def test_radius_with_extra_attributes_packs(self): # pylint: disable=invalid-name
packed_message = bytes.fromhex("010a0073"
"be5df1f3b3366c69b977e56a7da47cba"
"010675736572"
"1f1330323a34323a61633a31373a30303a3666"
"1e1434342d34342d34342d34342d34342d34343a"
"3d060000000f"
"4f08027100061500"
"1812f51d90b0f76c85835ed4ac882e522748501201531ea8051d136941fece17473f6b4a") # pylint: disable=line-too-long
src_mac = MacAddress.from_string("02:42:ac:17:00:6f")
username = "******"
radius_packet_id = 10
request_authenticator = bytes.fromhex(
"be5df1f3b3366c69b977e56a7da47cba")
state = State.create(bytes.fromhex("f51d90b0f76c85835ed4ac882e522748"))
secret = "SECRET"
extra_attributes = []
extra_attributes.append(CalledStationId.create('44-44-44-44-44-44:'))
extra_attributes.append(NASPortType.create(15))
eap_message = TtlsMessage(src_mac, 113, Eap.RESPONSE, 0, b'')
packed_radius = MessagePacker.radius_pack(
eap_message,
src_mac,
username,
radius_packet_id,
request_authenticator,
state,
secret,
extra_attributes=extra_attributes)
self.assertEqual(packed_message, packed_radius)
def process_outbound(self, radius_output_bits):
"""Placeholder method extracted from Chewie.send_radius_messages()"""
eap_message = radius_output_bits.message
src_mac = radius_output_bits.src_mac
username = radius_output_bits.identity
state = radius_output_bits.state
port_id = radius_output_bits.port_mac
self.logger.info(
"got eap to send to radius.. mac: %s %s, username: %s",
type(src_mac), src_mac, username)
state_dict = None
if state:
state_dict = state.__dict__
self.logger.info("Sending to RADIUS eap message %s with state %s",
eap_message.__dict__, state_dict)
radius_packet_id = self.get_next_radius_packet_id()
self.packet_id_to_mac[radius_packet_id] = {
'src_mac': src_mac,
'port_id': port_id
}
# message is eap. needs to be wrapped into a radius packet.
request_authenticator = self.generate_request_authenticator()
self.packet_id_to_request_authenticator[
radius_packet_id] = request_authenticator
return MessagePacker.radius_pack(eap_message, src_mac, username,
radius_packet_id,
request_authenticator, state,
self.radius_secret,
port_id_to_int(port_id),
self.extra_radius_request_attributes)
def test_eapol_logoff_message_packs(self):
expected_packed_message = build_byte_string(
"0180c2000003001906eab88c888e01020000")
message = EapolLogoffMessage(
src_mac=MacAddress.from_string("00:19:06:ea:b8:8c"))
packed_message = MessagePacker.pack(
message, MacAddress.from_string("01:80:c2:00:00:03"))
self.assertEqual(expected_packed_message, packed_message)
def test_eapol_start_message_packs(self):
expected_packed_message = bytes.fromhex(
"0180c2000003001906eab88c888e01010000")
message = EapolStartMessage(
src_mac=MacAddress.from_string("00:19:06:ea:b8:8c"))
packed_message = MessagePacker.ethernet_pack(
message, MacAddress.from_string("00:19:06:ea:b8:8c"),
MacAddress.from_string("01:80:c2:00:00:03"))
self.assertEqual(expected_packed_message, packed_message)
def test_success_message_packs(self):
expected_packed_message = build_byte_string(
"0180c2000003001906eab88c888e0100000403ff0004")
message = SuccessMessage(
src_mac=MacAddress.from_string("00:19:06:ea:b8:8c"),
message_id=255)
packed_message = MessagePacker.pack(
message, MacAddress.from_string("01:80:c2:00:00:03"))
self.assertEqual(expected_packed_message, packed_message)
def test_failure_message_packs(self):
expected_packed_message = build_byte_string(
"000000000001001906eab88c888e0100000404ff0004")
message = FailureMessage(
src_mac=MacAddress.from_string("00:19:06:ea:b8:8c"),
message_id=255)
packed_message = MessagePacker.pack(
message, MacAddress.from_string("00:00:00:00:00:01"))
self.assertEqual(expected_packed_message, packed_message)
def test_tls_message_packs(self):
expected_packed_message = bytes.fromhex("000000111101444444444444888e"
"010000b2026900b20d0016030100a7010000a303038c8007fa4ffe8f11fbe62debce4a1385e70be51efe77b105d205d2dc9ae815a5000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000042000b000403000102000a000a0008001d0017001900180016000000170000000d0020001e060106020603050105020503040104020403030103020303020102020203") # pylint: disable=line-too-long
message = TlsMessage(src_mac=MacAddress.from_string("44:44:44:44:44:44"),
message_id=105, code=Eap.RESPONSE,
flags=0x00, extra_data=bytes.fromhex('16030100a7010000a303038c8007fa4ffe8f11fbe62debce4a1385e70be51efe77b105d205d2dc9ae815a5000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000042000b000403000102000a000a0008001d0017001900180016000000170000000d0020001e060106020603050105020503040104020403030103020303020102020203')) # pylint: disable=line-too-long
packed_message = MessagePacker.ethernet_pack(
message, MacAddress.from_string("44:44:44:44:44:44"),
MacAddress.from_string("00:00:00:11:11:01"))
self.assertEqual(expected_packed_message, packed_message)
def test_identity_request_message_packs(self):
expected_packed_message = build_byte_string(
"0180c2000003001906eab88c888e010000050101000501")
message = IdentityMessage(
src_mac=MacAddress.from_string("00:19:06:ea:b8:8c"),
message_id=1,
code=Eap.REQUEST,
identity="")
packed_message = MessagePacker.pack(
message, MacAddress.from_string("01:80:c2:00:00:03"))
self.assertEqual(expected_packed_message, packed_message)
def test_identity_request_message_packs(self): # pylint: disable=invalid-name
expected_packed_message = bytes.fromhex(
"0180c2000003001906eab88c888e010000050101000501")
message = IdentityMessage(
src_mac=MacAddress.from_string("00:19:06:ea:b8:8c"),
message_id=1,
code=Eap.REQUEST,
identity="")
packed_message = MessagePacker.ethernet_pack(
message, MacAddress.from_string("00:19:06:ea:b8:8c"),
MacAddress.from_string("01:80:c2:00:00:03"))
self.assertEqual(expected_packed_message, packed_message)
def test_identity_response_message_packs(self):
expected_packed_message = build_byte_string(
"0180c2000003001422e9545e888e0100001102000011014a6f686e2e4d63477569726b"
)
message = IdentityMessage(
src_mac=MacAddress.from_string("00:14:22:e9:54:5e"),
message_id=0,
code=Eap.RESPONSE,
identity="John.McGuirk")
packed_message = MessagePacker.pack(
message, MacAddress.from_string("01:80:c2:00:00:03"))
self.assertEqual(expected_packed_message, packed_message)
def test_legacy_nak_message_packs(self):
expected_packed_message = bytes.fromhex("0180c2000003000000111101888e"
"01000006026800060315")
message = LegacyNakMessage(
src_mac=MacAddress.from_string("00:00:00:11:11:01"),
message_id=104,
code=Eap.RESPONSE,
desired_auth_types=[(21).to_bytes(length=1, byteorder='big')])
packed_message = MessagePacker.ethernet_pack(
message, MacAddress.from_string("00:00:00:11:11:01"),
MacAddress.from_string("01:80:c2:00:00:03"))
self.assertEqual(expected_packed_message, packed_message)
def test_ttls_message_packs(self):
expected_packed_message = bytes.fromhex("000000111101444444444444888e"
"01000006016900061520")
message = TtlsMessage(
src_mac=MacAddress.from_string("44:44:44:44:44:44"),
message_id=105,
code=Eap.REQUEST,
flags=0x20,
extra_data=b'')
packed_message = MessagePacker.ethernet_pack(
message, MacAddress.from_string("44:44:44:44:44:44"),
MacAddress.from_string("00:00:00:11:11:01"))
self.assertEqual(expected_packed_message, packed_message)
def test_md5_challenge_response_message_packs(self): # pylint: disable=invalid-name
expected_packed_message = bytes.fromhex(
"0180c2000003001422e9545e888e010000220201002204103a535f0ee8c6b34fe714aa7dad9a0e154a6f686e2e4d63477569726b") # pylint: disable=line-too-long
message = Md5ChallengeMessage(
src_mac=MacAddress.from_string("00:14:22:e9:54:5e"),
message_id=1,
code=Eap.RESPONSE,
challenge=bytes.fromhex("3a535f0ee8c6b34fe714aa7dad9a0e15"),
extra_data=b"John.McGuirk")
packed_message = MessagePacker.ethernet_pack(
message, MacAddress.from_string("00:14:22:e9:54:5e"),
MacAddress.from_string("01:80:c2:00:00:03"))
self.assertEqual(expected_packed_message, packed_message)
def create(cls, data):
"""Factory method.
Args:
data: object of python type (int, str, bytes, ...)
Returns:
Attribute subclass.
"""
from chewie.message_parser import MessagePacker, EapMessage # pylint: disable=import-outside-toplevel
if isinstance(data, EapMessage):
return cls(
cls.DATA_TYPE(bytes_data=MessagePacker.eap_pack(data)[2])) # pylint: disable=not-callable
return super().create(data)
def test_md5_challenge_request_message_packs(self):
expected_packed_message = build_byte_string(
"0180c2000003001906eab88c888e01000016010100160410824788d693e2adac6ce15641418228cf"
)
message = Md5ChallengeMessage(
src_mac=MacAddress.from_string("00:19:06:ea:b8:8c"),
message_id=1,
code=Eap.REQUEST,
challenge=build_byte_string("824788d693e2adac6ce15641418228cf"),
extra_data=b"")
packed_message = MessagePacker.pack(
message, MacAddress.from_string("01:80:c2:00:00:03"))
self.assertEqual(expected_packed_message, packed_message)
def send_eap_messages(self):
"""Send EAP messages to Supplicant forever."""
while self.running():
sleep(0)
eap_queue_message = self.eap_output_messages.get()
self.logger.info("Sending message %s from %s to %s",
eap_queue_message.message,
str(eap_queue_message.port_mac),
str(eap_queue_message.src_mac))
self.eap_socket.send(
MessagePacker.ethernet_pack(eap_queue_message.message,
eap_queue_message.port_mac,
eap_queue_message.src_mac))
def process_outbound_mab_request(self, radius_output_bits):
"""Placeholder method extracted from Chewie._send_radius_messages()"""
src_mac = radius_output_bits.src_mac
port_id = radius_output_bits.port_mac
self.logger.info("Sending MAB to RADIUS: %s", src_mac)
radius_packet_id = self.get_next_radius_packet_id()
self.packet_id_to_mac[radius_packet_id] = {
'src_mac': src_mac,
'port_id': port_id
}
request_authenticator = self.generate_request_authenticator()
self.packet_id_to_request_authenticator[
radius_packet_id] = request_authenticator
return MessagePacker.radius_mab_pack(src_mac, radius_packet_id,
request_authenticator,
self.radius_secret,
port_id_to_int(port_id))
def test_radius_packs_basic(self):
"""without extra_attributes or nas-port"""
packed_message = bytes.fromhex("01bf005b0123456789abcdeffedcba9876543210010a62656e62757274741f1361613a62623a63633a64643a65653a66664f18021500160410824788d693e2adac6ce15641418228cf5012caadc1c7a3be07fe63fdf83a59ed18c2") # pylint: disable=line-too-long
src_mac = MacAddress.from_string("aa:bb:cc:dd:ee:ff")
username = "******"
radius_packet_id = 191
request_authenticator = bytes.fromhex(
"0123456789abcdeffedcba9876543210")
state = None
secret = "SUPERSECRET"
challenge = bytes.fromhex("824788d693e2adac6ce15641418228cf")
eap_message = Md5ChallengeMessage(src_mac, 21, Eap.RESPONSE, challenge,
b'')
packed_radius = MessagePacker.radius_pack(eap_message, src_mac,
username, radius_packet_id,
request_authenticator, state,
secret)
self.assertEqual(packed_message, packed_radius)
def test_radius_packs_with_nas_port(self):
packed_message = bytes.fromhex("01bf00610123456789abcdeffedcba9876543210010a62656e62757274741f1361613a62623a63633a64643a65653a66660506000002a14f18021500160410824788d693e2adac6ce15641418228cf50121139bd192c46fe6d2a937d9573311b70") # pylint: disable=line-too-long
src_mac = MacAddress.from_string("aa:bb:cc:dd:ee:ff")
username = "******"
radius_packet_id = 191
request_authenticator = bytes.fromhex(
"0123456789abcdeffedcba9876543210")
state = None
secret = "SUPERSECRET"
challenge = bytes.fromhex("824788d693e2adac6ce15641418228cf")
eap_message = Md5ChallengeMessage(src_mac, 21, Eap.RESPONSE, challenge,
b'')
packed_radius = MessagePacker.radius_pack(eap_message,
src_mac,
username,
radius_packet_id,
request_authenticator,
state,
secret,
nas_port=0x02a1)
self.assertEqual(packed_message, packed_radius)
def process_outbound(self, radius_output_bits):
"""Placeholder method extracted from Chewie._send_radius_messages()"""
radius_payload = radius_output_bits.message
src_mac = radius_output_bits.src_mac
username = radius_output_bits.identity
state = radius_output_bits.state
port_id = radius_output_bits.port_mac
self.logger.info("Sending Radius Packet. Mac %s %s, Username: %s ",
type(src_mac), src_mac, username)
if isinstance(radius_payload,
MacAddress) and radius_payload == src_mac == username:
print("Enterting outbound mab request")
return self.process_outbound_mab_request(radius_output_bits)
state_dict = None
if state:
state_dict = state.__dict__
self.logger.info("Sending to RADIUS payload %s with state %s",
radius_payload.__dict__, state_dict)
radius_packet_id = self.get_next_radius_packet_id()
self.packet_id_to_mac[radius_packet_id] = {
'src_mac': src_mac,
'port_id': port_id
}
request_authenticator = self.generate_request_authenticator()
self.packet_id_to_request_authenticator[
radius_packet_id] = request_authenticator
return MessagePacker.radius_pack(radius_payload, src_mac, username,
radius_packet_id,
request_authenticator, state,
self.radius_secret,
port_id_to_int(port_id),
self.extra_radius_request_attributes)