mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
tests: EAP-SIM tunneled within EAP-TTLS/PEAP/FAST
This verifies both the internal and external GSM authentication operation when EAP-SIM is tunneled within EAP-TTLS/PEAP/FAST. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
9e2afe10e6
commit
f22bc11846
@ -77,6 +77,9 @@ radius_accept_attr=56:x:32000011
|
||||
"0232010000000000@ttls" TTLS,AKA
|
||||
"0232010000000000@peap" PEAP,AKA
|
||||
"0232010000000000@fast" FAST,AKA
|
||||
"1232010000000000@ttls" TTLS,SIM
|
||||
"1232010000000000@peap" PEAP,SIM
|
||||
"1232010000000000@fast" FAST,SIM
|
||||
"6555444333222111@both" AKA',AKA
|
||||
"peap-ver0" PEAP [ver=0]
|
||||
"peap-ver1" PEAP [ver=1]
|
||||
|
@ -1632,6 +1632,131 @@ def test_ap_wpa2_eap_ttls_eap_mschapv2_server_oom(dev, apdev):
|
||||
break
|
||||
dev[0].request("REMOVE_NETWORK all")
|
||||
|
||||
def test_ap_wpa2_eap_ttls_eap_sim(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-TTLS/EAP-SIM"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hapd = hostapd.add_ap(apdev[0], params)
|
||||
eap_connect(dev[0], hapd, "TTLS", "1232010000000000",
|
||||
anonymous_identity="1232010000000000@ttls",
|
||||
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
|
||||
ca_cert="auth_serv/ca.pem", phase2="autheap=SIM")
|
||||
eap_reauth(dev[0], "TTLS")
|
||||
|
||||
def run_ext_sim_auth(dev):
|
||||
ev = dev.wait_event(["CTRL-REQ-SIM"], timeout=15)
|
||||
if ev is None:
|
||||
raise Exception("Wait for external SIM processing request timed out")
|
||||
p = ev.split(':', 2)
|
||||
if p[1] != "GSM-AUTH":
|
||||
raise Exception("Unexpected CTRL-REQ-SIM type")
|
||||
rid = p[0].split('-')[3]
|
||||
rand = p[2].split(' ')[0]
|
||||
|
||||
res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
|
||||
"-m",
|
||||
"auth_serv/hlr_auc_gw.milenage_db",
|
||||
"GSM-AUTH-REQ 232010000000000 " + rand])
|
||||
if "GSM-AUTH-RESP" not in res:
|
||||
raise Exception("Unexpected hlr_auc_gw response")
|
||||
resp = res.split(' ')[2].rstrip()
|
||||
|
||||
dev.request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:" + resp)
|
||||
dev.wait_connected(timeout=15)
|
||||
|
||||
dev.dump_monitor()
|
||||
dev.request("REAUTHENTICATE")
|
||||
ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
|
||||
if ev is None:
|
||||
raise Exception("EAP reauthentication did not succeed")
|
||||
ev = dev.wait_event(["WPA: Key negotiation completed"], timeout=5)
|
||||
if ev is None:
|
||||
raise Exception("Key negotiation did not complete")
|
||||
dev.dump_monitor()
|
||||
|
||||
def test_ap_wpa2_eap_ttls_eap_sim_ext(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-TTLS/EAP-SIM and external GSM auth"""
|
||||
check_hlr_auc_gw_support()
|
||||
try:
|
||||
run_ap_wpa2_eap_ttls_eap_sim_ext(dev, apdev)
|
||||
finally:
|
||||
dev[0].request("SET external_sim 0")
|
||||
|
||||
def run_ap_wpa2_eap_ttls_eap_sim_ext(dev, apdev):
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hapd = hostapd.add_ap(apdev[0], params)
|
||||
dev[0].request("SET external_sim 1")
|
||||
dev[0].connect("test-wpa2-eap", eap="TTLS", key_mgmt="WPA-EAP",
|
||||
identity="1232010000000000",
|
||||
anonymous_identity="1232010000000000@ttls",
|
||||
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
|
||||
ca_cert="auth_serv/ca.pem", phase2="autheap=SIM",
|
||||
wait_connect=False, scan_freq="2412")
|
||||
run_ext_sim_auth(dev[0])
|
||||
|
||||
def test_ap_wpa2_eap_peap_eap_sim(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-PEAP/EAP-SIM"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hapd = hostapd.add_ap(apdev[0], params)
|
||||
eap_connect(dev[0], hapd, "PEAP", "1232010000000000",
|
||||
anonymous_identity="1232010000000000@peap",
|
||||
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
|
||||
ca_cert="auth_serv/ca.pem", phase2="auth=SIM")
|
||||
eap_reauth(dev[0], "PEAP")
|
||||
|
||||
def test_ap_wpa2_eap_peap_eap_sim_ext(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-PEAP/EAP-SIM and external GSM auth"""
|
||||
check_hlr_auc_gw_support()
|
||||
try:
|
||||
run_ap_wpa2_eap_peap_eap_sim_ext(dev, apdev)
|
||||
finally:
|
||||
dev[0].request("SET external_sim 0")
|
||||
|
||||
def run_ap_wpa2_eap_peap_eap_sim_ext(dev, apdev):
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hapd = hostapd.add_ap(apdev[0], params)
|
||||
dev[0].request("SET external_sim 1")
|
||||
dev[0].connect("test-wpa2-eap", eap="PEAP", key_mgmt="WPA-EAP",
|
||||
identity="1232010000000000",
|
||||
anonymous_identity="1232010000000000@peap",
|
||||
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
|
||||
ca_cert="auth_serv/ca.pem", phase2="auth=SIM",
|
||||
wait_connect=False, scan_freq="2412")
|
||||
run_ext_sim_auth(dev[0])
|
||||
|
||||
def test_ap_wpa2_eap_fast_eap_sim(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-FAST/EAP-SIM"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hapd = hostapd.add_ap(apdev[0], params)
|
||||
eap_connect(dev[0], hapd, "FAST", "1232010000000000",
|
||||
anonymous_identity="1232010000000000@fast",
|
||||
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
|
||||
phase1="fast_provisioning=2",
|
||||
pac_file="blob://fast_pac_auth_sim",
|
||||
ca_cert="auth_serv/ca.pem", phase2="auth=SIM")
|
||||
eap_reauth(dev[0], "FAST")
|
||||
|
||||
def test_ap_wpa2_eap_fast_eap_sim_ext(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-FAST/EAP-SIM and external GSM auth"""
|
||||
check_hlr_auc_gw_support()
|
||||
try:
|
||||
run_ap_wpa2_eap_fast_eap_sim_ext(dev, apdev)
|
||||
finally:
|
||||
dev[0].request("SET external_sim 0")
|
||||
|
||||
def run_ap_wpa2_eap_fast_eap_sim_ext(dev, apdev):
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hapd = hostapd.add_ap(apdev[0], params)
|
||||
dev[0].request("SET external_sim 1")
|
||||
dev[0].connect("test-wpa2-eap", eap="PEAP", key_mgmt="WPA-EAP",
|
||||
identity="1232010000000000",
|
||||
anonymous_identity="1232010000000000@peap",
|
||||
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
|
||||
phase1="fast_provisioning=2",
|
||||
pac_file="blob://fast_pac_auth_sim",
|
||||
ca_cert="auth_serv/ca.pem", phase2="auth=SIM",
|
||||
wait_connect=False, scan_freq="2412")
|
||||
run_ext_sim_auth(dev[0])
|
||||
|
||||
def test_ap_wpa2_eap_ttls_eap_aka(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-TTLS/EAP-AKA"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
|
Loading…
Reference in New Issue
Block a user