tests: EAP-pwd commit request error cases

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-04-13 18:21:57 +03:00
parent cb5db189ed
commit c9065bd265

View file

@ -6142,12 +6142,14 @@ def test_eap_proto_pwd(dev, apdev):
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Missing payload") logger.info("Test: Missing payload")
# EAP-pwd: Got a frame but pos is not NULL and len is 0
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], 4 + 1, return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], 4 + 1,
EAP_TYPE_PWD) EAP_TYPE_PWD)
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Missing Total-Length field") logger.info("Test: Missing Total-Length field")
# EAP-pwd: Frame too short to contain Total-Length field
payload = struct.pack("B", 0x80) payload = struct.pack("B", 0x80)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6155,6 +6157,7 @@ def test_eap_proto_pwd(dev, apdev):
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Too large Total-Length") logger.info("Test: Too large Total-Length")
# EAP-pwd: Incoming fragments whose total length = 65535
payload = struct.pack(">BH", 0x80, 65535) payload = struct.pack(">BH", 0x80, 65535)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6163,12 +6166,16 @@ def test_eap_proto_pwd(dev, apdev):
if ctx['num'] == idx: if ctx['num'] == idx:
eap_proto_pwd_test_wait = True eap_proto_pwd_test_wait = True
logger.info("Test: First fragment") logger.info("Test: First fragment")
# EAP-pwd: Incoming fragments whose total length = 10
# EAP-pwd: ACKing a 0 byte fragment
payload = struct.pack(">BH", 0xc0, 10) payload = struct.pack(">BH", 0xc0, 10)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Unexpected Total-Length value in the second fragment") logger.info("Test: Unexpected Total-Length value in the second fragment")
# EAP-pwd: Incoming fragments whose total length = 0
# EAP-pwd: Unexpected new fragment start when previous fragment is still in use
payload = struct.pack(">BH", 0x80, 0) payload = struct.pack(">BH", 0x80, 0)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6176,6 +6183,9 @@ def test_eap_proto_pwd(dev, apdev):
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: First and only fragment") logger.info("Test: First and only fragment")
# EAP-pwd: Incoming fragments whose total length = 0
# EAP-pwd: processing frame: exch 0, len 0
# EAP-pwd: Ignoring message with unknown opcode 128
payload = struct.pack(">BH", 0x80, 0) payload = struct.pack(">BH", 0x80, 0)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6183,6 +6193,9 @@ def test_eap_proto_pwd(dev, apdev):
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: First and only fragment with extra data") logger.info("Test: First and only fragment with extra data")
# EAP-pwd: Incoming fragments whose total length = 0
# EAP-pwd: processing frame: exch 0, len 1
# EAP-pwd: Ignoring message with unknown opcode 128
payload = struct.pack(">BHB", 0x80, 0, 0) payload = struct.pack(">BHB", 0x80, 0, 0)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6191,12 +6204,15 @@ def test_eap_proto_pwd(dev, apdev):
if ctx['num'] == idx: if ctx['num'] == idx:
eap_proto_pwd_test_wait = True eap_proto_pwd_test_wait = True
logger.info("Test: First fragment") logger.info("Test: First fragment")
# EAP-pwd: Incoming fragments whose total length = 2
# EAP-pwd: ACKing a 1 byte fragment
payload = struct.pack(">BHB", 0xc0, 2, 1) payload = struct.pack(">BHB", 0xc0, 2, 1)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Extra data in the second fragment") logger.info("Test: Extra data in the second fragment")
# EAP-pwd: Buffer overflow attack detected (3 vs. 1)!
payload = struct.pack(">BBB", 0x0, 2, 3) payload = struct.pack(">BBB", 0x0, 2, 3)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6204,6 +6220,8 @@ def test_eap_proto_pwd(dev, apdev):
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Too short id exchange") logger.info("Test: Too short id exchange")
# EAP-pwd: processing frame: exch 1, len 0
# EAP-PWD: PWD-ID-Req -> FAILURE
payload = struct.pack(">B", 0x01) payload = struct.pack(">B", 0x01)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6211,6 +6229,8 @@ def test_eap_proto_pwd(dev, apdev):
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Unsupported rand func in id exchange") logger.info("Test: Unsupported rand func in id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=0 random=0 prf=0 prep=0
# EAP-PWD: PWD-ID-Req -> FAILURE
payload = struct.pack(">BHBBLB", 0x01, 0, 0, 0, 0, 0) payload = struct.pack(">BHBBLB", 0x01, 0, 0, 0, 0, 0)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6218,6 +6238,8 @@ def test_eap_proto_pwd(dev, apdev):
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Unsupported prf in id exchange") logger.info("Test: Unsupported prf in id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=0 prep=0
# EAP-PWD: PWD-ID-Req -> FAILURE
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 0, 0, 0) payload = struct.pack(">BHBBLB", 0x01, 19, 1, 0, 0, 0)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6225,6 +6247,9 @@ def test_eap_proto_pwd(dev, apdev):
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Unsupported password pre-processing technique in id exchange") logger.info("Test: Unsupported password pre-processing technique in id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=255
# EAP-PWD: Unsupported password pre-processing technique (Prep=255)
# EAP-PWD: PWD-ID-Req -> FAILURE
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 255) payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 255)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6233,12 +6258,15 @@ def test_eap_proto_pwd(dev, apdev):
if ctx['num'] == idx: if ctx['num'] == idx:
eap_proto_pwd_test_wait = True eap_proto_pwd_test_wait = True
logger.info("Test: Valid id exchange") logger.info("Test: Valid id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=0
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0) payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Unexpected id exchange") logger.info("Test: Unexpected id exchange")
# EAP-pwd: processing frame: exch 1, len 9
# EAP-PWD: PWD-Commit-Req -> FAILURE
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0) payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6246,6 +6274,8 @@ def test_eap_proto_pwd(dev, apdev):
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Unexpected commit exchange") logger.info("Test: Unexpected commit exchange")
# EAP-pwd: processing frame: exch 2, len 0
# EAP-PWD: PWD-ID-Req -> FAILURE
payload = struct.pack(">B", 0x02) payload = struct.pack(">B", 0x02)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6254,12 +6284,15 @@ def test_eap_proto_pwd(dev, apdev):
if ctx['num'] == idx: if ctx['num'] == idx:
eap_proto_pwd_test_wait = True eap_proto_pwd_test_wait = True
logger.info("Test: Valid id exchange") logger.info("Test: Valid id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=0
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0) payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Unexpected Commit payload length") logger.info("Test: Unexpected Commit payload length (prep=None)")
# EAP-pwd commit request, password prep is NONE
# EAP-pwd: Unexpected Commit payload length 0 (expected 96)
payload = struct.pack(">B", 0x02) payload = struct.pack(">B", 0x02)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6268,12 +6301,14 @@ def test_eap_proto_pwd(dev, apdev):
if ctx['num'] == idx: if ctx['num'] == idx:
eap_proto_pwd_test_wait = True eap_proto_pwd_test_wait = True
logger.info("Test: Valid id exchange") logger.info("Test: Valid id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=0
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0) payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Commit payload with all zeros values --> Shared key at infinity") logger.info("Test: Commit payload with all zeros values --> Shared key at infinity")
# EAP-pwd: Invalid coordinate in element
payload = struct.pack(">B", 0x02) + 96*b'\0' payload = struct.pack(">B", 0x02) + 96*b'\0'
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6282,6 +6317,7 @@ def test_eap_proto_pwd(dev, apdev):
if ctx['num'] == idx: if ctx['num'] == idx:
eap_proto_pwd_test_wait = True eap_proto_pwd_test_wait = True
logger.info("Test: Valid id exchange") logger.info("Test: Valid id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=0
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0) payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6289,6 +6325,7 @@ def test_eap_proto_pwd(dev, apdev):
if ctx['num'] == idx: if ctx['num'] == idx:
eap_proto_pwd_test_wait = True eap_proto_pwd_test_wait = True
logger.info("Test: Commit payload with valid values") logger.info("Test: Commit payload with valid values")
# EAP-pwd commit request, password prep is NONE
element = binascii.unhexlify("8dcab2862c5396839a6bac0c689ff03d962863108e7c275bbf1d6eedf634ee832a214db99f0d0a1a6317733eecdd97f0fc4cda19f57e1bb9bb9c8dcf8c60ba6f") element = binascii.unhexlify("8dcab2862c5396839a6bac0c689ff03d962863108e7c275bbf1d6eedf634ee832a214db99f0d0a1a6317733eecdd97f0fc4cda19f57e1bb9bb9c8dcf8c60ba6f")
scalar = binascii.unhexlify("450f31e058cf2ac2636a5d6e2b3c70b1fcc301957f0716e77f13aa69f9a2e5bd") scalar = binascii.unhexlify("450f31e058cf2ac2636a5d6e2b3c70b1fcc301957f0716e77f13aa69f9a2e5bd")
payload = struct.pack(">B", 0x02) + element + scalar payload = struct.pack(">B", 0x02) + element + scalar
@ -6297,6 +6334,7 @@ def test_eap_proto_pwd(dev, apdev):
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Unexpected Confirm payload length 0") logger.info("Test: Unexpected Confirm payload length 0")
# EAP-pwd: Unexpected Confirm payload length 0 (expected 32)
payload = struct.pack(">B", 0x03) payload = struct.pack(">B", 0x03)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6305,6 +6343,7 @@ def test_eap_proto_pwd(dev, apdev):
if ctx['num'] == idx: if ctx['num'] == idx:
eap_proto_pwd_test_wait = True eap_proto_pwd_test_wait = True
logger.info("Test: Valid id exchange") logger.info("Test: Valid id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=0
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0) payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 0)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6312,6 +6351,7 @@ def test_eap_proto_pwd(dev, apdev):
if ctx['num'] == idx: if ctx['num'] == idx:
eap_proto_pwd_test_wait = True eap_proto_pwd_test_wait = True
logger.info("Test: Commit payload with valid values") logger.info("Test: Commit payload with valid values")
# EAP-pwd commit request, password prep is NONE
element = binascii.unhexlify("8dcab2862c5396839a6bac0c689ff03d962863108e7c275bbf1d6eedf634ee832a214db99f0d0a1a6317733eecdd97f0fc4cda19f57e1bb9bb9c8dcf8c60ba6f") element = binascii.unhexlify("8dcab2862c5396839a6bac0c689ff03d962863108e7c275bbf1d6eedf634ee832a214db99f0d0a1a6317733eecdd97f0fc4cda19f57e1bb9bb9c8dcf8c60ba6f")
scalar = binascii.unhexlify("450f31e058cf2ac2636a5d6e2b3c70b1fcc301957f0716e77f13aa69f9a2e5bd") scalar = binascii.unhexlify("450f31e058cf2ac2636a5d6e2b3c70b1fcc301957f0716e77f13aa69f9a2e5bd")
payload = struct.pack(">B", 0x02) + element + scalar payload = struct.pack(">B", 0x02) + element + scalar
@ -6320,6 +6360,7 @@ def test_eap_proto_pwd(dev, apdev):
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Confirm payload with incorrect value") logger.info("Test: Confirm payload with incorrect value")
# EAP-PWD (peer): confirm did not verify
payload = struct.pack(">B", 0x03) + 32*b'\0' payload = struct.pack(">B", 0x03) + 32*b'\0'
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
@ -6327,10 +6368,192 @@ def test_eap_proto_pwd(dev, apdev):
idx += 1 idx += 1
if ctx['num'] == idx: if ctx['num'] == idx:
logger.info("Test: Unexpected confirm exchange") logger.info("Test: Unexpected confirm exchange")
# EAP-pwd: processing frame: exch 3, len 0
# EAP-PWD: PWD-ID-Req -> FAILURE
payload = struct.pack(">B", 0x03) payload = struct.pack(">B", 0x03)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload 4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
logger.info("Test: Unsupported password pre-processing technique SASLprep in id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=2
# EAP-PWD: Unsupported password pre-processing technique (Prep=2)
# EAP-PWD: PWD-ID-Req -> FAILURE
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 2)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
eap_proto_pwd_test_wait = True
logger.info("Test: Valid id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=1
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 1)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
logger.info("Test: Unexpected Commit payload length (prep=MS)")
# EAP-pwd commit request, password prep is MS
# EAP-pwd: Unexpected Commit payload length 0 (expected 96)
payload = struct.pack(">B", 0x02)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
eap_proto_pwd_test_wait = True
logger.info("Test: Valid id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=3
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 3)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
logger.info("Test: Unexpected Commit payload length (prep=ssha1)")
# EAP-pwd commit request, password prep is salted sha1
# EAP-pwd: Invalid Salt-len
payload = struct.pack(">B", 0x02)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
eap_proto_pwd_test_wait = True
logger.info("Test: Valid id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=3
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 3)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
logger.info("Test: Unexpected Commit payload length (prep=ssha1)")
# EAP-pwd commit request, password prep is salted sha1
# EAP-pwd: Invalid Salt-len
payload = struct.pack(">BB", 0x02, 0)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
eap_proto_pwd_test_wait = True
logger.info("Test: Valid id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=3
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 3)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
logger.info("Test: Unexpected Commit payload length (prep=ssha1)")
# EAP-pwd commit request, password prep is salted sha1
# EAP-pwd: Unexpected Commit payload length 1 (expected 98)
payload = struct.pack(">BB", 0x02, 1)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
eap_proto_pwd_test_wait = True
logger.info("Test: Valid id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=4
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 4)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
logger.info("Test: Unexpected Commit payload length (prep=ssha256)")
# EAP-pwd commit request, password prep is salted sha256
# EAP-pwd: Invalid Salt-len
payload = struct.pack(">B", 0x02)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
eap_proto_pwd_test_wait = True
logger.info("Test: Valid id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=4
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 4)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
logger.info("Test: Unexpected Commit payload length (prep=ssha256)")
# EAP-pwd commit request, password prep is salted sha256
# EAP-pwd: Invalid Salt-len
payload = struct.pack(">BB", 0x02, 0)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
eap_proto_pwd_test_wait = True
logger.info("Test: Valid id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=4
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 4)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
logger.info("Test: Unexpected Commit payload length (prep=ssha256)")
# EAP-pwd commit request, password prep is salted sha256
# EAP-pwd: Unexpected Commit payload length 1 (expected 98)
payload = struct.pack(">BB", 0x02, 1)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
eap_proto_pwd_test_wait = True
logger.info("Test: Valid id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=5
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 5)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
logger.info("Test: Unexpected Commit payload length (prep=ssha512)")
# EAP-pwd commit request, password prep is salted sha512
# EAP-pwd: Invalid Salt-len
payload = struct.pack(">B", 0x02)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
eap_proto_pwd_test_wait = True
logger.info("Test: Valid id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=5
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 5)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
logger.info("Test: Unexpected Commit payload length (prep=ssha512)")
# EAP-pwd commit request, password prep is salted sha512
# EAP-pwd: Invalid Salt-len
payload = struct.pack(">BB", 0x02, 0)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
eap_proto_pwd_test_wait = True
logger.info("Test: Valid id exchange")
# EAP-PWD: Server EAP-pwd-ID proposal: group=19 random=1 prf=1 prep=5
payload = struct.pack(">BHBBLB", 0x01, 19, 1, 1, 0, 5)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
idx += 1
if ctx['num'] == idx:
logger.info("Test: Unexpected Commit payload length (prep=ssha512)")
# EAP-pwd commit request, password prep is salted sha512
# EAP-pwd: Unexpected Commit payload length 1 (expected 98)
payload = struct.pack(">BB", 0x02, 1)
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
4 + 1 + len(payload), EAP_TYPE_PWD) + payload
logger.info("No more test responses available - test case completed") logger.info("No more test responses available - test case completed")
global eap_proto_pwd_test_done global eap_proto_pwd_test_done
eap_proto_pwd_test_done = True eap_proto_pwd_test_done = True
@ -6366,10 +6589,12 @@ def test_eap_proto_pwd(dev, apdev):
if not ok: if not ok:
raise Exception("Expected EAP event not seen") raise Exception("Expected EAP event not seen")
if eap_proto_pwd_test_wait: if eap_proto_pwd_test_wait:
for k in range(10): for k in range(20):
time.sleep(0.1) time.sleep(0.1)
if not eap_proto_pwd_test_wait: if not eap_proto_pwd_test_wait:
break break
if eap_proto_pwd_test_wait:
raise Exception("eap_proto_pwd_test_wait not cleared")
dev[0].request("REMOVE_NETWORK all") dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected(timeout=1) dev[0].wait_disconnected(timeout=1)
dev[0].dump_monitor() dev[0].dump_monitor()