def radius_mab_pack(src_mac, radius_packet_id, request_authenticator,
secret, nas_port):
""""""
attr_list = []
no_dots_mac = str(src_mac).replace(':', "")
attr_list.append(UserName.create(no_dots_mac))
attr_list.append(
CallingStationId.create(str(src_mac).replace(':', '-')))
if nas_port:
attr_list.append(NASPort.create(nas_port))
ciphertext = UserPassword.encrypt(secret, request_authenticator,
no_dots_mac)
attr_list.append(UserPassword.create(ciphertext))
attr_list.append(
MessageAuthenticator.create(
bytes.fromhex("00000000000000000000000000000000")))
attributes = RadiusAttributesList(attr_list)
access_request = RadiusAccessRequest(radius_packet_id,
request_authenticator, attributes)
return access_request.build(secret)
def test_radius_access_challenge_packs2(self):
expected_packed_message = bytes.fromhex(
"0b06042c"
"54dbc73332c00c0347fc4b462d1811a74fff016a03ec15c000000a76160303003e0200003a0303114aa9dae3f9d452ca12535b03aee03cd4dabe3ca7639929dd3b645d1f86ad6500c030000012ff01000100000b000403000102000f00010116030308d30b0008cf0008cc0003de308203da308202c2a003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520434fff6572746966696361746520417574686f72697479301e170d3138303630353033353134345a170d3138303830343033353134345a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100cf5456d7e6142383101cf79275f6396e2c9b3f7cb2878d35e5ecc6f47ee11ef20bc8a8b3217a89351c554fff856e5cd5eed2d10037c9bcce89fbdf927e4cc4f069863acbac4accee7e80f2105ad80d837fa50a931c5b41d03c993f5e338cfd8e69e23818360053501c34c08132ec3d6e14df89ff29c5cec5c7a87d48c4afdcf9d3f8290050be5b903ba6a2a5ce2eb79c922cae70869618c75923059f9a8d62144e8ecdaf0a9f02886afa0e73e3d68037ea9fdca2bdd0f0785e05f5ac88031010c105575dbb09eb4f307547622120ee384ab454376de8e14e0afea02f1211801b6c932324ef6dba7abf3f48f8e3e84716c40b59041ec936cb273d684b22aa1c9d24e10203010001a34f304d30130603551d25040c300a06082b0601050507030130360603551d1f042f4ff7302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b0500038201010054fdcdabdc3a153dc167d6b210d1b324ecfac0e3b8d385704463a7f8ebf46e2e6952f249f4436ec66760868860e5ed50b519ec14628179472c312f507bc9349971d21f8f2b7d6b329b02fab448bd90fd4ce4dfbc78f23a8c4eed74d5589f4c3bd11b552535b8ab8a1a6ab9d1dfda21f247a93354702c12fdde1113cb8dd0e46e2a3a94547c9871df2a88943751d8276dc43f7f6aed921f43f6a33f9beba804c3d2b5781d754abe36ba58461798be8585b8b2"
"501226e219fc875fd78976eb2b9b475b1488"
"1812c1591073c33305b4fa8bd26dd27eafd9")
attr_list = list()
attr_list.append(
EAPMessage.create(
"016a03ec15c000000a76160303003e0200003a0303114aa9dae3f9d452ca12535b03aee03cd4dabe3ca7639929dd3b645d1f86ad6500c030000012ff01000100000b000403000102000f00010116030308d30b0008cf0008cc0003de308203da308202c2a003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c652043"
"6572746966696361746520417574686f72697479301e170d3138303630353033353134345a170d3138303830343033353134345a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100cf5456d7e6142383101cf79275f6396e2c9b3f7cb2878d35e5ecc6f47ee11ef20bc8a8b3217a89351c55"
"856e5cd5eed2d10037c9bcce89fbdf927e4cc4f069863acbac4accee7e80f2105ad80d837fa50a931c5b41d03c993f5e338cfd8e69e23818360053501c34c08132ec3d6e14df89ff29c5cec5c7a87d48c4afdcf9d3f8290050be5b903ba6a2a5ce2eb79c922cae70869618c75923059f9a8d62144e8ecdaf0a9f02886afa0e73e3d68037ea9fdca2bdd0f0785e05f5ac88031010c105575dbb09eb4f307547622120ee384ab454376de8e14e0afea02f1211801b6c932324ef6dba7abf3f48f8e3e84716c40b59041ec936cb273d684b22aa1c9d24e10203010001a34f304d30130603551d25040c300a06082b0601050507030130360603551d1f042f"
"302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b0500038201010054fdcdabdc3a153dc167d6b210d1b324ecfac0e3b8d385704463a7f8ebf46e2e6952f249f4436ec66760868860e5ed50b519ec14628179472c312f507bc9349971d21f8f2b7d6b329b02fab448bd90fd4ce4dfbc78f23a8c4eed74d5589f4c3bd11b552535b8ab8a1a6ab9d1dfda21f247a93354702c12fdde1113cb8dd0e46e2a3a94547c9871df2a88943751d8276dc43f7f6aed921f43f6a33f9beba804c3d2b5781d754abe36ba58461798be8585b8b2"
))
attr_list.append(
MessageAuthenticator.create(
bytes.fromhex("26e219fc875fd78976eb2b9b475b1488")))
attr_list.append(
State.create(bytes.fromhex("c1591073c33305b4fa8bd26dd27eafd9")))
attributes = RadiusAttributesList(attr_list)
access_challenge = RadiusAccessChallenge(
6, bytes.fromhex("54dbc73332c00c0347fc4b462d1811a7"), attributes)
packed_message = access_challenge.pack()
self.assertEqual(len(expected_packed_message), len(packed_message))
self.assertEqual(expected_packed_message, packed_message)
def test_radius_access_request_packs(self):
expected_packed_message = bytes.fromhex(
"010e01dc688d6504db3c757243f995d5f0d32e50010b686f737431757365721e1434342d34342d34342d34342d34342d34343a3d06000000130606000000021f1330302d30302d30302d31312d31312d30314d17434f4e4e45435420304d627073203830322e3131622c12433634383030344139433930353537390c06000005784fff02250133150016030101280100012403032c36dbf8ee16b94b28efdb8c5603e07823f9b716557b5ef2624b026daea115760000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff01000051000b000403000102000a001c001a00170019001c001b0018001a004f3816000e000d000b000c0009000a000d0020001e060106020603050105020503040104020403030103020303020102020203000f0001011812cefe6083cfdb75dd64722c274ec353725012ab67ed568931f12d258f9ffda931159e"
)
attr_list = list()
attr_list.append(UserName.create("host1user"))
attr_list.append(CalledStationId.create("44-44-44-44-44-44:"))
attr_list.append(NASPortType.create(0x13))
attr_list.append(ServiceType.create(0x02))
attr_list.append(CallingStationId.create("00-00-00-11-11-01"))
attr_list.append(ConnectInfo.create("CONNECT 0Mbps 802.11b"))
attr_list.append(AcctSessionId.create("C648004A9C905579"))
attr_list.append(FramedMTU.create(0x0578))
attr_list.append(
EAPMessage.create(
"02250133150016030101280100012403032c36dbf8ee16b94b28efdb8c5603e07823f9b716557b5ef2624b026daea115760000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff01000051000b000403000102000a001c001a00170019001c001b0018001a0016000e000d000b000c0009000a000d0020001e060106020603050105020503040104020403030103020303020102020203000f000101"
))
attr_list.append(
State.create(bytes.fromhex("cefe6083cfdb75dd64722c274ec35372")))
attr_list.append(
MessageAuthenticator.create(
bytes.fromhex("00000000000000000000000000000000")))
attributes = RadiusAttributesList(attr_list)
access_request = RadiusAccessRequest(
14, bytes.fromhex("688d6504db3c757243f995d5f0d32e50"), attributes)
packed_message = access_request.build("SECRET")
self.assertEqual(len(expected_packed_message), len(packed_message))
self.assertEqual(expected_packed_message, packed_message)
def radius_pack(eap_message,
src_mac,
username,
radius_packet_id,
request_authenticator,
state,
secret,
nas_port=None,
extra_attributes=None):
"""
Packs up a RADIUS message to send to a RADIUS Server.
Args:
eap_message (Message): e.g. IdentityMessage
src_mac (MacAddress): supplicants mac address
username (str): supplicants username
radius_packet_id (int):
request_authenticator (bytes):
state (State): RADIUS State
secret (str): RADIUS secret used between Chewie and RADIUS Server
extra_attributes (list): list of extra RADIUS attributes to send along with the above.
Returns:
packed RADIUS packet (bytes)
"""
if not extra_attributes:
extra_attributes = []
attr_list = []
attr_list.append(UserName.create(username))
attr_list.append(CallingStationId.create(str(src_mac)))
if nas_port:
attr_list.append(NASPort.create(nas_port))
attr_list.extend(extra_attributes)
attr_list.append(EAPMessage.create(eap_message))
if state:
attr_list.append(state)
attr_list.append(
MessageAuthenticator.create(
bytes.fromhex("00000000000000000000000000000000")))
attributes = RadiusAttributesList(attr_list)
access_request = RadiusAccessRequest(radius_packet_id,
request_authenticator, attributes)
return access_request.build(secret)
def test_radius_access_accept_packs(self):
expected_packed_message = bytes.fromhex("02010046"
"02970aff2ef0700780f70848e90d2410"
"1a0f00003039010973747564656e74"
"4f0603020004"
"5012d7ec84e8864dd6cd00916c1d5a3cf41b"
"010b686f73743175736572")
attr_list = list()
attr_list.append(VendorSpecific.create(bytes.fromhex("00003039010973747564656e74")))
attr_list.append(EAPMessage.create("03020004"))
attr_list.append(MessageAuthenticator.create(
bytes.fromhex("d7ec84e8864dd6cd00916c1d5a3cf41b")))
attr_list.append(UserName.create("host1user"))
attributes = RadiusAttributesList(attr_list)
access_accept = RadiusAccessAccept(1, bytes.fromhex("02970aff2ef0700780f70848e90d2410"),
attributes)
packed_message = access_accept.pack()
self.assertEqual(len(expected_packed_message), len(packed_message))
self.assertEqual(expected_packed_message, packed_message)