Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

tests: Verify CoA-Request behavior

This version verifies that hostapd NAKs a valid request since
CoA-Request is not yet supported.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 11 years ago
parent
6f939e591e
commit
55497a51a8
2 changed files with 60 additions and 0 deletions
Split View Show Diff Stats
  1. 17 0
      tests/hwsim/radius_das.py
  2. 43 0
      tests/hwsim/test_radius.py

+ 17 - 0
tests/hwsim/radius_das.py
View File 

@@ -27,3 +27,20 @@ class DisconnectPacket(pyrad.packet.Packet):
 
         self.authenticator = hashlib.md5(header[0:4] + 16 * b'\x00' + attr
 
             + self.secret).digest()
 
         return header + self.authenticator + attr
 
+
 
+class CoAPacket(pyrad.packet.Packet):
 
+    def __init__(self, code=pyrad.packet.CoARequest, id=None,
 
+                 secret=None, authenticator=None, **attributes):
 
+        pyrad.packet.Packet.__init__(self, code, id, secret, authenticator,
 
+                                     **attributes)
 
+
 
+    def RequestPacket(self):
 
+        attr = self._PktEncodeAttributes()
 
+
 
+        if self.id is None:
 
+            self.id = random.randrange(0, 256)
 
+
 
+        header = struct.pack('!BBH', self.code, self.id, (20 + len(attr)))
 
+        self.authenticator = hashlib.md5(header[0:4] + 16 * b'\x00' + attr
 
+            + self.secret).digest()
 
+        return header + self.authenticator + attr

+ 43 - 0
tests/hwsim/test_radius.py
View File 

@@ -307,3 +307,46 @@ def test_radius_das_disconnect(dev, apdev):
 
     ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"])
 
     if ev is None:
 
         raise Exception("Timeout while waiting for re-connection")
 
+
 
+def test_radius_das_coa(dev, apdev):
 
+    """RADIUS Dynamic Authorization Extensions - CoA"""
 
+    try:
 
+        import pyrad.client
 
+        import pyrad.packet
 
+        import pyrad.dictionary
 
+        import radius_das
 
+    except ImportError:
 
+        return "skip"
 
+
 
+    params = hostapd.wpa2_eap_params(ssid="radius-das")
 
+    params['radius_das_port'] = "3799"
 
+    params['radius_das_client'] = "127.0.0.1 secret"
 
+    params['radius_das_require_event_timestamp'] = "1"
 
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
 
+    connect(dev[0], "radius-das")
 
+    addr = dev[0].p2p_interface_addr()
 
+    sta = hapd.get_sta(addr)
 
+    id = sta['dot1xAuthSessionId']
 
+
 
+    dict = pyrad.dictionary.Dictionary("dictionary.radius")
 
+
 
+    srv = pyrad.client.Client(server="127.0.0.1", acctport=3799,
 
+                              secret="secret", dict=dict)
 
+    srv.retries = 1
 
+    srv.timeout = 1
 
+
 
+    # hostapd does not currently support CoA-Request, so NAK is expected
 
+    logger.info("CoA-Request with matching Acct-Session-Id")
 
+    req = radius_das.CoAPacket(dict=dict, secret="secret",
 
+                               Acct_Session_Id=id,
 
+                               Event_Timestamp=int(time.time()))
 
+    reply = srv.SendPacket(req)
 
+    logger.debug("RADIUS response from hostapd")
 
+    for i in reply.keys():
 
+        logger.debug("%s: %s" % (i, reply[i]))
 
+    if reply.code != pyrad.packet.CoANAK:
 
+        raise Exception("Unexpected response code")
 
+    if 'Error-Cause' not in reply:
 
+        raise Exception("Missing Error-Cause")
 
+    if reply['Error-Cause'][0] != 405:
 
+        raise Exception("Unexpected Error-Cause: {}".format(reply['Error-Cause']))