;
  312. printf("eapol_sm_cb: success=%d\n", success);
  313. e->eapol_test_num_reauths--;
  314. if (e->eapol_test_num_reauths < 0)
  315. eloop_terminate();
  316. else {
  317. eapol_test_compare_pmk(e);
  318. eloop_register_timeout(0, 100000, eapol_sm_reauth, e, NULL);
  319. }
  320. }
  321. static int test_eapol(struct eapol_test_data *e, struct wpa_supplicant *wpa_s,
  322. struct wpa_ssid *ssid)
  323. {
  324. struct eapol_config eapol_conf;
  325. struct eapol_ctx *ctx;
  326. ctx = os_zalloc(sizeof(*ctx));
  327. if (ctx == NULL) {
  328. printf("Failed to allocate EAPOL context.\n");
  329. return -1;
  330. }
  331. ctx->ctx = wpa_s;
  332. ctx->msg_ctx = wpa_s;
  333. ctx->scard_ctx = wpa_s->scard;
  334. ctx->cb = eapol_sm_cb;
  335. ctx->cb_ctx = e;
  336. ctx->eapol_send_ctx = wpa_s;
  337. ctx->preauth = 0;
  338. ctx->eapol_done_cb = eapol_test_eapol_done_cb;
  339. ctx->eapol_send = eapol_test_eapol_send;
  340. ctx->set_config_blob = eapol_test_set_config_blob;
  341. ctx->get_config_blob = eapol_test_get_config_blob;
  342. ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
  343. ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
  344. ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
  345. wpa_s->eapol = eapol_sm_init(ctx);
  346. if (wpa_s->eapol == NULL) {
  347. os_free(ctx);
  348. printf("Failed to initialize EAPOL state machines.\n");
  349. return -1;
  350. }
  351. wpa_s->current_ssid = ssid;
  352. os_memset(&eapol_conf, 0, sizeof(eapol_conf));
  353. eapol_conf.accept_802_1x_keys = 1;
  354. eapol_conf.required_keys = 0;
  355. eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
  356. eapol_conf.workaround = ssid->eap_workaround;
  357. eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
  358. eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
  359. eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
  360. /* 802.1X::portControl = Auto */
  361. eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);
  362. return 0;
  363. }
  364. static void test_eapol_clean(struct eapol_test_data *e,
  365. struct wpa_supplicant *wpa_s)
  366. {
  367. struct extra_radius_attr *p, *prev;
  368. radius_client_deinit(e->radius);
  369. os_free(e->last_eap_radius);
  370. radius_msg_free(e->last_recv_radius);
  371. e->last_recv_radius = NULL;
  372. os_free(e->eap_identity);
  373. e->eap_identity = NULL;
  374. eapol_sm_deinit(wpa_s->eapol);
  375. wpa_s->eapol = NULL;
  376. if (e->radius_conf && e->radius_conf->auth_server) {
  377. os_free(e->radius_conf->auth_server->shared_secret);
  378. os_free(e->radius_conf->auth_server);
  379. }
  380. os_free(e->radius_conf);
  381. e->radius_conf = NULL;
  382. scard_deinit(wpa_s->scard);
  383. if (wpa_s->ctrl_iface) {
  384. wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
  385. wpa_s->ctrl_iface = NULL;
  386. }
  387. wpa_config_free(wpa_s->conf);
  388. p = e->extra_attrs;
  389. while (p) {
  390. prev = p;
  391. p = p->next;
  392. os_free(prev);
  393. }
  394. }
  395. static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx)
  396. {
  397. struct wpa_supplicant *wpa_s = eloop_ctx;
  398. u8 buf[100], *pos;
  399. struct ieee802_1x_hdr *hdr;
  400. struct eap_hdr *eap;
  401. hdr = (struct ieee802_1x_hdr *) buf;
  402. hdr->version = EAPOL_VERSION;
  403. hdr->type = IEEE802_1X_TYPE_EAP_PACKET;
  404. hdr->length = htons(5);
  405. eap = (struct eap_hdr *) (hdr + 1);
  406. eap->code = EAP_CODE_REQUEST;
  407. eap->identifier = 0;
  408. eap->length = htons(5);
  409. pos = (u8 *) (eap + 1);
  410. *pos = EAP_TYPE_IDENTITY;
  411. printf("Sending fake EAP-Request-Identity\n");
  412. eapol_sm_rx_eapol(wpa_s->eapol, wpa_s->bssid, buf,
  413. sizeof(*hdr) + 5);
  414. }
  415. static void eapol_test_timeout(void *eloop_ctx, void *timeout_ctx)
  416. {
  417. struct eapol_test_data *e = eloop_ctx;
  418. printf("EAPOL test timed out\n");
  419. e->auth_timed_out = 1;
  420. eloop_terminate();
  421. }
  422. static char *eap_type_text(u8 type)
  423. {
  424. switch (type) {
  425. case EAP_TYPE_IDENTITY: return "Identity";
  426. case EAP_TYPE_NOTIFICATION: return "Notification";
  427. case EAP_TYPE_NAK: return "Nak";
  428. case EAP_TYPE_TLS: return "TLS";
  429. case EAP_TYPE_TTLS: return "TTLS";
  430. case EAP_TYPE_PEAP: return "PEAP";
  431. case EAP_TYPE_SIM: return "SIM";
  432. case EAP_TYPE_GTC: return "GTC";
  433. case EAP_TYPE_MD5: return "MD5";
  434. case EAP_TYPE_OTP: return "OTP";
  435. case EAP_TYPE_FAST: return "FAST";
  436. case EAP_TYPE_SAKE: return "SAKE";
  437. case EAP_TYPE_PSK: return "PSK";
  438. default: return "Unknown";
  439. }
  440. }
  441. static void ieee802_1x_decapsulate_radius(struct eapol_test_data *e)
  442. {
  443. u8 *eap;
  444. size_t len;
  445. struct eap_hdr *hdr;
  446. int eap_type = -1;
  447. char buf[64];
  448. struct radius_msg *msg;
  449. if (e->last_recv_radius == NULL)
  450. return;
  451. msg = e->last_recv_radius;
  452. eap = radius_msg_get_eap(msg, &len);
  453. if (eap == NULL) {
  454. /* draft-aboba-radius-rfc2869bis-20.txt, Chap. 2.6.3:
  455. * RADIUS server SHOULD NOT send Access-Reject/no EAP-Message
  456. * attribute */
  457. wpa_printf(MSG_DEBUG, "could not extract "
  458. "EAP-Message from RADIUS message");
  459. os_free(e->last_eap_radius);
  460. e->last_eap_radius = NULL;
  461. e->last_eap_radius_len = 0;
  462. return;
  463. }
  464. if (len < sizeof(*hdr)) {
  465. wpa_printf(MSG_DEBUG, "too short EAP packet "
  466. "received from authentication server");
  467. os_free(eap);
  468. return;
  469. }
  470. if (len > sizeof(*hdr))
  471. eap_type = eap[sizeof(*hdr)];
  472. hdr = (struct eap_hdr *) eap;
  473. switch (hdr->code) {
  474. case EAP_CODE_REQUEST:
  475. os_snprintf(buf, sizeof(buf), "EAP-Request-%s (%d)",
  476. eap_type >= 0 ? eap_type_text(eap_type) : "??",
  477. eap_type);
  478. break;
  479. case EAP_CODE_RESPONSE:
  480. os_snprintf(buf, sizeof(buf), "EAP Response-%s (%d)",
  481. eap_type >= 0 ? eap_type_text(eap_type) : "??",
  482. eap_type);
  483. break;
  484. case EAP_CODE_SUCCESS:
  485. os_strlcpy(buf, "EAP Success", sizeof(buf));
  486. /* LEAP uses EAP Success within an authentication, so must not
  487. * stop here with eloop_terminate(); */
  488. break;
  489. case EAP_CODE_FAILURE:
  490. os_strlcpy(buf, "EAP Failure", sizeof(buf));
  491. eloop_terminate();
  492. break;
  493. default:
  494. os_strlcpy(buf, "unknown EAP code", sizeof(buf));
  495. wpa_hexdump(MSG_DEBUG, "Decapsulated EAP packet", eap, len);
  496. break;
  497. }
  498. wpa_printf(MSG_DEBUG, "decapsulated EAP packet (code=%d "
  499. "id=%d len=%d) from RADIUS server: %s",
  500. hdr->code, hdr->identifier, ntohs(hdr->length), buf);
  501. /* sta->eapol_sm->be_auth.idFromServer = hdr->identifier; */
  502. os_free(e->last_eap_radius);
  503. e->last_eap_radius = eap;
  504. e->last_eap_radius_len = len;
  505. {
  506. struct ieee802_1x_hdr *dot1x;
  507. dot1x = os_malloc(sizeof(*dot1x) + len);
  508. assert(dot1x != NULL);
  509. dot1x->version = EAPOL_VERSION;
  510. dot1x->type = IEEE802_1X_TYPE_EAP_PACKET;
  511. dot1x->length = htons(len);
  512. os_memcpy((u8 *) (dot1x + 1), eap, len);
  513. eapol_sm_rx_eapol(e->wpa_s->eapol, e->wpa_s->bssid,
  514. (u8 *) dot1x, sizeof(*dot1x) + len);
  515. os_free(dot1x);
  516. }
  517. }
  518. static void ieee802_1x_get_keys(struct eapol_test_data *e,
  519. struct radius_msg *msg, struct radius_msg *req,
  520. const u8 *shared_secret,
  521. size_t shared_secret_len)
  522. {
  523. struct radius_ms_mppe_keys *keys;
  524. keys = radius_msg_get_ms_keys(msg, req, shared_secret,
  525. shared_secret_len);
  526. if (keys && keys->send == NULL && keys->recv == NULL) {
  527. os_free(keys);
  528. keys = radius_msg_get_cisco_keys(msg, req, shared_secret,
  529. shared_secret_len);
  530. }
  531. if (keys) {
  532. if (keys->send) {
  533. wpa_hexdump(MSG_DEBUG, "MS-MPPE-Send-Key (sign)",
  534. keys->send, keys->send_len);
  535. }
  536. if (keys->recv) {
  537. wpa_hexdump(MSG_DEBUG, "MS-MPPE-Recv-Key (crypt)",
  538. keys->recv, keys->recv_len);
  539. e->authenticator_pmk_len =
  540. keys->recv_len > PMK_LEN ? PMK_LEN :
  541. keys->recv_len;
  542. os_memcpy(e->authenticator_pmk, keys->recv,
  543. e->authenticator_pmk_len);
  544. if (e->authenticator_pmk_len == 16 && keys->send &&
  545. keys->send_len == 16) {
  546. /* MS-CHAP-v2 derives 16 octet keys */
  547. wpa_printf(MSG_DEBUG, "Use MS-MPPE-Send-Key "
  548. "to extend PMK to 32 octets");
  549. os_memcpy(e->authenticator_pmk +
  550. e->authenticator_pmk_len,
  551. keys->send, keys->send_len);
  552. e->authenticator_pmk_len += keys->send_len;
  553. }
  554. }
  555. os_free(keys->send);
  556. os_free(keys->recv);
  557. os_free(keys);
  558. }
  559. }
  560. /* Process the RADIUS frames from Authentication Server */
  561. static RadiusRxResult
  562. ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
  563. const u8 *shared_secret, size_t shared_secret_len,
  564. void *data)
  565. {
  566. struct eapol_test_data *e = data;
  567. struct radius_hdr *hdr = radius_msg_get_hdr(msg);
  568. /* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be
  569. * present when packet contains an EAP-Message attribute */
  570. if (hdr->code == RADIUS_CODE_ACCESS_REJECT &&
  571. radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,
  572. 0) < 0 &&
  573. radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {
  574. wpa_printf(MSG_DEBUG, "Allowing RADIUS "
  575. "Access-Reject without Message-Authenticator "
  576. "since it does not include EAP-Message\n");
  577. } else if (radius_msg_verify(msg, shared_secret, shared_secret_len,
  578. req, 1)) {
  579. printf("Incoming RADIUS packet did not have correct "
  580. "Message-Authenticator - dropped\n");
  581. return RADIUS_RX_UNKNOWN;
  582. }
  583. if (hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
  584. hdr->code != RADIUS_CODE_ACCESS_REJECT &&
  585. hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {
  586. printf("Unknown RADIUS message code\n");
  587. return RADIUS_RX_UNKNOWN;
  588. }
  589. e->radius_identifier = -1;
  590. wpa_printf(MSG_DEBUG, "RADIUS packet matching with station");
  591. radius_msg_free(e->last_recv_radius);
  592. e->last_recv_radius = msg;
  593. switch (hdr->code) {
  594. case RADIUS_CODE_ACCESS_ACCEPT:
  595. e->radius_access_accept_received = 1;
  596. ieee802_1x_get_keys(e, msg, req, shared_secret,
  597. shared_secret_len);
  598. break;
  599. case RADIUS_CODE_ACCESS_REJECT:
  600. e->radius_access_reject_received = 1;
  601. break;
  602. }
  603. ieee802_1x_decapsulate_radius(e);
  604. if ((hdr->code == RADIUS_CODE_ACCESS_ACCEPT &&
  605. e->eapol_test_num_reauths < 0) ||
  606. hdr->code == RADIUS_CODE_ACCESS_REJECT) {
  607. eloop_terminate();
  608. }
  609. return RADIUS_RX_QUEUED;
  610. }
  611. static void wpa_init_conf(struct eapol_test_data *e,
  612. struct wpa_supplicant *wpa_s, const char *authsrv,
  613. int port, const char *secret,
  614. const char *cli_addr)
  615. {
  616. struct hostapd_radius_server *as;
  617. int res;
  618. wpa_s->bssid[5] = 1;
  619. os_memcpy(wpa_s->own_addr, e->own_addr, ETH_ALEN);
  620. e->own_ip_addr.s_addr = htonl((127 << 24) | 1);
  621. os_strlcpy(wpa_s->ifname, "test", sizeof(wpa_s->ifname));
  622. e->radius_conf = os_zalloc(sizeof(struct hostapd_radius_servers));
  623. assert(e->radius_conf != NULL);
  624. e->radius_conf->num_auth_servers = 1;
  625. as = os_zalloc(sizeof(struct hostapd_radius_server));
  626. assert(as != NULL);
  627. #if defined(CONFIG_NATIVE_WINDOWS) || defined(CONFIG_ANSI_C_EXTRA)
  628. {
  629. int a[4];
  630. u8 *pos;
  631. sscanf(authsrv, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]);
  632. pos = (u8 *) &as->addr.u.v4;
  633. *pos++ = a[0];
  634. *pos++ = a[1];
  635. *pos++ = a[2];
  636. *pos++ = a[3];
  637. }
  638. #else /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */
  639. inet_aton(authsrv, &as->addr.u.v4);
  640. #endif /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */
  641. as->addr.af = AF_INET;
  642. as->port = port;
  643. as->shared_secret = (u8 *) os_strdup(secret);
  644. as->shared_secret_len = os_strlen(secret);
  645. e->radius_conf->auth_server = as;
  646. e->radius_conf->auth_servers = as;
  647. e->radius_conf->msg_dumps = 1;
  648. if (cli_addr) {
  649. if (hostapd_parse_ip_addr(cli_addr,
  650. &e->radius_conf->client_addr) == 0)
  651. e->radius_conf->force_client_addr = 1;
  652. else {
  653. wpa_printf(MSG_ERROR, "Invalid IP address '%s'",
  654. cli_addr);
  655. assert(0);
  656. }
  657. }
  658. e->radius = radius_client_init(wpa_s, e->radius_conf);
  659. assert(e->radius != NULL);
  660. res = radius_client_register(e->radius, RADIUS_AUTH,
  661. ieee802_1x_receive_auth, e);
  662. assert(res == 0);
  663. }
  664. static int scard_test(void)
  665. {
  666. struct scard_data *scard;
  667. size_t len;
  668. char imsi[20];
  669. unsigned char _rand[16];
  670. #ifdef PCSC_FUNCS
  671. unsigned char sres[4];
  672. unsigned char kc[8];
  673. #endif /* PCSC_FUNCS */
  674. #define num_triplets 5
  675. unsigned char rand_[num_triplets][16];
  676. unsigned char sres_[num_triplets][4];
  677. unsigned char kc_[num_triplets][8];
  678. int i, res;
  679. size_t j;
  680. #define AKA_RAND_LEN 16
  681. #define AKA_AUTN_LEN 16
  682. #define AKA_AUTS_LEN 14
  683. #define RES_MAX_LEN 16
  684. #define IK_LEN 16
  685. #define CK_LEN 16
  686. unsigned char aka_rand[AKA_RAND_LEN];
  687. unsigned char aka_autn[AKA_AUTN_LEN];
  688. unsigned char aka_auts[AKA_AUTS_LEN];
  689. unsigned char aka_res[RES_MAX_LEN];
  690. size_t aka_res_len;
  691. unsigned char aka_ik[IK_LEN];
  692. unsigned char aka_ck[CK_LEN];
  693. scard = scard_init(SCARD_TRY_BOTH);
  694. if (scard == NULL)
  695. return -1;
  696. if (scard_set_pin(scard, "1234")) {
  697. wpa_printf(MSG_WARNING, "PIN validation failed");
  698. scard_deinit(scard);
  699. return -1;
  700. }
  701. len = sizeof(imsi);
  702. if (scard_get_imsi(scard, imsi, &len))
  703. goto failed;
  704. wpa_hexdump_ascii(MSG_DEBUG, "SCARD: IMSI", (u8 *) imsi, len);
  705. /* NOTE: Permanent Username: 1 | IMSI */
  706. os_memset(_rand, 0, sizeof(_rand));
  707. if (scard_gsm_auth(scard, _rand, sres, kc))
  708. goto failed;
  709. os_memset(_rand, 0xff, sizeof(_rand));
  710. if (scard_gsm_auth(scard, _rand, sres, kc))
  711. goto failed;
  712. for (i = 0; i < num_triplets; i++) {
  713. os_memset(rand_[i], i, sizeof(rand_[i]));
  714. if (scard_gsm_auth(scard, rand_[i], sres_[i], kc_[i]))
  715. goto failed;
  716. }
  717. for (i = 0; i < num_triplets; i++) {
  718. printf("1");
  719. for (j = 0; j < len; j++)
  720. printf("%c", imsi[j]);
  721. printf(",");
  722. for (j = 0; j < 16; j++)
  723. printf("%02X", rand_[i][j]);
  724. printf(",");
  725. for (j = 0; j < 4; j++)
  726. printf("%02X", sres_[i][j]);
  727. printf(",");
  728. for (j = 0; j < 8; j++)
  729. printf("%02X", kc_[i][j]);
  730. printf("\n");
  731. }
  732. wpa_printf(MSG_DEBUG, "Trying to use UMTS authentication");
  733. /* seq 39 (0x28) */
  734. os_memset(aka_rand, 0xaa, 16);
  735. os_memcpy(aka_autn, "\x86\x71\x31\xcb\xa2\xfc\x61\xdf"
  736. "\xa3\xb3\x97\x9d\x07\x32\xa2\x12", 16);
  737. res = scard_umts_auth(scard, aka_rand, aka_autn, aka_res, &aka_res_len,
  738. aka_ik, aka_ck, aka_auts);
  739. if (res == 0) {
  740. wpa_printf(MSG_DEBUG, "UMTS auth completed successfully");
  741. wpa_hexdump(MSG_DEBUG, "RES", aka_res, aka_res_len);
  742. wpa_hexdump(MSG_DEBUG, "IK", aka_ik, IK_LEN);
  743. wpa_hexdump(MSG_DEBUG, "CK", aka_ck, CK_LEN);
  744. } else if (res == -2) {
  745. wpa_printf(MSG_DEBUG, "UMTS auth resulted in synchronization "
  746. "failure");
  747. wpa_hexdump(MSG_DEBUG, "AUTS", aka_auts, AKA_AUTS_LEN);
  748. } else {
  749. wpa_printf(MSG_DEBUG, "UMTS auth failed");
  750. }
  751. failed:
  752. scard_deinit(scard);
  753. return 0;
  754. #undef num_triplets
  755. }
  756. static int scard_get_triplets(int argc, char *argv[])
  757. {
  758. struct scard_data *scard;
  759. size_t len;
  760. char imsi[20];
  761. unsigned char _rand[16];
  762. unsigned char sres[4];
  763. unsigned char kc[8];
  764. int num_triplets;
  765. int i;
  766. size_t j;
  767. if (argc < 2 || ((num_triplets = atoi(argv[1])) <= 0)) {
  768. printf("invalid parameters for sim command\n");
  769. return -1;
  770. }
  771. if (argc <= 2 || os_strcmp(argv[2], "debug") != 0) {
  772. /* disable debug output */
  773. wpa_debug_level = 99;
  774. }
  775. scard = scard_init(SCARD_GSM_SIM_ONLY);
  776. if (scard == NULL) {
  777. printf("Failed to open smartcard connection\n");
  778. return -1;
  779. }
  780. if (scard_set_pin(scard, argv[0])) {
  781. wpa_printf(MSG_WARNING, "PIN validation failed");
  782. scard_deinit(scard);
  783. return -1;
  784. }
  785. len = sizeof(imsi);
  786. if (scard_get_imsi(scard, imsi, &len)) {
  787. scard_deinit(scard);
  788. return -1;
  789. }
  790. for (i = 0; i < num_triplets; i++) {
  791. os_memset(_rand, i, sizeof(_rand));
  792. if (scard_gsm_auth(scard, _rand, sres, kc))
  793. break;
  794. /* IMSI:Kc:SRES:RAND */
  795. for (j = 0; j < len; j++)
  796. printf("%c", imsi[j]);
  797. printf(":");
  798. for (j = 0; j < 8; j++)
  799. printf("%02X", kc[j]);
  800. printf(":");
  801. for (j = 0; j < 4; j++)
  802. printf("%02X", sres[j]);
  803. printf(":");
  804. for (j = 0; j < 16; j++)
  805. printf("%02X", _rand[j]);
  806. printf("\n");
  807. }
  808. scard_deinit(scard);
  809. return 0;
  810. }
  811. static void eapol_test_terminate(int sig, void *signal_ctx)
  812. {
  813. struct wpa_supplicant *wpa_s = signal_ctx;
  814. wpa_msg(wpa_s, MSG_INFO, "Signal %d received - terminating", sig);
  815. eloop_terminate();
  816. }
  817. static void usage(void)
  818. {
  819. printf("usage:\n"
  820. "eapol_test [-nWS] -c<conf> [-a<AS IP>] [-p<AS port>] "
  821. "[-s<AS secret>]\\\n"
  822. " [-r<count>] [-t<timeout>] [-C<Connect-Info>] \\\n"
  823. " [-M<client MAC address>] \\\n"
  824. " [-N<attr spec>] \\\n"
  825. " [-A<client IP>]\n"
  826. "eapol_test scard\n"
  827. "eapol_test sim <PIN> <num triplets> [debug]\n"
  828. "\n");
  829. printf("options:\n"
  830. " -c<conf> = configuration file\n"
  831. " -a<AS IP> = IP address of the authentication server, "
  832. "default 127.0.0.1\n"
  833. " -p<AS port> = UDP port of the authentication server, "
  834. "default 1812\n"
  835. " -s<AS secret> = shared secret with the authentication "
  836. "server, default 'radius'\n"
  837. " -A<client IP> = IP address of the client, default: select "
  838. "automatically\n"
  839. " -r<count> = number of re-authentications\n"
  840. " -W = wait for a control interface monitor before starting\n"
  841. " -S = save configuration after authentication\n"
  842. " -n = no MPPE keys expected\n"
  843. " -t<timeout> = sets timeout in seconds (default: 30 s)\n"
  844. " -C<Connect-Info> = RADIUS Connect-Info (default: "
  845. "CONNECT 11Mbps 802.11b)\n"
  846. " -M<client MAC address> = Set own MAC address "
  847. "(Calling-Station-Id,\n"
  848. " default: 02:00:00:00:00:01)\n"
  849. " -N<attr spec> = send arbitrary attribute specified by:\n"
  850. " attr_id:syntax:value or attr_id\n"
  851. " attr_id - number id of the attribute\n"
  852. " syntax - one of: s, d, x\n"
  853. " s = string\n"
  854. " d = integer\n"
  855. " x = octet string\n"
  856. " value - attribute value.\n"
  857. " When only attr_id is specified, NULL will be used as "
  858. "value.\n"
  859. " Multiple attributes can be specified by using the "
  860. "option several times.\n");
  861. }
  862. int main(int argc, char *argv[])
  863. {
  864. struct wpa_supplicant wpa_s;
  865. int c, ret = 1, wait_for_monitor = 0, save_config = 0;
  866. char *as_addr = "127.0.0.1";
  867. int as_port = 1812;
  868. char *as_secret = "radius";
  869. char *cli_addr = NULL;
  870. char *conf = NULL;
  871. int timeout = 30;
  872. char *pos;
  873. struct extra_radius_attr *p = NULL, *p1;
  874. if (os_program_init())
  875. return -1;
  876. hostapd_logger_register_cb(hostapd_logger_cb);
  877. os_memset(&eapol_test, 0, sizeof(eapol_test));
  878. eapol_test.connect_info = "CONNECT 11Mbps 802.11b";
  879. os_memcpy(eapol_test.own_addr, "\x02\x00\x00\x00\x00\x01", ETH_ALEN);
  880. wpa_debug_level = 0;
  881. wpa_debug_show_keys = 1;
  882. for (;;) {
  883. c = getopt(argc, argv, "a:A:c:C:M:nN:p:r:s:St:W");
  884. if (c < 0)
  885. break;
  886. switch (c) {
  887. case 'a':
  888. as_addr = optarg;
  889. break;
  890. case 'A':
  891. cli_addr = optarg;
  892. break;
  893. case 'c':
  894. conf = optarg;
  895. break;
  896. case 'C':
  897. eapol_test.connect_info = optarg;
  898. break;
  899. case 'M':
  900. if (hwaddr_aton(optarg, eapol_test.own_addr)) {
  901. usage();
  902. return -1;
  903. }
  904. break;
  905. case 'n':
  906. eapol_test.no_mppe_keys++;
  907. break;
  908. case 'p':
  909. as_port = atoi(optarg);
  910. break;
  911. case 'r':
  912. eapol_test.eapol_test_num_reauths = atoi(optarg);
  913. break;
  914. case 's':
  915. as_secret = optarg;
  916. break;
  917. case 'S':
  918. save_config++;
  919. break;
  920. case 't':
  921. timeout = atoi(optarg);
  922. break;
  923. case 'W':
  924. wait_for_monitor++;
  925. break;
  926. case 'N':
  927. p1 = os_zalloc(sizeof(p1));
  928. if (p1 == NULL)
  929. break;
  930. if (!p)
  931. eapol_test.extra_attrs = p1;
  932. else
  933. p->next = p1;
  934. p = p1;
  935. p->type = atoi(optarg);
  936. pos = os_strchr(optarg, ':');
  937. if (pos == NULL) {
  938. p->syntax = 'n';
  939. p->data = NULL;
  940. break;
  941. }
  942. pos++;
  943. if (pos[0] == '\0' || pos[1] != ':') {
  944. printf("Incorrect format of attribute "
  945. "specification\n");
  946. break;
  947. }
  948. p->syntax = pos[0];
  949. p->data = pos + 2;
  950. break;
  951. default:
  952. usage();
  953. return -1;
  954. }
  955. }
  956. if (argc > optind && os_strcmp(argv[optind], "scard") == 0) {
  957. return scard_test();
  958. }
  959. if (argc > optind && os_strcmp(argv[optind], "sim") == 0) {
  960. return scard_get_triplets(argc - optind - 1,
  961. &argv[optind + 1]);
  962. }
  963. if (conf == NULL) {
  964. usage();
  965. printf("Configuration file is required.\n");
  966. return -1;
  967. }
  968. if (eap_register_methods()) {
  969. wpa_printf(MSG_ERROR, "Failed to register EAP methods");
  970. return -1;
  971. }
  972. if (eloop_init()) {
  973. wpa_printf(MSG_ERROR, "Failed to initialize event loop");
  974. return -1;
  975. }
  976. os_memset(&wpa_s, 0, sizeof(wpa_s));
  977. eapol_test.wpa_s = &wpa_s;
  978. wpa_s.conf = wpa_config_read(conf);
  979. if (wpa_s.conf == NULL) {
  980. printf("Failed to parse configuration file '%s'.\n", conf);
  981. return -1;
  982. }
  983. if (wpa_s.conf->ssid == NULL) {
  984. printf("No networks defined.\n");
  985. return -1;
  986. }
  987. wpa_init_conf(&eapol_test, &wpa_s, as_addr, as_port, as_secret,
  988. cli_addr);
  989. wpa_s.ctrl_iface = wpa_supplicant_ctrl_iface_init(&wpa_s);
  990. if (wpa_s.ctrl_iface == NULL) {
  991. printf("Failed to initialize control interface '%s'.\n"
  992. "You may have another eapol_test process already "
  993. "running or the file was\n"
  994. "left by an unclean termination of eapol_test in "
  995. "which case you will need\n"
  996. "to manually remove this file before starting "
  997. "eapol_test again.\n",
  998. wpa_s.conf->ctrl_interface);
  999. return -1;
  1000. }
  1001. if (wpa_supplicant_scard_init(&wpa_s, wpa_s.conf->ssid))
  1002. return -1;
  1003. if (test_eapol(&eapol_test, &wpa_s, wpa_s.conf->ssid))
  1004. return -1;
  1005. if (wait_for_monitor)
  1006. wpa_supplicant_ctrl_iface_wait(wpa_s.ctrl_iface);
  1007. eloop_register_timeout(timeout, 0, eapol_test_timeout, &eapol_test,
  1008. NULL);
  1009. eloop_register_timeout(0, 0, send_eap_request_identity, &wpa_s, NULL);
  1010. eloop_register_signal_terminate(eapol_test_terminate, &wpa_s);
  1011. eloop_register_signal_reconfig(eapol_test_terminate, &wpa_s);
  1012. eloop_run();
  1013. eloop_cancel_timeout(eapol_test_timeout, &eapol_test, NULL);
  1014. eloop_cancel_timeout(eapol_sm_reauth, &eapol_test, NULL);
  1015. if (eapol_test_compare_pmk(&eapol_test) == 0 ||
  1016. eapol_test.no_mppe_keys)
  1017. ret = 0;
  1018. if (eapol_test.auth_timed_out)
  1019. ret = -2;
  1020. if (eapol_test.radius_access_reject_received)
  1021. ret = -3;
  1022. if (save_config)
  1023. wpa_config_write(conf, wpa_s.conf);
  1024. test_eapol_clean(&eapol_test, &wpa_s);
  1025. eap_peer_unregister_methods();
  1026. eloop_destroy();
  1027. printf("MPPE keys OK: %d mismatch: %d\n",
  1028. eapol_test.num_mppe_ok, eapol_test.num_mppe_mismatch);
  1029. if (eapol_test.num_mppe_mismatch)
  1030. ret = -4;
  1031. if (ret)
  1032. printf("FAILURE\n");
  1033. else
  1034. printf("SUCCESS\n");
  1035. os_program_deinit();
  1036. return ret;
  1037. }