def test_corrupted_packets(self):
# the original response authenticator does not match the computed one
# because there is a change in the packet contents
packed_message = bytes.fromhex(
"0b00005056d9280d3e4fed327eb31cf1823f8c244f1801020016041074d3db089b727d9cc5774599e4a32a295012982a0ba06d3557f0dbc8ba6e823822f1181219ddf6d119dff272fa26666666666666")
try:
Radius.parse(packed_message, secret="SECRET",
radius_lifecycle=namedtuple('RadiusLifecycle', 'packet_id_to_request_authenticator')({
0: bytes.fromhex("982a0ba06d3557f0dbc8ba6e823822f1")
}))
self.fail()
except MessageParseError as exception:
self.assertIsInstance(exception.__cause__, InvalidResponseAuthenticatorError)
# the original response authenticator does not match the computed one
# because the message authenticator was 'corrupted'
packed_message = bytes.fromhex(
"0b00005056d9280d3e4fed327eb31cf1823f8c244f1801020016041074d3db089b727d9cc5774599e4a32a29501266666666666666666666666666666666181219ddf6d119dff272fa2fe16c34990c7d")
try:
Radius.parse(packed_message,
secret="SECRET",
radius_lifecycle=namedtuple('RadiusLifecycle', 'packet_id_to_request_authenticator')({
0: bytes.fromhex("982a0ba06d3557f0dbc8ba6e823822f1")
}))
self.fail()
except MessageParseError as exception:
self.assertIsInstance(exception.__cause__, InvalidResponseAuthenticatorError)
def test_radius_access_accept_parses(self):
packed_message = bytes.fromhex(
"0201004602970aff2ef0700780f70848e90d24101a0f00003039010973747564656e744f06030200045012d7ec84e8864dd6cd00916c1d5a3cf41b010b686f73743175736572"
)
message = Radius.parse(
packed_message,
secret="SECRET",
radius_lifecycle=namedtuple(
'RadiusLifecycle', 'packet_id_to_request_authenticator')({
1:
bytes.fromhex("a0b4ace0b367114b1a16d76e2bfed5d8")
}))
self.assertEqual(message.packet_id, 1)
self.assertEqual(binascii.hexlify(message.authenticator),
b"02970aff2ef0700780f70848e90d2410")
msg_attr = message.attributes
self.assertEqual(len(msg_attr.attributes), 4)
eap_msg = msg_attr.find(EAPMessage.DESCRIPTION).data_type.data()
self.assertEqual(eap_msg.message_id, 2)
self.assertIsInstance(eap_msg, SuccessMessage)
self.assertEqual(
binascii.hexlify(
msg_attr.find(
MessageAuthenticator.DESCRIPTION).data_type.data()),
b"d7ec84e8864dd6cd00916c1d5a3cf41b")
self.assertEqual(
msg_attr.find(UserName.DESCRIPTION).data_type.data(), 'host1user')
def test_radius_access_challenge_parses(self):
packed_message = bytes.fromhex(
"0b00005056d9280d3e4fed327eb31cf1823f8c244f1801020016041074d3db089b727d9cc5774599e4a32a295012ecc840b316217c851bd6708afb554b24181219ddf6d119dff272fa2fe16c34990c7d"
)
message = Radius.parse(
packed_message,
secret="SECRET",
radius_lifecycle=namedtuple(
'RadiusLifecycle', 'packet_id_to_request_authenticator')({
0:
bytes.fromhex("982a0ba06d3557f0dbc8ba6e823822f1")
}))
self.assertEqual(message.packet_id, 0)
self.assertEqual(binascii.hexlify(message.authenticator),
b"56d9280d3e4fed327eb31cf1823f8c24")
msg_attr = message.attributes
self.assertEqual(len(msg_attr.attributes), 3)
eap_msg = msg_attr.find(EAPMessage.DESCRIPTION).data_type.data()
self.assertEqual(eap_msg.code, 1)
self.assertEqual(eap_msg.message_id, 2)
self.assertEqual(binascii.hexlify(eap_msg.challenge),
b"74d3db089b727d9cc5774599e4a32a29")
self.assertEqual(
binascii.hexlify(
msg_attr.find(
MessageAuthenticator.DESCRIPTION).data_type.data()),
b"ecc840b316217c851bd6708afb554b24")
self.assertEqual(
binascii.hexlify(
msg_attr.find(State.DESCRIPTION).data_type.data()),
b"19ddf6d119dff272fa2fe16c34990c7d")
def test_radius_access_request_parses(self):
packed_message = bytes.fromhex("010000a3982a0ba06d3557f0dbc8ba6e823822f1010b686f737431757365721e1434342d34342d34342d34342d34342d34343a3d06000000130606000000021f1330302d30302d30302d31312d31312d30314d17434f4e4e45435420304d627073203830322e3131622c12433634383030344139433930353537390c06000005784f100201000e01686f73743175736572501273f82750f6f261a95a7cc7d318b9f573")
# this needs to change - missing key raises a key error, it doesn't return None
message = Radius.parse(packed_message, secret="SECRET",
radius_lifecycle=namedtuple('RadiusLifecycle', 'packet_id_to_request_authenticator')({0: None}))
self.assertEqual(message.packet_id, 0)
self.assertEqual(binascii.hexlify(message.authenticator), b"982a0ba06d3557f0dbc8ba6e823822f1")
msg_attr = message.attributes
self.assertEqual(len(msg_attr.attributes), 10)
self.assertEqual(msg_attr.find(UserName.DESCRIPTION).data(), 'host1user')
self.assertEqual(msg_attr.find(CalledStationId.DESCRIPTION).data(),
"44-44-44-44-44-44:")
self.assertEqual(msg_attr.find(NASPortType.DESCRIPTION).data(), 19)
self.assertEqual(msg_attr.find(ServiceType.DESCRIPTION).data(), 2)
self.assertEqual(msg_attr.find(ConnectInfo.DESCRIPTION).data(),
"CONNECT 0Mbps 802.11b")
self.assertEqual(msg_attr.find(AcctSessionId.DESCRIPTION).data(),
"C648004A9C905579")
self.assertEqual(msg_attr.find(FramedMTU.DESCRIPTION).data(), 1400)
eap_msg = msg_attr.find(EAPMessage.DESCRIPTION).data()
self.assertEqual(eap_msg.message_id, 1)
self.assertEqual(eap_msg.code, 2)
self.assertEqual(eap_msg.identity, "host1user")
self.assertEqual(binascii.hexlify(
msg_attr.find(MessageAuthenticator.DESCRIPTION).data()),
b"73f82750f6f261a95a7cc7d318b9f573")
def radius_parse(packed_message, secret, radius_lifecycle):
"""Parses a RADIUS packet
Returns:
RadiusPacket
Raises:
MessageParseError: the packed_message cannot be parsed"""
parsed_radius = Radius.parse(packed_message,
secret,
radius_lifecycle=radius_lifecycle)
return parsed_radius
def test_radius_access_challenge_ttls_parses(self):
packed_message = bytes.fromhex(
"0b06042c54dbc73332c00c0347fc4b462d1811a74fff016a03ec15c000000a76160303003e0200003a0303114aa9dae3f9d452ca12535b03aee03cd4dabe3ca7639929dd3b645d1f86ad6500c030000012ff01000100000b000403000102000f00010116030308d30b0008cf0008cc0003de308203da308202c2a003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520434fff6572746966696361746520417574686f72697479301e170d3138303630353033353134345a170d3138303830343033353134345a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100cf5456d7e6142383101cf79275f6396e2c9b3f7cb2878d35e5ecc6f47ee11ef20bc8a8b3217a89351c554fff856e5cd5eed2d10037c9bcce89fbdf927e4cc4f069863acbac4accee7e80f2105ad80d837fa50a931c5b41d03c993f5e338cfd8e69e23818360053501c34c08132ec3d6e14df89ff29c5cec5c7a87d48c4afdcf9d3f8290050be5b903ba6a2a5ce2eb79c922cae70869618c75923059f9a8d62144e8ecdaf0a9f02886afa0e73e3d68037ea9fdca2bdd0f0785e05f5ac88031010c105575dbb09eb4f307547622120ee384ab454376de8e14e0afea02f1211801b6c932324ef6dba7abf3f48f8e3e84716c40b59041ec936cb273d684b22aa1c9d24e10203010001a34f304d30130603551d25040c300a06082b0601050507030130360603551d1f042f4ff7302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b0500038201010054fdcdabdc3a153dc167d6b210d1b324ecfac0e3b8d385704463a7f8ebf46e2e6952f249f4436ec66760868860e5ed50b519ec14628179472c312f507bc9349971d21f8f2b7d6b329b02fab448bd90fd4ce4dfbc78f23a8c4eed74d5589f4c3bd11b552535b8ab8a1a6ab9d1dfda21f247a93354702c12fdde1113cb8dd0e46e2a3a94547c9871df2a88943751d8276dc43f7f6aed921f43f6a33f9beba804c3d2b5781d754abe36ba58461798be8585b8b2501226e219fc875fd78976eb2b9b475b14881812c1591073c33305b4fa8bd26dd27eafd9"
)
message = Radius.parse(
packed_message,
secret="SECRET",
radius_lifecycle=namedtuple(
'RadiusLifecycle', 'packet_id_to_request_authenticator')({
6:
bytes.fromhex("0d64ffb8bc76d457d337e5f5692534aa")
}))
self.assertEqual(message.packet_id, 6)
self.assertEqual(binascii.hexlify(message.authenticator),
b"54dbc73332c00c0347fc4b462d1811a7")
msg_attr = message.attributes
self.assertEqual(len(msg_attr.attributes), 3)
eap_msg = msg_attr.find(EAPMessage.DESCRIPTION).data_type.data()
self.assertEqual(eap_msg.code, 1)
self.assertEqual(eap_msg.message_id, 106)
self.assertEqual(eap_msg.flags, 0xc0)
self.assertEqual(
binascii.hexlify(eap_msg.extra_data),
b"00000a76160303003e0200003a0303114aa9dae3f9d452ca12535b03aee03cd4dabe3ca7639929dd3b645d1f86ad6500c030000012ff01000100000b000403000102000f00010116030308d30b0008cf0008cc0003de308203da308202c2a003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c652043"
b"6572746966696361746520417574686f72697479301e170d3138303630353033353134345a170d3138303830343033353134345a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100cf5456d7e6142383101cf79275f6396e2c9b3f7cb2878d35e5ecc6f47ee11ef20bc8a8b3217a89351c55"
b"856e5cd5eed2d10037c9bcce89fbdf927e4cc4f069863acbac4accee7e80f2105ad80d837fa50a931c5b41d03c993f5e338cfd8e69e23818360053501c34c08132ec3d6e14df89ff29c5cec5c7a87d48c4afdcf9d3f8290050be5b903ba6a2a5ce2eb79c922cae70869618c75923059f9a8d62144e8ecdaf0a9f02886afa0e73e3d68037ea9fdca2bdd0f0785e05f5ac88031010c105575dbb09eb4f307547622120ee384ab454376de8e14e0afea02f1211801b6c932324ef6dba7abf3f48f8e3e84716c40b59041ec936cb273d684b22aa1c9d24e10203010001a34f304d30130603551d25040c300a06082b0601050507030130360603551d1f042f"
b"302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b0500038201010054fdcdabdc3a153dc167d6b210d1b324ecfac0e3b8d385704463a7f8ebf46e2e6952f249f4436ec66760868860e5ed50b519ec14628179472c312f507bc9349971d21f8f2b7d6b329b02fab448bd90fd4ce4dfbc78f23a8c4eed74d5589f4c3bd11b552535b8ab8a1a6ab9d1dfda21f247a93354702c12fdde1113cb8dd0e46e2a3a94547c9871df2a88943751d8276dc43f7f6aed921f43f6a33f9beba804c3d2b5781d754abe36ba58461798be8585b8b2"
)
self.assertEqual(
binascii.hexlify(
msg_attr.find(
MessageAuthenticator.DESCRIPTION).data_type.data()),
b"26e219fc875fd78976eb2b9b475b1488")
self.assertEqual(
binascii.hexlify(
msg_attr.find(State.DESCRIPTION).data_type.data()),
b"c1591073c33305b4fa8bd26dd27eafd9")