DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

tests: Include Message-Authenticator attribute in RADIUS tests

Browse source 
This is in preparation for hostapd requiring this attribute for all
cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2024-03-17 11:10:16 +02:00
parent 2846b74f14
commit 566dc139a0
2 changed files with 21 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
tests/hwsim/test_eap_proto.py
View file

@ -82,6 +82,22 @@ def add_message_authenticator_attr(reply, digest):
digest = b"0x" + binascii.hexlify(digest) digest = b"0x" + binascii.hexlify(digest)
reply.AddAttribute("Message-Authenticator", digest) reply.AddAttribute("Message-Authenticator", digest)
def build_message_auth(pkt, reply):
hmac_obj = hmac.new(reply.secret, digestmod=hashlib.md5)
hmac_obj.update(struct.pack("B", reply.code))
hmac_obj.update(struct.pack("B", reply.id))
reply.AddAttribute("Message-Authenticator", 16*b'\x00')
attrs = reply._PktEncodeAttributes()
# Length
flen = 4 + 16 + len(attrs)
hmac_obj.update(struct.pack(">H", flen))
hmac_obj.update(pkt.authenticator)
hmac_obj.update(attrs)
del reply[80]
add_message_authenticator_attr(reply, hmac_obj.digest())
def run_pyrad_server(srv, t_stop, eap_handler): def run_pyrad_server(srv, t_stop, eap_handler):
srv.RunWithStop(t_stop, eap_handler) srv.RunWithStop(t_stop, eap_handler)
@ -113,21 +129,8 @@ def start_radius_server(eap_handler):
logger.info("No EAP request available") logger.info("No EAP request available")
reply.code = pyrad.packet.AccessChallenge reply.code = pyrad.packet.AccessChallenge
hmac_obj = hmac.new(reply.secret, digestmod=hashlib.md5)
hmac_obj.update(struct.pack("B", reply.code))
hmac_obj.update(struct.pack("B", reply.id))
# reply attributes # reply attributes
reply.AddAttribute("Message-Authenticator", 16*b'\x00') build_message_auth(pkt, reply)
attrs = reply._PktEncodeAttributes()
# Length
flen = 4 + 16 + len(attrs)
hmac_obj.update(struct.pack(">H", flen))
hmac_obj.update(pkt.authenticator)
hmac_obj.update(attrs)
del reply[80]
add_message_authenticator_attr(reply, hmac_obj.digest())
self.SendReplyPacket(pkt.fd, reply) self.SendReplyPacket(pkt.fd, reply)

5
tests/hwsim/test_radius.py
View file

@ -22,7 +22,7 @@ import hostapd
from utils import * from utils import *
from test_ap_hs20 import build_dhcp_ack from test_ap_hs20 import build_dhcp_ack
from test_ap_ft import ft_params1 from test_ap_ft import ft_params1
from test_eap_proto import add_message_authenticator_attr from test_eap_proto import add_message_authenticator_attr, build_message_auth
def connect(dev, ssid, wait_connect=True): def connect(dev, ssid, wait_connect=True):
dev.connect(ssid, key_mgmt="WPA-EAP", scan_freq="2412", dev.connect(ssid, key_mgmt="WPA-EAP", scan_freq="2412",
@ -1233,6 +1233,8 @@ def start_radius_psk_server(psk, invalid_code=False, acct_interim_interval=0,
if self.t_events['session_timeout']: if self.t_events['session_timeout']:
reply.AddAttribute("Session-Timeout", reply.AddAttribute("Session-Timeout",
self.t_events['session_timeout']) self.t_events['session_timeout'])
build_message_auth(pkt, reply)
self.SendReplyPacket(pkt.fd, reply) self.SendReplyPacket(pkt.fd, reply)
def RunWithStop(self, t_events): def RunWithStop(self, t_events):
@ -1587,6 +1589,7 @@ def test_ap_vlan_wpa2_psk_radius_required(dev, apdev):
reply.AddAttribute("Tunnel-Type", 13) reply.AddAttribute("Tunnel-Type", 13)
reply.AddAttribute("Tunnel-Medium-Type", 6) reply.AddAttribute("Tunnel-Medium-Type", 6)
reply.AddAttribute("Tunnel-Private-Group-ID", "1") reply.AddAttribute("Tunnel-Private-Group-ID", "1")
build_message_auth(pkt, reply)
self.SendReplyPacket(pkt.fd, reply) self.SendReplyPacket(pkt.fd, reply)
def RunWithStop(self, t_events): def RunWithStop(self, t_events):