コード例 #1
0
ファイル: test_radius.py プロジェクト: jsjeong/hostap
def test_radius_macacl(dev, apdev):
    """RADIUS MAC ACL"""
    params = hostapd.radius_params()
    params["ssid"] = "radius"
    params["macaddr_acl"] = "2"
    hostapd.add_ap(apdev[0]["ifname"], params)
    dev[0].connect("radius", key_mgmt="NONE", scan_freq="2412")
コード例 #2
0
def test_ap_ft_mismatching_r0kh_id_pull_eap(dev, apdev):
    """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
    ssid = "test-ft"
    passphrase="12345678"

    radius = hostapd.radius_params()
    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params["pmk_r1_push"] = "0"
    params["nas_identifier"] = "nas0.w1.fi"
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hostapd.add_ap(apdev[0]['ifname'], params)
    dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
                   eap="GPSK", identity="gpsk user",
                   password="******",
                   scan_freq="2412")

    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params["pmk_r1_push"] = "0"
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hostapd.add_ap(apdev[1]['ifname'], params)

    dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
    dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
コード例 #3
0
ファイル: test_ap_ft.py プロジェクト: LiZhaoxing/hostapd
def test_ap_ft_eap(dev, apdev):
    """WPA2-EAP-FT AP"""
    ssid = "test-ft"
    passphrase="12345678"

    radius = hostapd.radius_params()
    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    key_mgmt = hapd.get_config()['key_mgmt']
    if key_mgmt.split(' ')[0] != "FT-EAP":
        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, ssid, passphrase, eap=True)
    if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
        raise Exception("Scan results missing RSN element info")
    check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
                        ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
コード例 #4
0
def test_ap_ft_internal_rrb_check(dev, apdev):
    """RRB internal delivery only to WPA enabled BSS"""
    ssid = "test-ft"
    passphrase="12345678"

    radius = hostapd.radius_params()
    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hapd = hostapd.add_ap(apdev[0], params)
    key_mgmt = hapd.get_config()['key_mgmt']
    if key_mgmt.split(' ')[0] != "FT-EAP":
        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)

    hapd1 = hostapd.add_ap(apdev[1], { "ssid" : ssid })

    # Connect to WPA enabled AP
    dev[0].connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
                   eap="GPSK", identity="gpsk user",
                   password="******",
                   scan_freq="2412")

    # Try over_ds roaming to non-WPA-enabled AP.
    # If hostapd does not check hapd->wpa_auth internally, it will crash now.
    dev[0].roam_over_ds(apdev[1]['bssid'], fail_test=True)
コード例 #5
0
def test_ieee8021x_open(dev, apdev):
    """IEEE 802.1X connection using open network"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    hapd = hostapd.add_ap(apdev[0]["ifname"], params)

    id = dev[0].connect(
        "ieee8021x-open",
        key_mgmt="IEEE8021X",
        eapol_flags="0",
        eap="PSK",
        identity="*****@*****.**",
        password_hex="0123456789abcdef0123456789abcdef",
        scan_freq="2412",
    )
    hwsim_utils.test_connectivity(dev[0], hapd)

    logger.info("Test EAPOL-Logoff")
    dev[0].request("LOGOFF")
    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
    if ev is None:
        raise Exception("Did not get disconnected")
    if "reason=23" not in ev:
        raise Exception("Unexpected disconnection reason")

    dev[0].request("LOGON")
    dev[0].connect_network(id)
    hwsim_utils.test_connectivity(dev[0], hapd)
コード例 #6
0
ファイル: test_ieee8021x.py プロジェクト: gxk/hostap
def test_ieee8021x_eapol_start(dev, apdev):
    """IEEE 802.1X and EAPOL-Start retransmissions"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    hapd = hostapd.add_ap(apdev[0], params)
    bssid = apdev[0]['bssid']
    addr0 = dev[0].own_addr()

    hapd.set("ext_eapol_frame_io", "1")
    try:
        dev[0].request("SET EAPOL::startPeriod 1")
        dev[0].request("SET EAPOL::maxStart 1")
        dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
                       eap="PSK", identity="*****@*****.**",
                       password_hex="0123456789abcdef0123456789abcdef",
                       scan_freq="2412", wait_connect=False)
        held = False
        for i in range(30):
            pae = dev[0].get_status_field('Supplicant PAE state')
            if pae == "HELD":
                mib = hapd.get_sta(addr0, info="eapol")
                if mib['auth_pae_state'] != 'AUTHENTICATING':
                    raise Exception("Unexpected Auth PAE state: " + mib['auth_pae_state'])
                held = True
                break
            time.sleep(0.25)
        if not held:
            raise Exception("PAE state HELD not reached")
        dev[0].wait_disconnected()
    finally:
        dev[0].request("SET EAPOL::startPeriod 30")
        dev[0].request("SET EAPOL::maxStart 3")
コード例 #7
0
def test_ieee8021x_proto(dev, apdev):
    """IEEE 802.1X and EAPOL supplicant protocol testing"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    hapd = hostapd.add_ap(apdev[0]["ifname"], params)
    bssid = apdev[0]["bssid"]

    dev[1].request("SET ext_eapol_frame_io 1")
    dev[1].connect(
        "ieee8021x-open",
        key_mgmt="IEEE8021X",
        eapol_flags="0",
        eap="PSK",
        identity="*****@*****.**",
        password_hex="0123456789abcdef0123456789abcdef",
        scan_freq="2412",
        wait_connect=False,
    )
    id = dev[0].connect(
        "ieee8021x-open",
        key_mgmt="IEEE8021X",
        eapol_flags="0",
        eap="PSK",
        identity="*****@*****.**",
        password_hex="0123456789abcdef0123456789abcdef",
        scan_freq="2412",
    )
    ev = dev[1].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)

    start = dev[0].get_mib()

    tests = [
        "11",
        "11223344",
        "020000050a93000501",
        "020300050a93000501",
        "0203002c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
        "0203002c0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
        "0203002c0100050000000000000000000000000000000000000000000000000000000000000000000000000000000000",
        "02aa00050a93000501",
    ]
    for frame in tests:
        res = dev[0].request("EAPOL_RX " + bssid + " " + frame)
        if "OK" not in res:
            raise Exception("EAPOL_RX to wpa_supplicant failed")
        dev[1].request("EAPOL_RX " + bssid + " " + frame)

    stop = dev[0].get_mib()

    logger.info("MIB before test frames: " + str(start))
    logger.info("MIB after test frames: " + str(stop))

    vals = ["dot1xSuppInvalidEapolFramesRx", "dot1xSuppEapLengthErrorFramesRx"]
    for val in vals:
        if int(stop[val]) <= int(start[val]):
            raise Exception(val + " did not increase")
コード例 #8
0
ファイル: test_ieee8021x.py プロジェクト: gxk/hostap
def test_ieee8021x_reauth_wep(dev, apdev, params):
    """IEEE 802.1X and EAPOL_REAUTH request with WEP"""
    logdir = params['logdir']

    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    params["wep_key_len_broadcast"] = "13"
    params["wep_key_len_unicast"] = "13"
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X",
                   eap="PSK", identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   scan_freq="2412")
    hwsim_utils.test_connectivity(dev[0], hapd)

    hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
    if ev is None:
        raise Exception("EAP authentication did not start")
    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
    if ev is None:
        raise Exception("EAP authentication did not succeed")
    time.sleep(0.1)
    hwsim_utils.test_connectivity(dev[0], hapd)

    out = run_tshark(os.path.join(logdir, "hwsim0.pcapng"),
                     "llc.type == 0x888e", ["eapol.type", "eap.code"])
    if out is None:
        raise Exception("Could not find EAPOL frames in capture")
    num_eapol_key = 0
    num_eap_req = 0
    num_eap_resp = 0
    for line in out.splitlines():
        vals = line.split()
        if vals[0] == '3':
            num_eapol_key += 1
        if vals[0] == '0' and len(vals) == 2:
            if vals[1] == '1':
                num_eap_req += 1
            elif vals[1] == '2':
                num_eap_resp += 1
    logger.info("num_eapol_key: %d" % num_eapol_key)
    logger.info("num_eap_req: %d" % num_eap_req)
    logger.info("num_eap_resp: %d" % num_eap_resp)
    if num_eapol_key < 4:
        raise Exception("Did not see four unencrypted EAPOL-Key frames")
    if num_eap_req < 6:
        raise Exception("Did not see six unencrypted EAP-Request frames")
    if num_eap_resp < 6:
        raise Exception("Did not see six unencrypted EAP-Response frames")
コード例 #9
0
ファイル: test_ieee8021x.py プロジェクト: aelarabawy/hostap
def test_ieee8021x_wep40(dev, apdev):
    """IEEE 802.1X connection using dynamic WEP40"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-wep"
    params["ieee8021x"] = "1"
    params["wep_key_len_broadcast"] = "5"
    params["wep_key_len_unicast"] = "5"
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)

    dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
                   identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef")
    hwsim_utils.test_connectivity(dev[0], hapd)
コード例 #10
0
ファイル: test_ieee8021x.py プロジェクト: gxk/hostap
def run_static_wep(dev, apdev, key):
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-wep"
    params["ieee8021x"] = "1"
    params["wep_key0"] = key
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
                   identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   wep_key0=key, eapol_flags="0",
                   scan_freq="2412")
    hwsim_utils.test_connectivity(dev[0], hapd)
コード例 #11
0
ファイル: test_ieee8021x.py プロジェクト: gxk/hostap
def test_ieee8021x_set_conf(dev, apdev):
    """IEEE 802.1X and EAPOL_SET command"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
                   eap="PSK", identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   scan_freq="2412")

    addr0 = dev[0].own_addr()
    tests = [ "EAPOL_SET 1",
              "EAPOL_SET %sfoo bar" % addr0,
              "EAPOL_SET %s foo" % addr0,
              "EAPOL_SET %s foo bar" % addr0,
              "EAPOL_SET %s AdminControlledDirections bar" % addr0,
              "EAPOL_SET %s AdminControlledPortControl bar" % addr0,
              "EAPOL_SET %s reAuthEnabled bar" % addr0,
              "EAPOL_SET %s KeyTransmissionEnabled bar" % addr0,
              "EAPOL_SET 11:22:33:44:55:66 AdminControlledDirections Both" ]
    for t in tests:
        if "FAIL" not in hapd.request(t):
            raise Exception("Invalid EAPOL_SET command accepted: " + t)

    tests = [ ("AdminControlledDirections", "adminControlledDirections", "In"),
              ("AdminControlledDirections", "adminControlledDirections",
               "Both"),
              ("quietPeriod", "quietPeriod", "13"),
              ("serverTimeout", "serverTimeout", "7"),
              ("reAuthPeriod", "reAuthPeriod", "1234"),
              ("reAuthEnabled", "reAuthEnabled", "FALSE"),
              ("reAuthEnabled", "reAuthEnabled", "TRUE"),
              ("KeyTransmissionEnabled", "keyTxEnabled", "TRUE"),
              ("KeyTransmissionEnabled", "keyTxEnabled", "FALSE"),
              ("AdminControlledPortControl", "portControl", "ForceAuthorized"),
              ("AdminControlledPortControl", "portControl",
               "ForceUnauthorized"),
              ("AdminControlledPortControl", "portControl", "Auto") ]
    for param,mibparam,val in tests:
        if "OK" not in hapd.request("EAPOL_SET %s %s %s" % (addr0, param, val)):
            raise Exception("Failed to set %s %s" % (param, val))
        mib = hapd.get_sta(addr0, info="eapol")
        if mib[mibparam] != val:
            raise Exception("Unexpected %s value: %s (expected %s)" % (param, mib[mibparam], val))
    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
    if ev is None:
        raise Exception("EAP authentication did not succeed")
    time.sleep(0.1)
    hwsim_utils.test_connectivity(dev[0], hapd)
コード例 #12
0
ファイル: test_ieee8021x.py プロジェクト: gxk/hostap
def test_ieee8021x_auth_awhile(dev, apdev):
    """IEEE 802.1X and EAPOL Authenticator aWhile handling"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    params['auth_server_port'] = "18129"
    hapd = hostapd.add_ap(apdev[0], params)
    bssid = apdev[0]['bssid']
    addr0 = dev[0].own_addr()

    params = {}
    params['ssid'] = 'as'
    params['beacon_int'] = '2000'
    params['radius_server_clients'] = 'auth_serv/radius_clients.conf'
    params['radius_server_auth_port'] = '18129'
    params['eap_server'] = '1'
    params['eap_user_file'] = 'auth_serv/eap_user.conf'
    params['ca_cert'] = 'auth_serv/ca.pem'
    params['server_cert'] = 'auth_serv/server.pem'
    params['private_key'] = 'auth_serv/server.key'
    hapd1 = hostapd.add_ap(apdev[1], params)

    dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
                   eap="PSK", identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   scan_freq="2412")
    hapd1.disable()
    if "OK" not in hapd.request("EAPOL_SET %s serverTimeout 1" % addr0):
        raise Exception("Failed to set serverTimeout")
    hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)

    for i in range(40):
        mib = hapd.get_sta(addr0, info="eapol")
        val = int(mib['aWhile'])
        if val > 0:
            break
        time.sleep(1)
    if val == 0:
        raise Exception("aWhile did not increase")

    hapd.dump_monitor()
    for i in range(40):
        mib = hapd.get_sta(addr0, info="eapol")
        val = int(mib['aWhile'])
        if val < 5:
            break
        time.sleep(1)
    ev = hapd.wait_event(["CTRL-EVENT-EAP-PROPOSED"], timeout=10)
    if ev is None:
        raise Exception("Authentication restart not seen")
コード例 #13
0
def test_ieee8021x_static_wep40(dev, apdev):
    """IEEE 802.1X connection using static WEP40"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-wep"
    params["ieee8021x"] = "1"
    params["wep_key0"] = '"hello"'
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)

    dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK",
                   identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   wep_key0='"hello"', eapol_flags="0",
                   scan_freq="2412")
    hwsim_utils.test_connectivity(dev[0], hapd)
コード例 #14
0
def test_radius_macacl_acct(dev, apdev):
    """RADIUS MAC ACL and accounting enabled"""
    params = hostapd.radius_params()
    params["ssid"] = "radius"
    params["macaddr_acl"] = "2"
    params['acct_server_addr'] = "127.0.0.1"
    params['acct_server_port'] = "1813"
    params['acct_server_shared_secret'] = "radius"
    hostapd.add_ap(apdev[0]['ifname'], params)
    dev[0].connect("radius", key_mgmt="NONE", scan_freq="2412")
    dev[1].connect("radius", key_mgmt="NONE", scan_freq="2412")
    dev[1].request("DISCONNECT")
    dev[1].wait_disconnected()
    dev[1].request("RECONNECT")
コード例 #15
0
ファイル: test_ieee8021x.py プロジェクト: gxk/hostap
def test_ieee8021x_wep_index_workaround(dev, apdev):
    """IEEE 802.1X and EAPOL-Key index workaround"""
    skip_with_fips(dev[0])
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-wep"
    params["ieee8021x"] = "1"
    params["wep_key_len_broadcast"] = "5"
    params["eapol_key_index_workaround"] = "1"
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eapol_flags="1",
                   eap="PSK",
                   identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   scan_freq="2412")
コード例 #16
0
ファイル: test_ieee8021x.py プロジェクト: gxk/hostap
def test_ieee8021x_and_wpa_enabled(dev, apdev):
    """IEEE 802.1X connection using dynamic WEP104 when WPA enabled"""
    skip_with_fips(dev[0])
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-wep"
    params["ieee8021x"] = "1"
    params["wep_key_len_broadcast"] = "13"
    params["wep_key_len_unicast"] = "13"
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X WPA-EAP", eap="PSK",
                   identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   scan_freq="2412")
    hwsim_utils.test_connectivity(dev[0], hapd)
コード例 #17
0
def test_ieee8021x_and_wpa_enabled(dev, apdev):
    """IEEE 802.1X connection using dynamic WEP104 when WPA enabled"""
    skip_with_fips(dev[0])
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-wep"
    params["ieee8021x"] = "1"
    params["wep_key_len_broadcast"] = "13"
    params["wep_key_len_unicast"] = "13"
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].connect("ieee8021x-wep",
                   key_mgmt="IEEE8021X WPA-EAP",
                   eap="PSK",
                   identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   scan_freq="2412")
    hwsim_utils.test_connectivity(dev[0], hapd)
コード例 #18
0
def test_ieee8021x_held(dev, apdev):
    """IEEE 802.1X and HELD state"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    hapd = hostapd.add_ap(apdev[0], params)
    bssid = apdev[0]['bssid']

    hapd.set("ext_eapol_frame_io", "1")
    try:
        dev[0].request("SET EAPOL::startPeriod 1")
        dev[0].request("SET EAPOL::maxStart 0")
        dev[0].request("SET EAPOL::heldPeriod 1")
        dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
                       eap="PSK", identity="*****@*****.**",
                       password_hex="0123456789abcdef0123456789abcdef",
                       scan_freq="2412", wait_connect=False)
        held = False
        for i in range(30):
            pae = dev[0].get_status_field('Supplicant PAE state')
            if pae == "HELD":
                held = True
                break
            time.sleep(0.25)
        if not held:
            raise Exception("PAE state HELD not reached")

        hapd.set("ext_eapol_frame_io", "0")
        for i in range(30):
            pae = dev[0].get_status_field('Supplicant PAE state')
            if pae != "HELD":
                held = False
                break
            time.sleep(0.25)
        if held:
            raise Exception("PAE state HELD not left")
        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
                                "CTRL-EVENT-DISCONNECTED"], timeout=10)
        if ev is None:
            raise Exception("Connection timed out")
        if "CTRL-EVENT-DISCONNECTED" in ev:
            raise Exception("Unexpected disconnection")
    finally:
        dev[0].request("SET EAPOL::startPeriod 30")
        dev[0].request("SET EAPOL::maxStart 3")
        dev[0].request("SET EAPOL::heldPeriod 60")
コード例 #19
0
def test_ieee8021x_open_leap(dev, apdev):
    """IEEE 802.1X connection with LEAP included in configuration"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    hapd = hostapd.add_ap(apdev[0], params)

    dev[1].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
                   eap="LEAP", identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   scan_freq="2412", wait_connect=False)
    dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
                   eap="PSK LEAP", identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   scan_freq="2412")
    ev = dev[1].wait_event(["CTRL-EVENT-AUTH-REJECT"], timeout=5)
    dev[1].request("DISCONNECT")
コード例 #20
0
def test_ieee8021x_wep_index_workaround(dev, apdev):
    """IEEE 802.1X and EAPOL-Key index workaround"""
    skip_with_fips(dev[0])
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-wep"
    params["ieee8021x"] = "1"
    params["wep_key_len_broadcast"] = "5"
    params["eapol_key_index_workaround"] = "1"
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].connect("ieee8021x-wep",
                   key_mgmt="IEEE8021X",
                   eapol_flags="1",
                   eap="PSK",
                   identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   scan_freq="2412")
コード例 #21
0
ファイル: test_ieee8021x.py プロジェクト: blogic/hostapd-1
def run_static_wep(dev, apdev, key):
    check_wep_capa(dev[0])
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-wep"
    params["ieee8021x"] = "1"
    params["wep_key0"] = key
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].connect("ieee8021x-wep",
                   key_mgmt="IEEE8021X",
                   eap="PSK",
                   identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   wep_key0=key,
                   eapol_flags="0",
                   scan_freq="2412")
    hwsim_utils.test_connectivity(dev[0], hapd)
コード例 #22
0
ファイル: test_ieee8021x.py プロジェクト: blogic/hostapd-1
def test_ieee8021x_eapol_key(dev, apdev):
    """IEEE 802.1X connection and EAPOL-Key protocol tests"""
    check_wep_capa(dev[0])
    skip_with_fips(dev[0])
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-wep"
    params["ieee8021x"] = "1"
    params["wep_key_len_broadcast"] = "5"
    params["wep_key_len_unicast"] = "5"
    hapd = hostapd.add_ap(apdev[0], params)
    bssid = apdev[0]['bssid']

    dev[0].connect("ieee8021x-wep",
                   key_mgmt="IEEE8021X",
                   eap="VENDOR-TEST",
                   identity="vendor-test",
                   scan_freq="2412")

    # Hardcoded MSK from VENDOR-TEST
    encrkey = "1111111111111111111111111111111111111111111111111111111111111111"
    signkey = "2222222222222222222222222222222222222222222222222222222222222222"

    # EAPOL-Key replay counter does not increase
    send_eapol_key(
        dev[0], bssid, signkey, "02030031" + "010005" + "0000000000000000" +
        "056c22d109f29d4d9fb9b9ccbad33283" + "02", "1c636a30a4")

    # EAPOL-Key too large Key Length field value
    send_eapol_key(
        dev[0], bssid, signkey, "02030031" + "010021" + "ffffffffffffffff" +
        "056c22d109f29d4d9fb9b9ccbad33283" + "02", "1c636a30a4")

    # EAPOL-Key too much key data
    send_eapol_key(
        dev[0], bssid, signkey, "0203004d" + "010005" + "ffffffffffffffff" +
        "056c22d109f29d4d9fb9b9ccbad33283" + "02", 33 * "ff")

    # EAPOL-Key too little key data
    send_eapol_key(
        dev[0], bssid, signkey, "02030030" + "010005" + "ffffffffffffffff" +
        "056c22d109f29d4d9fb9b9ccbad33283" + "02", "1c636a30")

    # EAPOL-Key with no key data and too long WEP key length
    send_eapol_key(
        dev[0], bssid, signkey, "0203002c" + "010020" + "ffffffffffffffff" +
        "056c22d109f29d4d9fb9b9ccbad33283" + "02", "")
コード例 #23
0
ファイル: test_ieee8021x.py プロジェクト: gxk/hostap
def test_ieee8021x_held(dev, apdev):
    """IEEE 802.1X and HELD state"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    hapd = hostapd.add_ap(apdev[0], params)
    bssid = apdev[0]['bssid']

    hapd.set("ext_eapol_frame_io", "1")
    try:
        dev[0].request("SET EAPOL::startPeriod 1")
        dev[0].request("SET EAPOL::maxStart 0")
        dev[0].request("SET EAPOL::heldPeriod 1")
        dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
                       eap="PSK", identity="*****@*****.**",
                       password_hex="0123456789abcdef0123456789abcdef",
                       scan_freq="2412", wait_connect=False)
        held = False
        for i in range(30):
            pae = dev[0].get_status_field('Supplicant PAE state')
            if pae == "HELD":
                held = True
                break
            time.sleep(0.25)
        if not held:
            raise Exception("PAE state HELD not reached")

        hapd.set("ext_eapol_frame_io", "0")
        for i in range(30):
            pae = dev[0].get_status_field('Supplicant PAE state')
            if pae != "HELD":
                held = False
                break
            time.sleep(0.25)
        if held:
            raise Exception("PAE state HELD not left")
        ev = dev[0].wait_event([ "CTRL-EVENT-CONNECTED",
                                 "CTRL-EVENT-DISCONNECTED" ], timeout=10)
        if ev is None:
            raise Exception("Connection timed out")
        if "CTRL-EVENT-DISCONNECTED" in ev:
            raise Exception("Unexpected disconnection")
    finally:
        dev[0].request("SET EAPOL::startPeriod 30")
        dev[0].request("SET EAPOL::maxStart 3")
        dev[0].request("SET EAPOL::heldPeriod 60")
コード例 #24
0
ファイル: test_ieee8021x.py プロジェクト: gxk/hostap
def test_ieee8021x_open_leap(dev, apdev):
    """IEEE 802.1X connection with LEAP included in configuration"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    hapd = hostapd.add_ap(apdev[0], params)

    dev[1].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
                   eap="LEAP", identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   scan_freq="2412", wait_connect=False)
    dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
                   eap="PSK LEAP", identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   scan_freq="2412")
    ev = dev[1].wait_event(["CTRL-EVENT-AUTH-REJECT"], timeout=5)
    dev[1].request("DISCONNECT")
コード例 #25
0
ファイル: test_ieee8021x.py プロジェクト: rainlake/hostap
def test_ieee8021x_proto(dev, apdev):
    """IEEE 802.1X and EAPOL supplicant protocol testing"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    hapd = hostapd.add_ap(apdev[0], params)
    bssid = apdev[0]['bssid']

    dev[1].request("SET ext_eapol_frame_io 1")
    dev[1].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
                   eap="PSK", identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   scan_freq="2412", wait_connect=False)
    id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
                        eap="PSK", identity="*****@*****.**",
                        password_hex="0123456789abcdef0123456789abcdef",
                        scan_freq="2412")
    ev = dev[1].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)

    start = dev[0].get_mib()

    tests = [ "11",
              "11223344",
              "020000050a93000501",
              "020300050a93000501",
              "0203002c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
              "0203002c0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
              "0203002c0100050000000000000000000000000000000000000000000000000000000000000000000000000000000000",
              "02aa00050a93000501" ]
    for frame in tests:
        res = dev[0].request("EAPOL_RX " + bssid + " " + frame)
        if "OK" not in res:
            raise Exception("EAPOL_RX to wpa_supplicant failed")
        dev[1].request("EAPOL_RX " + bssid + " " + frame)

    stop = dev[0].get_mib()

    logger.info("MIB before test frames: " + str(start))
    logger.info("MIB after test frames: " + str(stop))

    vals = [ 'dot1xSuppInvalidEapolFramesRx',
             'dot1xSuppEapLengthErrorFramesRx' ]
    for val in vals:
        if int(stop[val]) <= int(start[val]):
            raise Exception(val + " did not increase")
コード例 #26
0
ファイル: test_ap_ft.py プロジェクト: hschaa/hostapd
def test_ap_ft_eap(dev, apdev):
    """WPA2-EAP-FT AP"""
    ssid = "test-ft"
    passphrase="12345678"

    radius = hostapd.radius_params()
    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hostapd.add_ap(apdev[0]['ifname'], params)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, ssid, passphrase, eap=True)
コード例 #27
0
def test_ieee8021x_force_unauth(dev, apdev):
    """IEEE 802.1X and FORCE_UNAUTH state"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    hapd = hostapd.add_ap(apdev[0], params)
    bssid = apdev[0]['bssid']

    dev[0].connect("ieee8021x-open",
                   key_mgmt="IEEE8021X",
                   eapol_flags="0",
                   eap="PSK",
                   identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   scan_freq="2412")
    dev[0].request("SET EAPOL::portControl ForceUnauthorized")
    pae = dev[0].get_status_field('Supplicant PAE state')
    dev[0].wait_disconnected()
    dev[0].request("SET EAPOL::portControl Auto")
コード例 #28
0
ファイル: test_ieee8021x.py プロジェクト: gxk/hostap
def test_ieee8021x_eapol_key(dev, apdev):
    """IEEE 802.1X connection and EAPOL-Key protocol tests"""
    skip_with_fips(dev[0])
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-wep"
    params["ieee8021x"] = "1"
    params["wep_key_len_broadcast"] = "5"
    params["wep_key_len_unicast"] = "5"
    hapd = hostapd.add_ap(apdev[0], params)
    bssid = apdev[0]['bssid']

    dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="VENDOR-TEST",
                   identity="vendor-test", scan_freq="2412")

    # Hardcoded MSK from VENDOR-TEST
    encrkey = "1111111111111111111111111111111111111111111111111111111111111111"
    signkey = "2222222222222222222222222222222222222222222222222222222222222222"

    # EAPOL-Key replay counter does not increase
    send_eapol_key(dev[0], bssid, signkey,
                   "02030031" + "010005" + "0000000000000000" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
                   "1c636a30a4")

    # EAPOL-Key too large Key Length field value
    send_eapol_key(dev[0], bssid, signkey,
                   "02030031" + "010021" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
                   "1c636a30a4")

    # EAPOL-Key too much key data
    send_eapol_key(dev[0], bssid, signkey,
                   "0203004d" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
                   33*"ff")

    # EAPOL-Key too little key data
    send_eapol_key(dev[0], bssid, signkey,
                   "02030030" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
                   "1c636a30")

    # EAPOL-Key with no key data and too long WEP key length
    send_eapol_key(dev[0], bssid, signkey,
                   "0203002c" + "010020" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02",
                   "")
コード例 #29
0
ファイル: test_ap_ft.py プロジェクト: AlejandroAbad/hostap
def test_ap_ft_eap(dev, apdev):
    """WPA2-EAP-FT AP"""
    ssid = "test-ft"
    passphrase="12345678"

    radius = hostapd.radius_params()
    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    key_mgmt = hapd.get_config()['key_mgmt']
    if key_mgmt.split(' ')[0] != "FT-EAP":
        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, ssid, passphrase, eap=True)
コード例 #30
0
ファイル: test_ieee8021x.py プロジェクト: rainlake/hostap
def test_ieee8021x_reauth(dev, apdev):
    """IEEE 802.1X and EAPOL_REAUTH request"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
                   eap="PSK", identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   scan_freq="2412")

    hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
    if ev is None:
        raise Exception("EAP authentication did not start")
    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
    if ev is None:
        raise Exception("EAP authentication did not succeed")
    time.sleep(0.1)
    hwsim_utils.test_connectivity(dev[0], hapd)
コード例 #31
0
def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev, apdev):
    """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
    ssid = "test-ft"
    passphrase="12345678"

    radius = hostapd.radius_params()
    params = ft_params1_r0kh_mismatch(ssid=ssid, passphrase=passphrase)
    params["pmk_r1_push"] = "0"
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hapd0 = hostapd.add_ap(apdev[0]['ifname'], params)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params["pmk_r1_push"] = "0"
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True,
              fail_test=True, eap=True)
コード例 #32
0
ファイル: test_ieee8021x.py プロジェクト: gxk/hostap
def test_ieee8021x_reauth(dev, apdev):
    """IEEE 802.1X and EAPOL_REAUTH request"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    hapd = hostapd.add_ap(apdev[0], params)

    dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
                   eap="PSK", identity="*****@*****.**",
                   password_hex="0123456789abcdef0123456789abcdef",
                   scan_freq="2412")

    hapd.request("EAPOL_REAUTH " + dev[0].own_addr())
    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
    if ev is None:
        raise Exception("EAP authentication did not start")
    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
    if ev is None:
        raise Exception("EAP authentication did not succeed")
    time.sleep(0.1)
    hwsim_utils.test_connectivity(dev[0], hapd)
コード例 #33
0
ファイル: test_ap_ft.py プロジェクト: SKKU-ESLAB/ant-hostap
def test_ap_ft_eap(dev, apdev):
    """WPA2-EAP-FT AP"""
    ssid = "test-ft"
    passphrase = "12345678"

    radius = hostapd.radius_params()
    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hapd = hostapd.add_ap(apdev[0], params)
    key_mgmt = hapd.get_config()['key_mgmt']
    if key_mgmt.split(' ')[0] != "FT-EAP":
        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hapd1 = hostapd.add_ap(apdev[1], params)

    run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
    if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
        raise Exception("Scan results missing RSN element info")
    check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
                       ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")])

    # Verify EAPOL reauthentication after FT protocol
    if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
        ap = hapd
    else:
        ap = hapd1
    ap.request("EAPOL_REAUTH " + dev[0].own_addr())
    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
    if ev is None:
        raise Exception("EAP authentication did not start")
    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
    if ev is None:
        raise Exception("EAP authentication did not succeed")
    time.sleep(0.1)
    hwsim_utils.test_connectivity(dev[0], ap)
コード例 #34
0
def test_ap_ft_eap(dev, apdev):
    """WPA2-EAP-FT AP"""
    ssid = "test-ft"
    passphrase="12345678"

    radius = hostapd.radius_params()
    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hapd = hostapd.add_ap(apdev[0], params)
    key_mgmt = hapd.get_config()['key_mgmt']
    if key_mgmt.split(' ')[0] != "FT-EAP":
        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hapd1 = hostapd.add_ap(apdev[1], params)

    run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
    if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
        raise Exception("Scan results missing RSN element info")
    check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
                        ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])

    # Verify EAPOL reauthentication after FT protocol
    if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
        ap = hapd
    else:
        ap = hapd1
    ap.request("EAPOL_REAUTH " + dev[0].own_addr())
    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
    if ev is None:
        raise Exception("EAP authentication did not start")
    ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
    if ev is None:
        raise Exception("EAP authentication did not succeed")
    time.sleep(0.1)
    hwsim_utils.test_connectivity(dev[0], ap)
コード例 #35
0
ファイル: test_ieee8021x.py プロジェクト: gitdump1/wpa_cli
def test_ieee8021x_eapol_start(dev, apdev):
    """IEEE 802.1X and EAPOL-Start retransmissions"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    hapd = hostapd.add_ap(apdev[0], params)
    bssid = apdev[0]['bssid']
    addr0 = dev[0].own_addr()

    hapd.set("ext_eapol_frame_io", "1")
    try:
        dev[0].request("SET EAPOL::startPeriod 1")
        dev[0].request("SET EAPOL::maxStart 1")
        dev[0].connect("ieee8021x-open",
                       key_mgmt="IEEE8021X",
                       eapol_flags="0",
                       eap="PSK",
                       identity="*****@*****.**",
                       password_hex="0123456789abcdef0123456789abcdef",
                       scan_freq="2412",
                       wait_connect=False)
        held = False
        for i in range(30):
            pae = dev[0].get_status_field('Supplicant PAE state')
            if pae == "HELD":
                mib = hapd.get_sta(addr0, info="eapol")
                if mib['auth_pae_state'] != 'AUTHENTICATING':
                    raise Exception("Unexpected Auth PAE state: " +
                                    mib['auth_pae_state'])
                held = True
                break
            time.sleep(0.25)
        if not held:
            raise Exception("PAE state HELD not reached")
        dev[0].wait_disconnected()
    finally:
        dev[0].request("SET EAPOL::startPeriod 30")
        dev[0].request("SET EAPOL::maxStart 3")
コード例 #36
0
def test_pasn_ft_eap_sha384(dev, apdev):
    """PASN authentication with FT-EAP-SHA-384"""
    check_pasn_capab(dev[0])

    ssid = "test-pasn-ft-psk"
    passphrase = "12345678"
    identity = "gpsk user"

    radius = hostapd.radius_params()
    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params["ieee80211w"] = "2"
    params['wpa_key_mgmt'] = "FT-EAP-SHA384 PASN"
    params["ieee8021x"] = "1"
    params = dict(list(radius.items()) + list(params.items()))
    hapd0 = hostapd.add_ap(apdev[0], params)

    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params["ieee80211w"] = "2"
    params['wpa_key_mgmt'] = "FT-EAP-SHA384 PASN"
    params["ieee8021x"] = "1"
    params = dict(list(radius.items()) + list(params.items()))
    hapd1 = hostapd.add_ap(apdev[1], params)

    run_roams(dev[0],
              apdev,
              hapd0,
              hapd1,
              ssid,
              passphrase,
              eap=True,
              sha384=True)

    if dev[0].get_status_field('bssid') == apdev[0]['bssid']:
        pasn_hapd = hapd1
    else:
        pasn_hapd = hapd0

    check_pasn_akmp_cipher(dev[0], pasn_hapd, "FT-EAP-SHA384", "CCMP")
コード例 #37
0
ファイル: test_ieee8021x.py プロジェクト: Palometralla/dd-wrt
def test_ieee8021x_open(dev, apdev):
    """IEEE 802.1X connection using open network"""
    params = hostapd.radius_params()
    params["ssid"] = "ieee8021x-open"
    params["ieee8021x"] = "1"
    hostapd.add_ap(apdev[0]['ifname'], params)

    id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0",
                        eap="PSK", identity="*****@*****.**",
                        password_hex="0123456789abcdef0123456789abcdef")
    hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])

    logger.info("Test EAPOL-Logoff")
    dev[0].request("LOGOFF")
    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"])
    if ev is None:
        raise Exception("Did not get disconnected")
    if "reason=23" not in ev:
        raise Exception("Unexpected disconnection reason")

    dev[0].request("LOGON")
    dev[0].connect_network(id)
    hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
コード例 #38
0
def test_ap_ft_eap(dev, apdev):
    """WPA2-EAP-FT AP"""
    ssid = "test-ft"
    passphrase = "12345678"

    radius = hostapd.radius_params()
    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    key_mgmt = hapd.get_config()['key_mgmt']
    if key_mgmt.split(' ')[0] != "FT-EAP":
        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params = dict(radius.items() + params.items())
    hostapd.add_ap(apdev[1]['ifname'], params)

    run_roams(dev[0], apdev, ssid, passphrase, eap=True)
    check_mib(dev[0], [("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
                       ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3")])
コード例 #39
0
ファイル: test_ap_ft.py プロジェクト: SKKU-ESLAB/ant-hostap
def test_ap_ft_eap_pull(dev, apdev):
    """WPA2-EAP-FT AP (pull PMK)"""
    ssid = "test-ft"
    passphrase = "12345678"

    radius = hostapd.radius_params()
    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params["pmk_r1_push"] = "0"
    params = dict(radius.items() + params.items())
    hapd = hostapd.add_ap(apdev[0], params)
    key_mgmt = hapd.get_config()['key_mgmt']
    if key_mgmt.split(' ')[0] != "FT-EAP":
        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params['wpa_key_mgmt'] = "FT-EAP"
    params["ieee8021x"] = "1"
    params["pmk_r1_push"] = "0"
    params = dict(radius.items() + params.items())
    hapd1 = hostapd.add_ap(apdev[1], params)

    run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
コード例 #40
0
ファイル: test_ap_ft.py プロジェクト: kobolabs/hostap
def test_ap_ft_eap_pull(dev, apdev):
    """WPA2-EAP-FT AP (pull PMK)"""
    ssid = "test-ft"
    passphrase = "12345678"

    radius = hostapd.radius_params()
    params = ft_params1(ssid=ssid, passphrase=passphrase)
    params["wpa_key_mgmt"] = "FT-EAP"
    params["ieee8021x"] = "1"
    params["pmk_r1_push"] = "0"
    params = dict(radius.items() + params.items())
    hapd = hostapd.add_ap(apdev[0]["ifname"], params)
    key_mgmt = hapd.get_config()["key_mgmt"]
    if key_mgmt.split(" ")[0] != "FT-EAP":
        raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
    params = ft_params2(ssid=ssid, passphrase=passphrase)
    params["wpa_key_mgmt"] = "FT-EAP"
    params["ieee8021x"] = "1"
    params["pmk_r1_push"] = "0"
    params = dict(radius.items() + params.items())
    hapd1 = hostapd.add_ap(apdev[1]["ifname"], params)

    run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
コード例 #41
0
def test_ap_vlan_wpa2_psk_radius_required(dev, apdev):
    """AP VLAN with WPA2-PSK and RADIUS attributes required"""
    try:
        import pyrad.server
        import pyrad.packet
        import pyrad.dictionary
    except ImportError:
        raise HwsimSkip("No pyrad modules available")

    class TestServer(pyrad.server.Server):
        def _HandleAuthPacket(self, pkt):
            pyrad.server.Server._HandleAuthPacket(self, pkt)
            logger.info("Received authentication request")
            reply = self.CreateReplyPacket(pkt)
            reply.code = pyrad.packet.AccessAccept
            secret = reply.secret
            if self.t_events['long'].is_set():
                reply.AddAttribute("Tunnel-Type", 13)
                reply.AddAttribute("Tunnel-Medium-Type", 6)
                reply.AddAttribute("Tunnel-Private-Group-ID", "1")
            self.SendReplyPacket(pkt.fd, reply)

        def RunWithStop(self, t_events):
            self._poll = select.poll()
            self._fdmap = {}
            self._PrepareSockets()
            self.t_events = t_events

            while not t_events['stop'].is_set():
                for (fd, event) in self._poll.poll(1000):
                    if event == select.POLLIN:
                        try:
                            fdo = self._fdmap[fd]
                            self._ProcessInput(fdo)
                        except ServerPacketError as err:
                            logger.info("pyrad server dropping packet: " +
                                        str(err))
                        except pyrad.packet.PacketError as err:
                            logger.info(
                                "pyrad server received invalid packet: " +
                                str(err))
                    else:
                        logger.error(
                            "Unexpected event in pyrad server main loop")

    srv = TestServer(dict=pyrad.dictionary.Dictionary("dictionary.radius"),
                     authport=18138,
                     acctport=18139)
    srv.hosts["127.0.0.1"] = pyrad.server.RemoteHost("127.0.0.1", "radius",
                                                     "localhost")
    srv.BindToAddress("")
    t_events = {}
    t_events['stop'] = threading.Event()
    t_events['long'] = threading.Event()
    t = threading.Thread(target=run_pyrad_server, args=(srv, t_events))
    t.start()

    try:
        ssid = "test-wpa2-psk"
        params = hostapd.radius_params()
        params['ssid'] = ssid
        params["wpa"] = "2"
        params["wpa_key_mgmt"] = "WPA-PSK"
        params["rsn_pairwise"] = "CCMP"
        params['macaddr_acl'] = '2'
        params['dynamic_vlan'] = "2"
        params['wpa_passphrase'] = '0123456789abcdefghi'
        params['auth_server_port'] = "18138"
        hapd = hostapd.add_ap(apdev[0]['ifname'], params)
        logger.info("connecting without VLAN")
        dev[0].connect(ssid,
                       psk="0123456789abcdefghi",
                       scan_freq="2412",
                       wait_connect=False)
        ev = dev[0].wait_event(
            ["CTRL-EVENT-CONNECTED", "CTRL-EVENT-SSID-TEMP-DISABLED"],
            timeout=20)
        if ev is None:
            raise Exception("Timeout on connection attempt")
        if "CTRL-EVENT-CONNECTED" in ev:
            raise Exception("Unexpected success without vlan parameters")
        logger.info("connecting without VLAN failed as expected")
        t_events['long'].set()
        logger.info("connecting with VLAN")
        dev[2].connect(ssid,
                       psk="0123456789abcdefghi",
                       scan_freq="2412",
                       wait_connect=False)
        ev = dev[2].wait_event(
            ["CTRL-EVENT-CONNECTED", "CTRL-EVENT-SSID-TEMP-DISABLED"],
            timeout=20)
        if ev is None:
            raise Exception("Timeout on connection attempt")
        if "CTRL-EVENT-SSID-TEMP-DISABLED" in ev:
            raise Exception("Unexpected failure with vlan parameters")
        logger.info("connecting with VLAN succeeded as expected")
    finally:
        t_events['stop'].set()
        t.join()
コード例 #42
0
ファイル: test_radius.py プロジェクト: pauloalcobia/hostap
def test_radius_psk(dev, apdev):
    """WPA2 with PSK from RADIUS"""
    try:
        import pyrad.server
        import pyrad.packet
        import pyrad.dictionary
    except ImportError:
        raise HwsimSkip("No pyrad modules available")

    class TestServer(pyrad.server.Server):
        def _HandleAuthPacket(self, pkt):
            pyrad.server.Server._HandleAuthPacket(self, pkt)
            logger.info("Received authentication request")
            reply = self.CreateReplyPacket(pkt)
            reply.code = pyrad.packet.AccessAccept
            a = "\xab\xcd"
            secret = reply.secret
            if self.t_events['long'].is_set():
                p = b'\x10' + "0123456789abcdef" + 15 * b'\x00'
                b = hashlib.md5(secret + pkt.authenticator + a).digest()
                pp = bytearray(p[0:16])
                bb = bytearray(b)
                cc = bytearray(pp[i] ^ bb[i] for i in range(len(bb)))

                b = hashlib.md5(reply.secret + bytes(cc)).digest()
                pp = bytearray(p[16:32])
                bb = bytearray(b)
                cc += bytearray(pp[i] ^ bb[i] for i in range(len(bb)))

                data = '\x00' + a + bytes(cc)
            else:
                p = b'\x08' + "12345678" + 7 * b'\x00'
                b = hashlib.md5(secret + pkt.authenticator + a).digest()
                pp = bytearray(p)
                bb = bytearray(b)
                cc = bytearray(pp[i] ^ bb[i] for i in range(len(bb)))
                data = '\x00' + a + bytes(cc)
            reply.AddAttribute("Tunnel-Password", data)
            self.SendReplyPacket(pkt.fd, reply)

        def RunWithStop(self, t_events):
            self._poll = select.poll()
            self._fdmap = {}
            self._PrepareSockets()
            self.t_events = t_events

            while not t_events['stop'].is_set():
                for (fd, event) in self._poll.poll(1000):
                    if event == select.POLLIN:
                        try:
                            fdo = self._fdmap[fd]
                            self._ProcessInput(fdo)
                        except ServerPacketError as err:
                            logger.info("pyrad server dropping packet: " +
                                        str(err))
                        except pyrad.packet.PacketError as err:
                            logger.info(
                                "pyrad server received invalid packet: " +
                                str(err))
                    else:
                        logger.error(
                            "Unexpected event in pyrad server main loop")

    srv = TestServer(dict=pyrad.dictionary.Dictionary("dictionary.radius"),
                     authport=18138,
                     acctport=18139)
    srv.hosts["127.0.0.1"] = pyrad.server.RemoteHost("127.0.0.1", "radius",
                                                     "localhost")
    srv.BindToAddress("")
    t_events = {}
    t_events['stop'] = threading.Event()
    t_events['long'] = threading.Event()
    t = threading.Thread(target=run_pyrad_server, args=(srv, t_events))
    t.start()

    try:
        ssid = "test-wpa2-psk"
        params = hostapd.radius_params()
        params['ssid'] = ssid
        params["wpa"] = "2"
        params["wpa_key_mgmt"] = "WPA-PSK"
        params["rsn_pairwise"] = "CCMP"
        params['macaddr_acl'] = '2'
        params['wpa_psk_radius'] = '2'
        params['auth_server_port'] = "18138"
        hapd = hostapd.add_ap(apdev[0]['ifname'], params)
        dev[0].connect(ssid, psk="12345678", scan_freq="2412")
        t_events['long'].set()
        dev[1].connect(ssid, psk="0123456789abcdef", scan_freq="2412")
    finally:
        t_events['stop'].set()
        t.join()
コード例 #43
0
def test_radius_psk(dev, apdev):
    """WPA2 with PSK from RADIUS"""
    try:
        import pyrad.server
        import pyrad.packet
        import pyrad.dictionary
    except ImportError:
        raise HwsimSkip("No pyrad modules available")

    class TestServer(pyrad.server.Server):
        def _HandleAuthPacket(self, pkt):
            pyrad.server.Server._HandleAuthPacket(self, pkt)
            logger.info("Received authentication request")
            reply = self.CreateReplyPacket(pkt)
            reply.code = pyrad.packet.AccessAccept
            a = "\xab\xcd"
            secret = reply.secret
            if self.t_events['long'].is_set():
                p = b'\x10' + "0123456789abcdef" + 15 * b'\x00'
                b = hashlib.md5(secret + pkt.authenticator + a).digest()
                pp = bytearray(p[0:16])
                bb = bytearray(b)
                cc = bytearray(pp[i] ^ bb[i] for i in range(len(bb)))

                b = hashlib.md5(reply.secret + bytes(cc)).digest()
                pp = bytearray(p[16:32])
                bb = bytearray(b)
                cc += bytearray(pp[i] ^ bb[i] for i in range(len(bb)))

                data = '\x00' + a + bytes(cc)
            else:
                p = b'\x08' + "12345678" + 7 * b'\x00'
                b = hashlib.md5(secret + pkt.authenticator + a).digest()
                pp = bytearray(p)
                bb = bytearray(b)
                cc = bytearray(pp[i] ^ bb[i] for i in range(len(bb)))
                data = '\x00' + a + bytes(cc)
            reply.AddAttribute("Tunnel-Password", data)
            self.SendReplyPacket(pkt.fd, reply)

        def RunWithStop(self, t_events):
            self._poll = select.poll()
            self._fdmap = {}
            self._PrepareSockets()
            self.t_events = t_events

            while not t_events['stop'].is_set():
                for (fd, event) in self._poll.poll(1000):
                    if event == select.POLLIN:
                        try:
                            fdo = self._fdmap[fd]
                            self._ProcessInput(fdo)
                        except ServerPacketError as err:
                            logger.info("pyrad server dropping packet: " + str(err))
                        except pyrad.packet.PacketError as err:
                            logger.info("pyrad server received invalid packet: " + str(err))
                    else:
                        logger.error("Unexpected event in pyrad server main loop")

    srv = TestServer(dict=pyrad.dictionary.Dictionary("dictionary.radius"),
                     authport=18138, acctport=18139)
    srv.hosts["127.0.0.1"] = pyrad.server.RemoteHost("127.0.0.1",
                                                     "radius",
                                                     "localhost")
    srv.BindToAddress("")
    t_events = {}
    t_events['stop'] = threading.Event()
    t_events['long'] = threading.Event()
    t = threading.Thread(target=run_pyrad_server, args=(srv, t_events))
    t.start()

    try:
        ssid = "test-wpa2-psk"
        params = hostapd.radius_params()
        params['ssid'] = ssid
        params["wpa"] = "2"
        params["wpa_key_mgmt"] = "WPA-PSK"
        params["rsn_pairwise"] = "CCMP"
        params['macaddr_acl'] = '2'
        params['wpa_psk_radius'] = '2'
        params['auth_server_port'] = "18138"
        hapd = hostapd.add_ap(apdev[0]['ifname'], params)
        dev[0].connect(ssid, psk="12345678", scan_freq="2412")
        t_events['long'].set()
        dev[1].connect(ssid, psk="0123456789abcdef", scan_freq="2412")
    finally:
        t_events['stop'].set()
        t.join()
コード例 #44
0
ファイル: test_radius.py プロジェクト: NS-K/hostapd
def test_ap_vlan_wpa2_psk_radius_required(dev, apdev):
    """AP VLAN with WPA2-PSK and RADIUS attributes required"""
    try:
        import pyrad.server
        import pyrad.packet
        import pyrad.dictionary
    except ImportError:
        raise HwsimSkip("No pyrad modules available")

    class TestServer(pyrad.server.Server):
        def _HandleAuthPacket(self, pkt):
            pyrad.server.Server._HandleAuthPacket(self, pkt)
            logger.info("Received authentication request")
            reply = self.CreateReplyPacket(pkt)
            reply.code = pyrad.packet.AccessAccept
            secret = reply.secret
            if self.t_events['long'].is_set():
                reply.AddAttribute("Tunnel-Type", 13)
                reply.AddAttribute("Tunnel-Medium-Type", 6)
                reply.AddAttribute("Tunnel-Private-Group-ID", "1")
            self.SendReplyPacket(pkt.fd, reply)

        def RunWithStop(self, t_events):
            self._poll = select.poll()
            self._fdmap = {}
            self._PrepareSockets()
            self.t_events = t_events

            while not t_events['stop'].is_set():
                for (fd, event) in self._poll.poll(1000):
                    if event == select.POLLIN:
                        try:
                            fdo = self._fdmap[fd]
                            self._ProcessInput(fdo)
                        except ServerPacketError as err:
                            logger.info("pyrad server dropping packet: " + str(err))
                        except pyrad.packet.PacketError as err:
                            logger.info("pyrad server received invalid packet: " + str(err))
                    else:
                        logger.error("Unexpected event in pyrad server main loop")

    srv = TestServer(dict=pyrad.dictionary.Dictionary("dictionary.radius"),
                     authport=18138, acctport=18139)
    srv.hosts["127.0.0.1"] = pyrad.server.RemoteHost("127.0.0.1",
                                                     "radius",
                                                     "localhost")
    srv.BindToAddress("")
    t_events = {}
    t_events['stop'] = threading.Event()
    t_events['long'] = threading.Event()
    t = threading.Thread(target=run_pyrad_server, args=(srv, t_events))
    t.start()

    try:
        ssid = "test-wpa2-psk"
        params = hostapd.radius_params()
        params['ssid'] = ssid
        params["wpa"] = "2"
        params["wpa_key_mgmt"] = "WPA-PSK"
        params["rsn_pairwise"] = "CCMP"
        params['macaddr_acl'] = '2'
        params['dynamic_vlan'] = "2"
        params['wpa_passphrase'] = '0123456789abcdefghi'
        params['auth_server_port'] = "18138"
        hapd = hostapd.add_ap(apdev[0]['ifname'], params)
        logger.info("connecting without VLAN")
        dev[0].connect(ssid, psk="0123456789abcdefghi", scan_freq="2412",wait_connect=False)
        ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
                                "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=20)
        if ev is None:
            raise Exception("Timeout on connection attempt")
        if "CTRL-EVENT-CONNECTED" in ev:
            raise Exception("Unexpected success without vlan parameters")
        logger.info("connecting without VLAN failed as expected")
        t_events['long'].set()
        logger.info("connecting with VLAN")
        dev[2].connect(ssid, psk="0123456789abcdefghi", scan_freq="2412",wait_connect=False)
        ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED",
                                "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=20)
        if ev is None:
            raise Exception("Timeout on connection attempt")
        if "CTRL-EVENT-SSID-TEMP-DISABLED" in ev:
            raise Exception("Unexpected failure with vlan parameters")
        logger.info("connecting with VLAN succeeded as expected")
    finally:
        t_events['stop'].set()
        t.join()