00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018 #include "includes.h"
00019 #include <assert.h>
00020
00021 #include "common.h"
00022 #include "config.h"
00023 #include "eapol_supp/eapol_supp_sm.h"
00024 #include "eap_peer/eap.h"
00025 #include "eloop.h"
00026 #include "rsn_supp/wpa.h"
00027 #include "eap_peer/eap_i.h"
00028 #include "wpa_supplicant_i.h"
00029 #include "radius/radius.h"
00030 #include "radius/radius_client.h"
00031 #include "ctrl_iface.h"
00032 #include "pcsc_funcs.h"
00033
00034
00035 extern int wpa_debug_level;
00036 extern int wpa_debug_show_keys;
00037
00038 struct wpa_driver_ops *wpa_drivers[] = { NULL };
00039
00040
00041 struct extra_radius_attr {
00042 u8 type;
00043 char syntax;
00044 char *data;
00045 struct extra_radius_attr *next;
00046 };
00047
00048 struct eapol_test_data {
00049 struct wpa_supplicant *wpa_s;
00050
00051 int eapol_test_num_reauths;
00052 int no_mppe_keys;
00053 int num_mppe_ok, num_mppe_mismatch;
00054
00055 u8 radius_identifier;
00056 struct radius_msg *last_recv_radius;
00057 struct in_addr own_ip_addr;
00058 struct radius_client_data *radius;
00059 struct hostapd_radius_servers *radius_conf;
00060
00061 u8 *last_eap_radius;
00062
00063 size_t last_eap_radius_len;
00064
00065 u8 authenticator_pmk[PMK_LEN];
00066 size_t authenticator_pmk_len;
00067 int radius_access_accept_received;
00068 int radius_access_reject_received;
00069 int auth_timed_out;
00070
00071 u8 *eap_identity;
00072 size_t eap_identity_len;
00073
00074 char *connect_info;
00075 u8 own_addr[ETH_ALEN];
00076 struct extra_radius_attr *extra_attrs;
00077 };
00078
00079 static struct eapol_test_data eapol_test;
00080
00081
00082 static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx);
00083
00084
00085 static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
00086 int level, const char *txt, size_t len)
00087 {
00088 if (addr)
00089 wpa_printf(MSG_DEBUG, "STA " MACSTR ": %s\n",
00090 MAC2STR(addr), txt);
00091 else
00092 wpa_printf(MSG_DEBUG, "%s", txt);
00093 }
00094
00095
00096 static int add_extra_attr(struct radius_msg *msg,
00097 struct extra_radius_attr *attr)
00098 {
00099 size_t len;
00100 char *pos;
00101 u32 val;
00102 char buf[128];
00103
00104 switch (attr->syntax) {
00105 case 's':
00106 os_snprintf(buf, sizeof(buf), "%s", attr->data);
00107 len = os_strlen(buf);
00108 break;
00109 case 'n':
00110 buf[0] = '\0';
00111 len = 1;
00112 break;
00113 case 'x':
00114 pos = attr->data;
00115 if (pos[0] == '0' && pos[1] == 'x')
00116 pos += 2;
00117 len = os_strlen(pos);
00118 if ((len & 1) || (len / 2) > sizeof(buf)) {
00119 printf("Invalid extra attribute hexstring\n");
00120 return -1;
00121 }
00122 len /= 2;
00123 if (hexstr2bin(pos, (u8 *) buf, len) < 0) {
00124 printf("Invalid extra attribute hexstring\n");
00125 return -1;
00126 }
00127 break;
00128 case 'd':
00129 val = htonl(atoi(attr->data));
00130 os_memcpy(buf, &val, 4);
00131 len = 4;
00132 break;
00133 default:
00134 printf("Incorrect extra attribute syntax specification\n");
00135 return -1;
00136 }
00137
00138 if (!radius_msg_add_attr(msg, attr->type, (u8 *) buf, len)) {
00139 printf("Could not add attribute %d\n", attr->type);
00140 return -1;
00141 }
00142
00143 return 0;
00144 }
00145
00146
00147 static int add_extra_attrs(struct radius_msg *msg,
00148 struct extra_radius_attr *attrs)
00149 {
00150 struct extra_radius_attr *p;
00151 for (p = attrs; p; p = p->next) {
00152 if (add_extra_attr(msg, p) < 0)
00153 return -1;
00154 }
00155 return 0;
00156 }
00157
00158
00159 static struct extra_radius_attr *
00160 find_extra_attr(struct extra_radius_attr *attrs, u8 type)
00161 {
00162 struct extra_radius_attr *p;
00163 for (p = attrs; p; p = p->next) {
00164 if (p->type == type)
00165 return p;
00166 }
00167 return NULL;
00168 }
00169
00170
00171 static void ieee802_1x_encapsulate_radius(struct eapol_test_data *e,
00172 const u8 *eap, size_t len)
00173 {
00174 struct radius_msg *msg;
00175 char buf[128];
00176 const struct eap_hdr *hdr;
00177 const u8 *pos;
00178
00179 wpa_printf(MSG_DEBUG, "Encapsulating EAP message into a RADIUS "
00180 "packet");
00181
00182 e->radius_identifier = radius_client_get_id(e->radius);
00183 msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST,
00184 e->radius_identifier);
00185 if (msg == NULL) {
00186 printf("Could not create net RADIUS packet\n");
00187 return;
00188 }
00189
00190 radius_msg_make_authenticator(msg, (u8 *) e, sizeof(*e));
00191
00192 hdr = (const struct eap_hdr *) eap;
00193 pos = (const u8 *) (hdr + 1);
00194 if (len > sizeof(*hdr) && hdr->code == EAP_CODE_RESPONSE &&
00195 pos[0] == EAP_TYPE_IDENTITY) {
00196 pos++;
00197 os_free(e->eap_identity);
00198 e->eap_identity_len = len - sizeof(*hdr) - 1;
00199 e->eap_identity = os_malloc(e->eap_identity_len);
00200 if (e->eap_identity) {
00201 os_memcpy(e->eap_identity, pos, e->eap_identity_len);
00202 wpa_hexdump(MSG_DEBUG, "Learned identity from "
00203 "EAP-Response-Identity",
00204 e->eap_identity, e->eap_identity_len);
00205 }
00206 }
00207
00208 if (e->eap_identity &&
00209 !radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME,
00210 e->eap_identity, e->eap_identity_len)) {
00211 printf("Could not add User-Name\n");
00212 goto fail;
00213 }
00214
00215 if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_IP_ADDRESS) &&
00216 !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
00217 (u8 *) &e->own_ip_addr, 4)) {
00218 printf("Could not add NAS-IP-Address\n");
00219 goto fail;
00220 }
00221
00222 os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
00223 MAC2STR(e->wpa_s->own_addr));
00224 if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CALLING_STATION_ID)
00225 &&
00226 !radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID,
00227 (u8 *) buf, os_strlen(buf))) {
00228 printf("Could not add Calling-Station-Id\n");
00229 goto fail;
00230 }
00231
00232
00233
00234
00235 if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_FRAMED_MTU) &&
00236 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) {
00237 printf("Could not add Framed-MTU\n");
00238 goto fail;
00239 }
00240
00241 if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_PORT_TYPE) &&
00242 !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE,
00243 RADIUS_NAS_PORT_TYPE_IEEE_802_11)) {
00244 printf("Could not add NAS-Port-Type\n");
00245 goto fail;
00246 }
00247
00248 os_snprintf(buf, sizeof(buf), "%s", e->connect_info);
00249 if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CONNECT_INFO) &&
00250 !radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO,
00251 (u8 *) buf, os_strlen(buf))) {
00252 printf("Could not add Connect-Info\n");
00253 goto fail;
00254 }
00255
00256 if (add_extra_attrs(msg, e->extra_attrs) < 0)
00257 goto fail;
00258
00259 if (eap && !radius_msg_add_eap(msg, eap, len)) {
00260 printf("Could not add EAP-Message\n");
00261 goto fail;
00262 }
00263
00264
00265
00266 if (e->last_recv_radius &&
00267 radius_msg_get_hdr(e->last_recv_radius)->code ==
00268 RADIUS_CODE_ACCESS_CHALLENGE) {
00269 int res = radius_msg_copy_attr(msg, e->last_recv_radius,
00270 RADIUS_ATTR_STATE);
00271 if (res < 0) {
00272 printf("Could not copy State attribute from previous "
00273 "Access-Challenge\n");
00274 goto fail;
00275 }
00276 if (res > 0) {
00277 wpa_printf(MSG_DEBUG, " Copied RADIUS State "
00278 "Attribute");
00279 }
00280 }
00281
00282 radius_client_send(e->radius, msg, RADIUS_AUTH, e->wpa_s->own_addr);
00283 return;
00284
00285 fail:
00286 radius_msg_free(msg);
00287 }
00288
00289
00290 static int eapol_test_eapol_send(void *ctx, int type, const u8 *buf,
00291 size_t len)
00292 {
00293
00294 printf("WPA: eapol_test_eapol_send(type=%d len=%lu)\n",
00295 type, (unsigned long) len);
00296 if (type == IEEE802_1X_TYPE_EAP_PACKET) {
00297 wpa_hexdump(MSG_DEBUG, "TX EAP -> RADIUS", buf, len);
00298 ieee802_1x_encapsulate_radius(&eapol_test, buf, len);
00299 }
00300 return 0;
00301 }
00302
00303
00304 static void eapol_test_set_config_blob(void *ctx,
00305 struct wpa_config_blob *blob)
00306 {
00307 struct wpa_supplicant *wpa_s = ctx;
00308 wpa_config_set_blob(wpa_s->conf, blob);
00309 }
00310
00311
00312 static const struct wpa_config_blob *
00313 eapol_test_get_config_blob(void *ctx, const char *name)
00314 {
00315 struct wpa_supplicant *wpa_s = ctx;
00316 return wpa_config_get_blob(wpa_s->conf, name);
00317 }
00318
00319
00320 static void eapol_test_eapol_done_cb(void *ctx)
00321 {
00322 printf("WPA: EAPOL processing complete\n");
00323 }
00324
00325
00326 static void eapol_sm_reauth(void *eloop_ctx, void *timeout_ctx)
00327 {
00328 struct eapol_test_data *e = eloop_ctx;
00329 printf("\n\n\n\n\neapol_test: Triggering EAP reauthentication\n\n");
00330 e->radius_access_accept_received = 0;
00331 send_eap_request_identity(e->wpa_s, NULL);
00332 }
00333
00334
00335 static int eapol_test_compare_pmk(struct eapol_test_data *e)
00336 {
00337 u8 pmk[PMK_LEN];
00338 int ret = 1;
00339
00340 if (eapol_sm_get_key(e->wpa_s->eapol, pmk, PMK_LEN) == 0) {
00341 wpa_hexdump(MSG_DEBUG, "PMK from EAPOL", pmk, PMK_LEN);
00342 if (os_memcmp(pmk, e->authenticator_pmk, PMK_LEN) != 0) {
00343 printf("WARNING: PMK mismatch\n");
00344 wpa_hexdump(MSG_DEBUG, "PMK from AS",
00345 e->authenticator_pmk, PMK_LEN);
00346 } else if (e->radius_access_accept_received)
00347 ret = 0;
00348 } else if (e->authenticator_pmk_len == 16 &&
00349 eapol_sm_get_key(e->wpa_s->eapol, pmk, 16) == 0) {
00350 wpa_hexdump(MSG_DEBUG, "LEAP PMK from EAPOL", pmk, 16);
00351 if (os_memcmp(pmk, e->authenticator_pmk, 16) != 0) {
00352 printf("WARNING: PMK mismatch\n");
00353 wpa_hexdump(MSG_DEBUG, "PMK from AS",
00354 e->authenticator_pmk, 16);
00355 } else if (e->radius_access_accept_received)
00356 ret = 0;
00357 } else if (e->radius_access_accept_received && e->no_mppe_keys) {
00358
00359 ret = 0;
00360 }
00361
00362 if (ret && !e->no_mppe_keys)
00363 e->num_mppe_mismatch++;
00364 else if (!e->no_mppe_keys)
00365 e->num_mppe_ok++;
00366
00367 return ret;
00368 }
00369
00370
00371 static void eapol_sm_cb(struct eapol_sm *eapol, int success, void *ctx)
00372 {
00373 struct eapol_test_data *e = ctx;
00374 printf("eapol_sm_cb: success=%d\n", success);
00375 e->eapol_test_num_reauths--;
00376 if (e->eapol_test_num_reauths < 0)
00377 eloop_terminate();
00378 else {
00379 eapol_test_compare_pmk(e);
00380 eloop_register_timeout(0, 100000, eapol_sm_reauth, e, NULL);
00381 }
00382 }
00383
00384
00385 static int test_eapol(struct eapol_test_data *e, struct wpa_supplicant *wpa_s,
00386 struct wpa_ssid *ssid)
00387 {
00388 struct eapol_config eapol_conf;
00389 struct eapol_ctx *ctx;
00390
00391 ctx = os_zalloc(sizeof(*ctx));
00392 if (ctx == NULL) {
00393 printf("Failed to allocate EAPOL context.\n");
00394 return -1;
00395 }
00396 ctx->ctx = wpa_s;
00397 ctx->msg_ctx = wpa_s;
00398 ctx->scard_ctx = wpa_s->scard;
00399 ctx->cb = eapol_sm_cb;
00400 ctx->cb_ctx = e;
00401 ctx->eapol_send_ctx = wpa_s;
00402 ctx->preauth = 0;
00403 ctx->eapol_done_cb = eapol_test_eapol_done_cb;
00404 ctx->eapol_send = eapol_test_eapol_send;
00405 ctx->set_config_blob = eapol_test_set_config_blob;
00406 ctx->get_config_blob = eapol_test_get_config_blob;
00407 ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
00408 ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
00409 ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
00410
00411 wpa_s->eapol = eapol_sm_init(ctx);
00412 if (wpa_s->eapol == NULL) {
00413 os_free(ctx);
00414 printf("Failed to initialize EAPOL state machines.\n");
00415 return -1;
00416 }
00417
00418 wpa_s->current_ssid = ssid;
00419 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
00420 eapol_conf.accept_802_1x_keys = 1;
00421 eapol_conf.required_keys = 0;
00422 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
00423 eapol_conf.workaround = ssid->eap_workaround;
00424 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
00425 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
00426
00427
00428 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
00429
00430 eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);
00431
00432 return 0;
00433 }
00434
00435
00436 static void test_eapol_clean(struct eapol_test_data *e,
00437 struct wpa_supplicant *wpa_s)
00438 {
00439 struct extra_radius_attr *p, *prev;
00440
00441 radius_client_deinit(e->radius);
00442 os_free(e->last_eap_radius);
00443 radius_msg_free(e->last_recv_radius);
00444 e->last_recv_radius = NULL;
00445 os_free(e->eap_identity);
00446 e->eap_identity = NULL;
00447 eapol_sm_deinit(wpa_s->eapol);
00448 wpa_s->eapol = NULL;
00449 if (e->radius_conf && e->radius_conf->auth_server) {
00450 os_free(e->radius_conf->auth_server->shared_secret);
00451 os_free(e->radius_conf->auth_server);
00452 }
00453 os_free(e->radius_conf);
00454 e->radius_conf = NULL;
00455 scard_deinit(wpa_s->scard);
00456 if (wpa_s->ctrl_iface) {
00457 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
00458 wpa_s->ctrl_iface = NULL;
00459 }
00460 wpa_config_free(wpa_s->conf);
00461
00462 p = e->extra_attrs;
00463 while (p) {
00464 prev = p;
00465 p = p->next;
00466 os_free(prev);
00467 }
00468 }
00469
00470
00471 static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx)
00472 {
00473 struct wpa_supplicant *wpa_s = eloop_ctx;
00474 u8 buf[100], *pos;
00475 struct ieee802_1x_hdr *hdr;
00476 struct eap_hdr *eap;
00477
00478 hdr = (struct ieee802_1x_hdr *) buf;
00479 hdr->version = EAPOL_VERSION;
00480 hdr->type = IEEE802_1X_TYPE_EAP_PACKET;
00481 hdr->length = htons(5);
00482
00483 eap = (struct eap_hdr *) (hdr + 1);
00484 eap->code = EAP_CODE_REQUEST;
00485 eap->identifier = 0;
00486 eap->length = htons(5);
00487 pos = (u8 *) (eap + 1);
00488 *pos = EAP_TYPE_IDENTITY;
00489
00490 printf("Sending fake EAP-Request-Identity\n");
00491 eapol_sm_rx_eapol(wpa_s->eapol, wpa_s->bssid, buf,
00492 sizeof(*hdr) + 5);
00493 }
00494
00495
00496 static void eapol_test_timeout(void *eloop_ctx, void *timeout_ctx)
00497 {
00498 struct eapol_test_data *e = eloop_ctx;
00499 printf("EAPOL test timed out\n");
00500 e->auth_timed_out = 1;
00501 eloop_terminate();
00502 }
00503
00504
00505 static char *eap_type_text(u8 type)
00506 {
00507 switch (type) {
00508 case EAP_TYPE_IDENTITY: return "Identity";
00509 case EAP_TYPE_NOTIFICATION: return "Notification";
00510 case EAP_TYPE_NAK: return "Nak";
00511 case EAP_TYPE_TLS: return "TLS";
00512 case EAP_TYPE_TTLS: return "TTLS";
00513 case EAP_TYPE_PEAP: return "PEAP";
00514 case EAP_TYPE_SIM: return "SIM";
00515 case EAP_TYPE_GTC: return "GTC";
00516 case EAP_TYPE_MD5: return "MD5";
00517 case EAP_TYPE_OTP: return "OTP";
00518 case EAP_TYPE_FAST: return "FAST";
00519 case EAP_TYPE_SAKE: return "SAKE";
00520 case EAP_TYPE_PSK: return "PSK";
00521 default: return "Unknown";
00522 }
00523 }
00524
00525
00526 static void ieee802_1x_decapsulate_radius(struct eapol_test_data *e)
00527 {
00528 u8 *eap;
00529 size_t len;
00530 struct eap_hdr *hdr;
00531 int eap_type = -1;
00532 char buf[64];
00533 struct radius_msg *msg;
00534
00535 if (e->last_recv_radius == NULL)
00536 return;
00537
00538 msg = e->last_recv_radius;
00539
00540 eap = radius_msg_get_eap(msg, &len);
00541 if (eap == NULL) {
00542
00543
00544
00545 wpa_printf(MSG_DEBUG, "could not extract "
00546 "EAP-Message from RADIUS message");
00547 os_free(e->last_eap_radius);
00548 e->last_eap_radius = NULL;
00549 e->last_eap_radius_len = 0;
00550 return;
00551 }
00552
00553 if (len < sizeof(*hdr)) {
00554 wpa_printf(MSG_DEBUG, "too short EAP packet "
00555 "received from authentication server");
00556 os_free(eap);
00557 return;
00558 }
00559
00560 if (len > sizeof(*hdr))
00561 eap_type = eap[sizeof(*hdr)];
00562
00563 hdr = (struct eap_hdr *) eap;
00564 switch (hdr->code) {
00565 case EAP_CODE_REQUEST:
00566 os_snprintf(buf, sizeof(buf), "EAP-Request-%s (%d)",
00567 eap_type >= 0 ? eap_type_text(eap_type) : "??",
00568 eap_type);
00569 break;
00570 case EAP_CODE_RESPONSE:
00571 os_snprintf(buf, sizeof(buf), "EAP Response-%s (%d)",
00572 eap_type >= 0 ? eap_type_text(eap_type) : "??",
00573 eap_type);
00574 break;
00575 case EAP_CODE_SUCCESS:
00576 os_strlcpy(buf, "EAP Success", sizeof(buf));
00577
00578
00579 break;
00580 case EAP_CODE_FAILURE:
00581 os_strlcpy(buf, "EAP Failure", sizeof(buf));
00582 eloop_terminate();
00583 break;
00584 default:
00585 os_strlcpy(buf, "unknown EAP code", sizeof(buf));
00586 wpa_hexdump(MSG_DEBUG, "Decapsulated EAP packet", eap, len);
00587 break;
00588 }
00589 wpa_printf(MSG_DEBUG, "decapsulated EAP packet (code=%d "
00590 "id=%d len=%d) from RADIUS server: %s",
00591 hdr->code, hdr->identifier, ntohs(hdr->length), buf);
00592
00593
00594
00595 os_free(e->last_eap_radius);
00596 e->last_eap_radius = eap;
00597 e->last_eap_radius_len = len;
00598
00599 {
00600 struct ieee802_1x_hdr *dot1x;
00601 dot1x = os_malloc(sizeof(*dot1x) + len);
00602 assert(dot1x != NULL);
00603 dot1x->version = EAPOL_VERSION;
00604 dot1x->type = IEEE802_1X_TYPE_EAP_PACKET;
00605 dot1x->length = htons(len);
00606 os_memcpy((u8 *) (dot1x + 1), eap, len);
00607 eapol_sm_rx_eapol(e->wpa_s->eapol, e->wpa_s->bssid,
00608 (u8 *) dot1x, sizeof(*dot1x) + len);
00609 os_free(dot1x);
00610 }
00611 }
00612
00613
00614 static void ieee802_1x_get_keys(struct eapol_test_data *e,
00615 struct radius_msg *msg, struct radius_msg *req,
00616 const u8 *shared_secret,
00617 size_t shared_secret_len)
00618 {
00619 struct radius_ms_mppe_keys *keys;
00620
00621 keys = radius_msg_get_ms_keys(msg, req, shared_secret,
00622 shared_secret_len);
00623 if (keys && keys->send == NULL && keys->recv == NULL) {
00624 os_free(keys);
00625 keys = radius_msg_get_cisco_keys(msg, req, shared_secret,
00626 shared_secret_len);
00627 }
00628
00629 if (keys) {
00630 if (keys->send) {
00631 wpa_hexdump(MSG_DEBUG, "MS-MPPE-Send-Key (sign)",
00632 keys->send, keys->send_len);
00633 }
00634 if (keys->recv) {
00635 wpa_hexdump(MSG_DEBUG, "MS-MPPE-Recv-Key (crypt)",
00636 keys->recv, keys->recv_len);
00637 e->authenticator_pmk_len =
00638 keys->recv_len > PMK_LEN ? PMK_LEN :
00639 keys->recv_len;
00640 os_memcpy(e->authenticator_pmk, keys->recv,
00641 e->authenticator_pmk_len);
00642 if (e->authenticator_pmk_len == 16 && keys->send &&
00643 keys->send_len == 16) {
00644
00645 wpa_printf(MSG_DEBUG, "Use MS-MPPE-Send-Key "
00646 "to extend PMK to 32 octets");
00647 os_memcpy(e->authenticator_pmk +
00648 e->authenticator_pmk_len,
00649 keys->send, keys->send_len);
00650 e->authenticator_pmk_len += keys->send_len;
00651 }
00652 }
00653
00654 os_free(keys->send);
00655 os_free(keys->recv);
00656 os_free(keys);
00657 }
00658 }
00659
00660
00661
00662 static RadiusRxResult
00663 ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
00664 const u8 *shared_secret, size_t shared_secret_len,
00665 void *data)
00666 {
00667 struct eapol_test_data *e = data;
00668 struct radius_hdr *hdr = radius_msg_get_hdr(msg);
00669
00670
00671
00672 if (hdr->code == RADIUS_CODE_ACCESS_REJECT &&
00673 radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,
00674 0) < 0 &&
00675 radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {
00676 wpa_printf(MSG_DEBUG, "Allowing RADIUS "
00677 "Access-Reject without Message-Authenticator "
00678 "since it does not include EAP-Message\n");
00679 } else if (radius_msg_verify(msg, shared_secret, shared_secret_len,
00680 req, 1)) {
00681 printf("Incoming RADIUS packet did not have correct "
00682 "Message-Authenticator - dropped\n");
00683 return RADIUS_RX_UNKNOWN;
00684 }
00685
00686 if (hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
00687 hdr->code != RADIUS_CODE_ACCESS_REJECT &&
00688 hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {
00689 printf("Unknown RADIUS message code\n");
00690 return RADIUS_RX_UNKNOWN;
00691 }
00692
00693 e->radius_identifier = -1;
00694 wpa_printf(MSG_DEBUG, "RADIUS packet matching with station");
00695
00696 radius_msg_free(e->last_recv_radius);
00697 e->last_recv_radius = msg;
00698
00699 switch (hdr->code) {
00700 case RADIUS_CODE_ACCESS_ACCEPT:
00701 e->radius_access_accept_received = 1;
00702 ieee802_1x_get_keys(e, msg, req, shared_secret,
00703 shared_secret_len);
00704 break;
00705 case RADIUS_CODE_ACCESS_REJECT:
00706 e->radius_access_reject_received = 1;
00707 break;
00708 }
00709
00710 ieee802_1x_decapsulate_radius(e);
00711
00712 if ((hdr->code == RADIUS_CODE_ACCESS_ACCEPT &&
00713 e->eapol_test_num_reauths < 0) ||
00714 hdr->code == RADIUS_CODE_ACCESS_REJECT) {
00715 eloop_terminate();
00716 }
00717
00718 return RADIUS_RX_QUEUED;
00719 }
00720
00721
00722 static void wpa_init_conf(struct eapol_test_data *e,
00723 struct wpa_supplicant *wpa_s, const char *authsrv,
00724 int port, const char *secret,
00725 const char *cli_addr)
00726 {
00727 struct hostapd_radius_server *as;
00728 int res;
00729
00730 wpa_s->bssid[5] = 1;
00731 os_memcpy(wpa_s->own_addr, e->own_addr, ETH_ALEN);
00732 e->own_ip_addr.s_addr = htonl((127 << 24) | 1);
00733 os_strlcpy(wpa_s->ifname, "test", sizeof(wpa_s->ifname));
00734
00735 e->radius_conf = os_zalloc(sizeof(struct hostapd_radius_servers));
00736 assert(e->radius_conf != NULL);
00737 e->radius_conf->num_auth_servers = 1;
00738 as = os_zalloc(sizeof(struct hostapd_radius_server));
00739 assert(as != NULL);
00740 #if defined(CONFIG_NATIVE_WINDOWS) || defined(CONFIG_ANSI_C_EXTRA)
00741 {
00742 int a[4];
00743 u8 *pos;
00744 sscanf(authsrv, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]);
00745 pos = (u8 *) &as->addr.u.v4;
00746 *pos++ = a[0];
00747 *pos++ = a[1];
00748 *pos++ = a[2];
00749 *pos++ = a[3];
00750 }
00751 #else
00752 inet_aton(authsrv, &as->addr.u.v4);
00753 #endif
00754 as->addr.af = AF_INET;
00755 as->port = port;
00756 as->shared_secret = (u8 *) os_strdup(secret);
00757 as->shared_secret_len = os_strlen(secret);
00758 e->radius_conf->auth_server = as;
00759 e->radius_conf->auth_servers = as;
00760 e->radius_conf->msg_dumps = 1;
00761 if (cli_addr) {
00762 if (hostapd_parse_ip_addr(cli_addr,
00763 &e->radius_conf->client_addr) == 0)
00764 e->radius_conf->force_client_addr = 1;
00765 else {
00766 wpa_printf(MSG_ERROR, "Invalid IP address '%s'",
00767 cli_addr);
00768 assert(0);
00769 }
00770 }
00771
00772 e->radius = radius_client_init(wpa_s, e->radius_conf);
00773 assert(e->radius != NULL);
00774
00775 res = radius_client_register(e->radius, RADIUS_AUTH,
00776 ieee802_1x_receive_auth, e);
00777 assert(res == 0);
00778 }
00779
00780
00781 static int scard_test(void)
00782 {
00783 struct scard_data *scard;
00784 size_t len;
00785 char imsi[20];
00786 unsigned char _rand[16];
00787 #ifdef PCSC_FUNCS
00788 unsigned char sres[4];
00789 unsigned char kc[8];
00790 #endif
00791 #define num_triplets 5
00792 unsigned char rand_[num_triplets][16];
00793 unsigned char sres_[num_triplets][4];
00794 unsigned char kc_[num_triplets][8];
00795 int i, res;
00796 size_t j;
00797
00798 #define AKA_RAND_LEN 16
00799 #define AKA_AUTN_LEN 16
00800 #define AKA_AUTS_LEN 14
00801 #define RES_MAX_LEN 16
00802 #define IK_LEN 16
00803 #define CK_LEN 16
00804 unsigned char aka_rand[AKA_RAND_LEN];
00805 unsigned char aka_autn[AKA_AUTN_LEN];
00806 unsigned char aka_auts[AKA_AUTS_LEN];
00807 unsigned char aka_res[RES_MAX_LEN];
00808 size_t aka_res_len;
00809 unsigned char aka_ik[IK_LEN];
00810 unsigned char aka_ck[CK_LEN];
00811
00812 scard = scard_init(SCARD_TRY_BOTH);
00813 if (scard == NULL)
00814 return -1;
00815 if (scard_set_pin(scard, "1234")) {
00816 wpa_printf(MSG_WARNING, "PIN validation failed");
00817 scard_deinit(scard);
00818 return -1;
00819 }
00820
00821 len = sizeof(imsi);
00822 if (scard_get_imsi(scard, imsi, &len))
00823 goto failed;
00824 wpa_hexdump_ascii(MSG_DEBUG, "SCARD: IMSI", (u8 *) imsi, len);
00825
00826
00827 os_memset(_rand, 0, sizeof(_rand));
00828 if (scard_gsm_auth(scard, _rand, sres, kc))
00829 goto failed;
00830
00831 os_memset(_rand, 0xff, sizeof(_rand));
00832 if (scard_gsm_auth(scard, _rand, sres, kc))
00833 goto failed;
00834
00835 for (i = 0; i < num_triplets; i++) {
00836 os_memset(rand_[i], i, sizeof(rand_[i]));
00837 if (scard_gsm_auth(scard, rand_[i], sres_[i], kc_[i]))
00838 goto failed;
00839 }
00840
00841 for (i = 0; i < num_triplets; i++) {
00842 printf("1");
00843 for (j = 0; j < len; j++)
00844 printf("%c", imsi[j]);
00845 printf(",");
00846 for (j = 0; j < 16; j++)
00847 printf("%02X", rand_[i][j]);
00848 printf(",");
00849 for (j = 0; j < 4; j++)
00850 printf("%02X", sres_[i][j]);
00851 printf(",");
00852 for (j = 0; j < 8; j++)
00853 printf("%02X", kc_[i][j]);
00854 printf("\n");
00855 }
00856
00857 wpa_printf(MSG_DEBUG, "Trying to use UMTS authentication");
00858
00859
00860 os_memset(aka_rand, 0xaa, 16);
00861 os_memcpy(aka_autn, "\x86\x71\x31\xcb\xa2\xfc\x61\xdf"
00862 "\xa3\xb3\x97\x9d\x07\x32\xa2\x12", 16);
00863
00864 res = scard_umts_auth(scard, aka_rand, aka_autn, aka_res, &aka_res_len,
00865 aka_ik, aka_ck, aka_auts);
00866 if (res == 0) {
00867 wpa_printf(MSG_DEBUG, "UMTS auth completed successfully");
00868 wpa_hexdump(MSG_DEBUG, "RES", aka_res, aka_res_len);
00869 wpa_hexdump(MSG_DEBUG, "IK", aka_ik, IK_LEN);
00870 wpa_hexdump(MSG_DEBUG, "CK", aka_ck, CK_LEN);
00871 } else if (res == -2) {
00872 wpa_printf(MSG_DEBUG, "UMTS auth resulted in synchronization "
00873 "failure");
00874 wpa_hexdump(MSG_DEBUG, "AUTS", aka_auts, AKA_AUTS_LEN);
00875 } else {
00876 wpa_printf(MSG_DEBUG, "UMTS auth failed");
00877 }
00878
00879 failed:
00880 scard_deinit(scard);
00881
00882 return 0;
00883 #undef num_triplets
00884 }
00885
00886
00887 static int scard_get_triplets(int argc, char *argv[])
00888 {
00889 struct scard_data *scard;
00890 size_t len;
00891 char imsi[20];
00892 unsigned char _rand[16];
00893 unsigned char sres[4];
00894 unsigned char kc[8];
00895 int num_triplets;
00896 int i;
00897 size_t j;
00898
00899 if (argc < 2 || ((num_triplets = atoi(argv[1])) <= 0)) {
00900 printf("invalid parameters for sim command\n");
00901 return -1;
00902 }
00903
00904 if (argc <= 2 || os_strcmp(argv[2], "debug") != 0) {
00905
00906 wpa_debug_level = 99;
00907 }
00908
00909 scard = scard_init(SCARD_GSM_SIM_ONLY);
00910 if (scard == NULL) {
00911 printf("Failed to open smartcard connection\n");
00912 return -1;
00913 }
00914 if (scard_set_pin(scard, argv[0])) {
00915 wpa_printf(MSG_WARNING, "PIN validation failed");
00916 scard_deinit(scard);
00917 return -1;
00918 }
00919
00920 len = sizeof(imsi);
00921 if (scard_get_imsi(scard, imsi, &len)) {
00922 scard_deinit(scard);
00923 return -1;
00924 }
00925
00926 for (i = 0; i < num_triplets; i++) {
00927 os_memset(_rand, i, sizeof(_rand));
00928 if (scard_gsm_auth(scard, _rand, sres, kc))
00929 break;
00930
00931
00932 for (j = 0; j < len; j++)
00933 printf("%c", imsi[j]);
00934 printf(":");
00935 for (j = 0; j < 8; j++)
00936 printf("%02X", kc[j]);
00937 printf(":");
00938 for (j = 0; j < 4; j++)
00939 printf("%02X", sres[j]);
00940 printf(":");
00941 for (j = 0; j < 16; j++)
00942 printf("%02X", _rand[j]);
00943 printf("\n");
00944 }
00945
00946 scard_deinit(scard);
00947
00948 return 0;
00949 }
00950
00951
00952 static void eapol_test_terminate(int sig, void *signal_ctx)
00953 {
00954 struct wpa_supplicant *wpa_s = signal_ctx;
00955 wpa_msg(wpa_s, MSG_INFO, "Signal %d received - terminating", sig);
00956 eloop_terminate();
00957 }
00958
00959
00960 static void usage(void)
00961 {
00962 printf("usage:\n"
00963 "eapol_test [-nWS] -c<conf> [-a<AS IP>] [-p<AS port>] "
00964 "[-s<AS secret>]\\\n"
00965 " [-r<count>] [-t<timeout>] [-C<Connect-Info>] \\\n"
00966 " [-M<client MAC address>] \\\n"
00967 " [-N<attr spec>] \\\n"
00968 " [-A<client IP>]\n"
00969 "eapol_test scard\n"
00970 "eapol_test sim <PIN> <num triplets> [debug]\n"
00971 "\n");
00972 printf("options:\n"
00973 " -c<conf> = configuration file\n"
00974 " -a<AS IP> = IP address of the authentication server, "
00975 "default 127.0.0.1\n"
00976 " -p<AS port> = UDP port of the authentication server, "
00977 "default 1812\n"
00978 " -s<AS secret> = shared secret with the authentication "
00979 "server, default 'radius'\n"
00980 " -A<client IP> = IP address of the client, default: select "
00981 "automatically\n"
00982 " -r<count> = number of re-authentications\n"
00983 " -W = wait for a control interface monitor before starting\n"
00984 " -S = save configuration after authentication\n"
00985 " -n = no MPPE keys expected\n"
00986 " -t<timeout> = sets timeout in seconds (default: 30 s)\n"
00987 " -C<Connect-Info> = RADIUS Connect-Info (default: "
00988 "CONNECT 11Mbps 802.11b)\n"
00989 " -M<client MAC address> = Set own MAC address "
00990 "(Calling-Station-Id,\n"
00991 " default: 02:00:00:00:00:01)\n"
00992 " -N<attr spec> = send arbitrary attribute specified by:\n"
00993 " attr_id:syntax:value or attr_id\n"
00994 " attr_id - number id of the attribute\n"
00995 " syntax - one of: s, d, x\n"
00996 " s = string\n"
00997 " d = integer\n"
00998 " x = octet string\n"
00999 " value - attribute value.\n"
01000 " When only attr_id is specified, NULL will be used as "
01001 "value.\n"
01002 " Multiple attributes can be specified by using the "
01003 "option several times.\n");
01004 }
01005
01006
01007 int main(int argc, char *argv[])
01008 {
01009 struct wpa_supplicant wpa_s;
01010 int c, ret = 1, wait_for_monitor = 0, save_config = 0;
01011 char *as_addr = "127.0.0.1";
01012 int as_port = 1812;
01013 char *as_secret = "radius";
01014 char *cli_addr = NULL;
01015 char *conf = NULL;
01016 int timeout = 30;
01017 char *pos;
01018 struct extra_radius_attr *p = NULL, *p1;
01019
01020 if (os_program_init())
01021 return -1;
01022
01023 hostapd_logger_register_cb(hostapd_logger_cb);
01024
01025 os_memset(&eapol_test, 0, sizeof(eapol_test));
01026 eapol_test.connect_info = "CONNECT 11Mbps 802.11b";
01027 os_memcpy(eapol_test.own_addr, "\x02\x00\x00\x00\x00\x01", ETH_ALEN);
01028
01029 wpa_debug_level = 0;
01030 wpa_debug_show_keys = 1;
01031
01032 for (;;) {
01033 c = getopt(argc, argv, "a:A:c:C:M:nN:p:r:s:St:W");
01034 if (c < 0)
01035 break;
01036 switch (c) {
01037 case 'a':
01038 as_addr = optarg;
01039 break;
01040 case 'A':
01041 cli_addr = optarg;
01042 break;
01043 case 'c':
01044 conf = optarg;
01045 break;
01046 case 'C':
01047 eapol_test.connect_info = optarg;
01048 break;
01049 case 'M':
01050 if (hwaddr_aton(optarg, eapol_test.own_addr)) {
01051 usage();
01052 return -1;
01053 }
01054 break;
01055 case 'n':
01056 eapol_test.no_mppe_keys++;
01057 break;
01058 case 'p':
01059 as_port = atoi(optarg);
01060 break;
01061 case 'r':
01062 eapol_test.eapol_test_num_reauths = atoi(optarg);
01063 break;
01064 case 's':
01065 as_secret = optarg;
01066 break;
01067 case 'S':
01068 save_config++;
01069 break;
01070 case 't':
01071 timeout = atoi(optarg);
01072 break;
01073 case 'W':
01074 wait_for_monitor++;
01075 break;
01076 case 'N':
01077 p1 = os_zalloc(sizeof(p1));
01078 if (p1 == NULL)
01079 break;
01080 if (!p)
01081 eapol_test.extra_attrs = p1;
01082 else
01083 p->next = p1;
01084 p = p1;
01085
01086 p->type = atoi(optarg);
01087 pos = os_strchr(optarg, ':');
01088 if (pos == NULL) {
01089 p->syntax = 'n';
01090 p->data = NULL;
01091 break;
01092 }
01093
01094 pos++;
01095 if (pos[0] == '\0' || pos[1] != ':') {
01096 printf("Incorrect format of attribute "
01097 "specification\n");
01098 break;
01099 }
01100
01101 p->syntax = pos[0];
01102 p->data = pos + 2;
01103 break;
01104 default:
01105 usage();
01106 return -1;
01107 }
01108 }
01109
01110 if (argc > optind && os_strcmp(argv[optind], "scard") == 0) {
01111 return scard_test();
01112 }
01113
01114 if (argc > optind && os_strcmp(argv[optind], "sim") == 0) {
01115 return scard_get_triplets(argc - optind - 1,
01116 &argv[optind + 1]);
01117 }
01118
01119 if (conf == NULL) {
01120 usage();
01121 printf("Configuration file is required.\n");
01122 return -1;
01123 }
01124
01125 if (eap_register_methods()) {
01126 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
01127 return -1;
01128 }
01129
01130 if (eloop_init()) {
01131 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
01132 return -1;
01133 }
01134
01135 os_memset(&wpa_s, 0, sizeof(wpa_s));
01136 eapol_test.wpa_s = &wpa_s;
01137 wpa_s.conf = wpa_config_read(conf);
01138 if (wpa_s.conf == NULL) {
01139 printf("Failed to parse configuration file '%s'.\n", conf);
01140 return -1;
01141 }
01142 if (wpa_s.conf->ssid == NULL) {
01143 printf("No networks defined.\n");
01144 return -1;
01145 }
01146
01147 wpa_init_conf(&eapol_test, &wpa_s, as_addr, as_port, as_secret,
01148 cli_addr);
01149 wpa_s.ctrl_iface = wpa_supplicant_ctrl_iface_init(&wpa_s);
01150 if (wpa_s.ctrl_iface == NULL) {
01151 printf("Failed to initialize control interface '%s'.\n"
01152 "You may have another eapol_test process already "
01153 "running or the file was\n"
01154 "left by an unclean termination of eapol_test in "
01155 "which case you will need\n"
01156 "to manually remove this file before starting "
01157 "eapol_test again.\n",
01158 wpa_s.conf->ctrl_interface);
01159 return -1;
01160 }
01161 if (wpa_supplicant_scard_init(&wpa_s, wpa_s.conf->ssid))
01162 return -1;
01163
01164 if (test_eapol(&eapol_test, &wpa_s, wpa_s.conf->ssid))
01165 return -1;
01166
01167 if (wait_for_monitor)
01168 wpa_supplicant_ctrl_iface_wait(wpa_s.ctrl_iface);
01169
01170 eloop_register_timeout(timeout, 0, eapol_test_timeout, &eapol_test,
01171 NULL);
01172 eloop_register_timeout(0, 0, send_eap_request_identity, &wpa_s, NULL);
01173 eloop_register_signal_terminate(eapol_test_terminate, &wpa_s);
01174 eloop_register_signal_reconfig(eapol_test_terminate, &wpa_s);
01175 eloop_run();
01176
01177 eloop_cancel_timeout(eapol_test_timeout, &eapol_test, NULL);
01178 eloop_cancel_timeout(eapol_sm_reauth, &eapol_test, NULL);
01179
01180 if (eapol_test_compare_pmk(&eapol_test) == 0 ||
01181 eapol_test.no_mppe_keys)
01182 ret = 0;
01183 if (eapol_test.auth_timed_out)
01184 ret = -2;
01185 if (eapol_test.radius_access_reject_received)
01186 ret = -3;
01187
01188 if (save_config)
01189 wpa_config_write(conf, wpa_s.conf);
01190
01191 test_eapol_clean(&eapol_test, &wpa_s);
01192
01193 eap_peer_unregister_methods();
01194
01195 eloop_destroy();
01196
01197 printf("MPPE keys OK: %d mismatch: %d\n",
01198 eapol_test.num_mppe_ok, eapol_test.num_mppe_mismatch);
01199 if (eapol_test.num_mppe_mismatch)
01200 ret = -4;
01201 if (ret)
01202 printf("FAILURE\n");
01203 else
01204 printf("SUCCESS\n");
01205
01206 os_program_deinit();
01207
01208 return ret;
01209 }