From 6c080dfab2c094f962df7c76e19d99b5536253d7 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 20 Jun 2014 20:58:54 +0300 Subject: [PATCH] tests: EAP-SIM/AKA/AKA' protocol tests Signed-off-by: Jouni Malinen --- tests/hwsim/test_eap_proto.py | 1490 +++++++++++++++++++++++++++++++++ 1 file changed, 1490 insertions(+) diff --git a/tests/hwsim/test_eap_proto.py b/tests/hwsim/test_eap_proto.py index 2521286b6..3f328d74d 100644 --- a/tests/hwsim/test_eap_proto.py +++ b/tests/hwsim/test_eap_proto.py @@ -2071,3 +2071,1493 @@ def test_eap_proto_psk(dev, apdev): dev[0].request("REMOVE_NETWORK all") finally: stop_radius_server(srv) + +EAP_SIM_SUBTYPE_START = 10 +EAP_SIM_SUBTYPE_CHALLENGE = 11 +EAP_SIM_SUBTYPE_NOTIFICATION = 12 +EAP_SIM_SUBTYPE_REAUTHENTICATION = 13 +EAP_SIM_SUBTYPE_CLIENT_ERROR = 14 + +EAP_AKA_SUBTYPE_CHALLENGE = 1 +EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT = 2 +EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE = 4 +EAP_AKA_SUBTYPE_IDENTITY = 5 +EAP_AKA_SUBTYPE_NOTIFICATION = 12 +EAP_AKA_SUBTYPE_REAUTHENTICATION = 13 +EAP_AKA_SUBTYPE_CLIENT_ERROR = 14 + +EAP_SIM_AT_RAND = 1 +EAP_SIM_AT_AUTN = 2 +EAP_SIM_AT_RES = 3 +EAP_SIM_AT_AUTS = 4 +EAP_SIM_AT_PADDING = 6 +EAP_SIM_AT_NONCE_MT = 7 +EAP_SIM_AT_PERMANENT_ID_REQ = 10 +EAP_SIM_AT_MAC = 11 +EAP_SIM_AT_NOTIFICATION = 12 +EAP_SIM_AT_ANY_ID_REQ = 13 +EAP_SIM_AT_IDENTITY = 14 +EAP_SIM_AT_VERSION_LIST = 15 +EAP_SIM_AT_SELECTED_VERSION = 16 +EAP_SIM_AT_FULLAUTH_ID_REQ = 17 +EAP_SIM_AT_COUNTER = 19 +EAP_SIM_AT_COUNTER_TOO_SMALL = 20 +EAP_SIM_AT_NONCE_S = 21 +EAP_SIM_AT_CLIENT_ERROR_CODE = 22 +EAP_SIM_AT_KDF_INPUT = 23 +EAP_SIM_AT_KDF = 24 +EAP_SIM_AT_IV = 129 +EAP_SIM_AT_ENCR_DATA = 130 +EAP_SIM_AT_NEXT_PSEUDONYM = 132 +EAP_SIM_AT_NEXT_REAUTH_ID = 133 +EAP_SIM_AT_CHECKCODE = 134 +EAP_SIM_AT_RESULT_IND = 135 +EAP_SIM_AT_BIDDING = 136 + +def test_eap_proto_aka(dev, apdev): + """EAP-AKA protocol tests""" + def aka_handler(ctx, req): + logger.info("aka_handler - RX " + req.encode("hex")) + if 'num' not in ctx: + ctx['num'] = 0 + ctx['num'] = ctx['num'] + 1 + if 'id' not in ctx: + ctx['id'] = 1 + ctx['id'] = (ctx['id'] + 1) % 256 + + idx = 0 + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Missing payload") + return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], + 4 + 1, + EAP_TYPE_AKA) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Unknown subtype") + return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 1, + EAP_TYPE_AKA, 255) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Client Error") + return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 1, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CLIENT_ERROR) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Too short attribute header") + return struct.pack(">BBHBBHB", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 1 + 3, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, 255) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Truncated attribute") + return struct.pack(">BBHBBHBB", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 1 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, 255, + 255) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Too short attribute data") + return struct.pack(">BBHBBHBB", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 1 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, 255, + 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Skippable/non-skippable unrecognzized attribute") + return struct.pack(">BBHBBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 1 + 10, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + 255, 1, 0, 127, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request without ID type") + return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request ANY_ID") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_ANY_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request ANY_ID (duplicate)") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_ANY_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request ANY_ID") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_ANY_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request FULLAUTH_ID") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request FULLAUTH_ID (duplicate)") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request ANY_ID") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_ANY_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request FULLAUTH_ID") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request PERMANENT_ID") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_PERMANENT_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request PERMANENT_ID (duplicate)") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_PERMANENT_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge with no attributes") + return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: AKA Challenge with BIDDING") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_BIDDING, 1, 0x8000) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Notification with no attributes") + return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Notification indicating success, but no MAC") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0, + EAP_SIM_AT_NOTIFICATION, 1, 32768) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Notification indicating success, but invalid MAC value") + return struct.pack(">BBHBBHBBHBBH4L", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4 + 20, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0, + EAP_SIM_AT_NOTIFICATION, 1, 32768, + EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Notification indicating success with zero-key MAC") + return struct.pack(">BBHBBHBBHBBH16B", EAP_CODE_REQUEST, + ctx['id'] - 2, + 4 + 1 + 3 + 4 + 20, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0, + EAP_SIM_AT_NOTIFICATION, 1, 32768, + EAP_SIM_AT_MAC, 5, 0, + 0xbe, 0x2e, 0xbb, 0xa9, 0xfa, 0x2e, 0x82, 0x36, + 0x37, 0x8c, 0x32, 0x41, 0xb7, 0xc7, 0x58, 0xa3) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Success") + return struct.pack(">BBH", EAP_CODE_SUCCESS, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Notification before auth") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0, + EAP_SIM_AT_NOTIFICATION, 1, 16384) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Notification before auth") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0, + EAP_SIM_AT_NOTIFICATION, 1, 16385) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Notification with unrecognized non-failure") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0, + EAP_SIM_AT_NOTIFICATION, 1, 0xc000) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Notification before auth (duplicate)") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_NOTIFICATION, 0, + EAP_SIM_AT_NOTIFICATION, 1, 0xc000) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Re-authentication (unexpected) with no attributes") + return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_REAUTHENTICATION, + 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: AKA Challenge with Checkcode claiming identity round was used") + return struct.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 24, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_CHECKCODE, 6, 0, 0, 0, 0, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request ANY_ID") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_ANY_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: AKA Challenge with Checkcode claiming no identity round was used") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_CHECKCODE, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request ANY_ID") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_ANY_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: AKA Challenge with mismatching Checkcode value") + return struct.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 24, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_CHECKCODE, 6, 0, 0, 0, 0, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Re-authentication (unexpected) with Checkcode claimin identity round was used") + return struct.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 24, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_REAUTHENTICATION, + 0, + EAP_SIM_AT_CHECKCODE, 6, 0, 0, 0, 0, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_RAND length") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_RAND, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_AUTN length") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_AUTN, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Unencrypted AT_PADDING") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_PADDING, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_NONCE_MT length") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_NONCE_MT, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_MAC length") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_MAC, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_NOTIFICATION length") + return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_NOTIFICATION, 2, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: AT_IDENTITY overflow") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_IDENTITY, 1, 0xffff) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Unexpected AT_VERSION_LIST") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_VERSION_LIST, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_SELECTED_VERSION length") + return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_SELECTED_VERSION, 2, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Unencrypted AT_COUNTER") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_COUNTER, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Unencrypted AT_COUNTER_TOO_SMALL") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_COUNTER_TOO_SMALL, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Unencrypted AT_NONCE_S") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_NONCE_S, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_CLIENT_ERROR_CODE length") + return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_CLIENT_ERROR_CODE, 2, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_IV length") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_IV, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_ENCR_DATA length") + return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_ENCR_DATA, 2, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Unencrypted AT_NEXT_PSEUDONYM") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_NEXT_PSEUDONYM, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Unencrypted AT_NEXT_REAUTH_ID") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_NEXT_REAUTH_ID, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_RES length") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_RES, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_RES length") + return struct.pack(">BBHBBHBBH5L", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 24, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_RES, 6, 0xffff, 0, 0, 0, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_AUTS length") + return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_AUTS, 2, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_CHECKCODE length") + return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_CHECKCODE, 2, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_RESULT_IND length") + return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_RESULT_IND, 2, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Unexpected AT_KDF_INPUT") + return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_KDF_INPUT, 2, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Unexpected AT_KDF") + return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_KDF, 2, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_BIDDING length") + return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_AKA, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_BIDDING, 2, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + return None + + srv = start_radius_server(aka_handler) + if srv is None: + return "skip" + + try: + hapd = start_ap(apdev[0]['ifname']) + + for i in range(0, 49): + eap = "AKA AKA'" if i == 11 else "AKA" + dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412", + eap=eap, identity="0232010000000000", + password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123", + wait_connect=False) + ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], + timeout=15) + if ev is None: + raise Exception("Timeout on EAP start") + if i in [ 0, 15 ]: + time.sleep(0.1) + else: + ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], + timeout=10) + if ev is None: + raise Exception("Timeout on EAP failure") + dev[0].request("REMOVE_NETWORK all") + finally: + stop_radius_server(srv) + +def test_eap_proto_aka_prime(dev, apdev): + """EAP-AKA' protocol tests""" + def aka_prime_handler(ctx, req): + logger.info("aka_prime_handler - RX " + req.encode("hex")) + if 'num' not in ctx: + ctx['num'] = 0 + ctx['num'] = ctx['num'] + 1 + if 'id' not in ctx: + ctx['id'] = 1 + ctx['id'] = (ctx['id'] + 1) % 256 + + idx = 0 + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Missing payload") + return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], + 4 + 1, + EAP_TYPE_AKA_PRIME) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge with no attributes") + return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge with empty AT_KDF_INPUT") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF_INPUT, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge with AT_KDF_INPUT") + return struct.pack(">BBHBBHBBHBBBB", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'), + ord('c'), ord('d')) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge with duplicated KDF") + return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH", + EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 3 * 4, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'), + ord('c'), ord('d'), + EAP_SIM_AT_KDF, 1, 1, + EAP_SIM_AT_KDF, 1, 2, + EAP_SIM_AT_KDF, 1, 1) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge with multiple KDF proposals") + return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH", + EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 3 * 4, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'), + ord('c'), ord('d'), + EAP_SIM_AT_KDF, 1, 255, + EAP_SIM_AT_KDF, 1, 254, + EAP_SIM_AT_KDF, 1, 1) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge with incorrect KDF selected") + return struct.pack(">BBHBBHBBHBBBBBBHBBHBBHBBH", + EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 4 * 4, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'), + ord('c'), ord('d'), + EAP_SIM_AT_KDF, 1, 255, + EAP_SIM_AT_KDF, 1, 255, + EAP_SIM_AT_KDF, 1, 254, + EAP_SIM_AT_KDF, 1, 1) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge with multiple KDF proposals") + return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH", + EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 3 * 4, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'), + ord('c'), ord('d'), + EAP_SIM_AT_KDF, 1, 255, + EAP_SIM_AT_KDF, 1, 254, + EAP_SIM_AT_KDF, 1, 1) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge with selected KDF not duplicated") + return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH", + EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 3 * 4, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'), + ord('c'), ord('d'), + EAP_SIM_AT_KDF, 1, 1, + EAP_SIM_AT_KDF, 1, 255, + EAP_SIM_AT_KDF, 1, 254) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge with multiple KDF proposals") + return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH", + EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 3 * 4, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'), + ord('c'), ord('d'), + EAP_SIM_AT_KDF, 1, 255, + EAP_SIM_AT_KDF, 1, 254, + EAP_SIM_AT_KDF, 1, 1) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge with selected KDF duplicated (missing MAC, RAND, AUTN)") + return struct.pack(">BBHBBHBBHBBBBBBHBBHBBHBBH", + EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 4 * 4, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'), + ord('c'), ord('d'), + EAP_SIM_AT_KDF, 1, 1, + EAP_SIM_AT_KDF, 1, 255, + EAP_SIM_AT_KDF, 1, 254, + EAP_SIM_AT_KDF, 1, 1) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge with multiple unsupported KDF proposals") + return struct.pack(">BBHBBHBBHBBBBBBHBBH", + EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 2 * 4, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'), + ord('c'), ord('d'), + EAP_SIM_AT_KDF, 1, 255, + EAP_SIM_AT_KDF, 1, 254) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge with multiple KDF proposals") + return struct.pack(">BBHBBHBBHBBBBBBHBBHBBH", + EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 3 * 4, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'), + ord('c'), ord('d'), + EAP_SIM_AT_KDF, 1, 255, + EAP_SIM_AT_KDF, 1, 254, + EAP_SIM_AT_KDF, 1, 1) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge with invalid MAC, RAND, AUTN values)") + return struct.pack(">BBHBBHBBHBBBBBBHBBHBBHBBHBBH4LBBH4LBBH4L", + EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 4 * 4 + 20 + 20 + 20, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'), + ord('c'), ord('d'), + EAP_SIM_AT_KDF, 1, 1, + EAP_SIM_AT_KDF, 1, 255, + EAP_SIM_AT_KDF, 1, 254, + EAP_SIM_AT_KDF, 1, 1, + EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0, + EAP_SIM_AT_RAND, 5, 0, 0, 0, 0, 0, + EAP_SIM_AT_AUTN, 5, 0, 0, 0, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge - AMF separation bit not set)") + return struct.pack(">BBHBBHBBHBBBBBBHBBH4LBBH4LBBH4L", + EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 4 + 20 + 20 + 20, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'), + ord('c'), ord('d'), + EAP_SIM_AT_KDF, 1, 1, + EAP_SIM_AT_MAC, 5, 0, 1, 2, 3, 4, + EAP_SIM_AT_RAND, 5, 0, 5, 6, 7, 8, + EAP_SIM_AT_AUTN, 5, 0, 9, 10, + 0x2fda8ef7, 0xbba518cc) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge - Invalid MAC") + return struct.pack(">BBHBBHBBHBBBBBBHBBH4LBBH4LBBH4L", + EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 4 + 20 + 20 + 20, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'), + ord('c'), ord('d'), + EAP_SIM_AT_KDF, 1, 1, + EAP_SIM_AT_MAC, 5, 0, 1, 2, 3, 4, + EAP_SIM_AT_RAND, 5, 0, 5, 6, 7, 8, + EAP_SIM_AT_AUTN, 5, 0, 0xffffffff, 0xffffffff, + 0xd1f90322, 0x40514cb4) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge - Valid MAC") + return struct.pack(">BBHBBHBBHBBBBBBHBBH4LBBH4LBBH4L", + EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 4 + 20 + 20 + 20, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF_INPUT, 2, 1, ord('a'), ord('b'), + ord('c'), ord('d'), + EAP_SIM_AT_KDF, 1, 1, + EAP_SIM_AT_MAC, 5, 0, + 0xf4a3c1d3, 0x7c901401, 0x34bd8b01, 0x6f7fa32f, + EAP_SIM_AT_RAND, 5, 0, 5, 6, 7, 8, + EAP_SIM_AT_AUTN, 5, 0, 0xffffffff, 0xffffffff, + 0xd1f90322, 0x40514cb4) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_KDF_INPUT length") + return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_KDF_INPUT, 2, 0xffff, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Invalid AT_KDF length") + return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_IDENTITY, 0, + EAP_SIM_AT_KDF, 2, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Challenge with large number of KDF proposals") + return struct.pack(">BBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBHBBH", + EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 12 * 4, + EAP_TYPE_AKA_PRIME, EAP_AKA_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_KDF, 1, 255, + EAP_SIM_AT_KDF, 1, 254, + EAP_SIM_AT_KDF, 1, 253, + EAP_SIM_AT_KDF, 1, 252, + EAP_SIM_AT_KDF, 1, 251, + EAP_SIM_AT_KDF, 1, 250, + EAP_SIM_AT_KDF, 1, 249, + EAP_SIM_AT_KDF, 1, 248, + EAP_SIM_AT_KDF, 1, 247, + EAP_SIM_AT_KDF, 1, 246, + EAP_SIM_AT_KDF, 1, 245, + EAP_SIM_AT_KDF, 1, 244) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + return None + + srv = start_radius_server(aka_prime_handler) + if srv is None: + return "skip" + + try: + hapd = start_ap(apdev[0]['ifname']) + + for i in range(0, 16): + dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412", + eap="AKA'", identity="6555444333222111", + password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123", + wait_connect=False) + ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], + timeout=15) + if ev is None: + raise Exception("Timeout on EAP start") + if i in [ 0 ]: + time.sleep(0.1) + else: + ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], + timeout=10) + if ev is None: + raise Exception("Timeout on EAP failure") + dev[0].request("REMOVE_NETWORK all") + finally: + stop_radius_server(srv) + +def test_eap_proto_sim(dev, apdev): + """EAP-SIM protocol tests""" + def sim_handler(ctx, req): + logger.info("sim_handler - RX " + req.encode("hex")) + if 'num' not in ctx: + ctx['num'] = 0 + ctx['num'] = ctx['num'] + 1 + if 'id' not in ctx: + ctx['id'] = 1 + ctx['id'] = (ctx['id'] + 1) % 256 + + idx = 0 + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Missing payload") + return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'], + 4 + 1, + EAP_TYPE_SIM) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Unexpected AT_AUTN") + return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_AUTN, 2, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Too short AT_VERSION_LIST") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_VERSION_LIST, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: AT_VERSION_LIST overflow") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_VERSION_LIST, 1, 0xffff) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Unexpected AT_AUTS") + return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_AUTS, 2, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Unexpected AT_CHECKCODE") + return struct.pack(">BBHBBHBBHL", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_CHECKCODE, 2, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: No AT_VERSION_LIST in Start") + return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: No support version in AT_VERSION_LIST") + return struct.pack(">BBHBBHBBH4B", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_VERSION_LIST, 2, 3, 2, 3, 4, 5) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request without ID type") + return struct.pack(">BBHBBHBBH2H", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request ANY_ID") + return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0, + EAP_SIM_AT_ANY_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request ANY_ID (duplicate)") + return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0, + EAP_SIM_AT_ANY_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request ANY_ID") + return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0, + EAP_SIM_AT_ANY_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request FULLAUTH_ID") + return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0, + EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request FULLAUTH_ID (duplicate)") + return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0, + EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request ANY_ID") + return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0, + EAP_SIM_AT_ANY_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request FULLAUTH_ID") + return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0, + EAP_SIM_AT_FULLAUTH_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request PERMANENT_ID") + return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0, + EAP_SIM_AT_PERMANENT_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Identity request PERMANENT_ID (duplicate)") + return struct.pack(">BBHBBHBBH2HBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 8 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_START, 0, + EAP_SIM_AT_VERSION_LIST, 2, 2, 1, 0, + EAP_SIM_AT_PERMANENT_ID_REQ, 1, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: No AT_MAC and AT_RAND in Challenge") + return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: No AT_RAND in Challenge") + return struct.pack(">BBHBBHBBH4L", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 20, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Insufficient number of challenges in Challenge") + return struct.pack(">BBHBBHBBH4LBBH4L", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 20 + 20, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_RAND, 5, 0, 0, 0, 0, 0, + EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Too many challenges in Challenge") + return struct.pack(">BBHBBHBBH4L4L4L4LBBH4L", EAP_CODE_REQUEST, + ctx['id'], + 4 + 1 + 3 + 4 + 4 * 16 + 20, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_RAND, 17, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Same RAND multiple times in Challenge") + return struct.pack(">BBHBBHBBH4L4L4LBBH4L", EAP_CODE_REQUEST, + ctx['id'], + 4 + 1 + 3 + 4 + 3 * 16 + 20, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CHALLENGE, 0, + EAP_SIM_AT_RAND, 13, 0, 0, 0, 0, 0, 0, 0, 0, 1, + 0, 0, 0, 0, + EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Notification with no attributes") + return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Notification indicating success, but no MAC") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0, + EAP_SIM_AT_NOTIFICATION, 1, 32768) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Notification indicating success, but invalid MAC value") + return struct.pack(">BBHBBHBBHBBH4L", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4 + 20, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0, + EAP_SIM_AT_NOTIFICATION, 1, 32768, + EAP_SIM_AT_MAC, 5, 0, 0, 0, 0, 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Notification before auth") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0, + EAP_SIM_AT_NOTIFICATION, 1, 16384) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Notification before auth") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0, + EAP_SIM_AT_NOTIFICATION, 1, 16385) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Notification with unrecognized non-failure") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0, + EAP_SIM_AT_NOTIFICATION, 1, 0xc000) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Notification before auth (duplicate)") + return struct.pack(">BBHBBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3 + 4, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_NOTIFICATION, 0, + EAP_SIM_AT_NOTIFICATION, 1, 0xc000) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Re-authentication (unexpected) with no attributes") + return struct.pack(">BBHBBH", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 3, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_REAUTHENTICATION, + 0) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Client Error") + return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 1, + EAP_TYPE_SIM, EAP_SIM_SUBTYPE_CLIENT_ERROR) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + idx += 1 + if ctx['num'] == idx: + logger.info("Test: Unknown subtype") + return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'], + 4 + 1 + 1, + EAP_TYPE_SIM, 255) + idx += 1 + if ctx['num'] == idx: + logger.info("Test: EAP-Failure") + return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4) + + return None + + srv = start_radius_server(sim_handler) + if srv is None: + return "skip" + + try: + hapd = start_ap(apdev[0]['ifname']) + + for i in range(0, 25): + dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412", + eap="SIM", identity="1232010000000000", + password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581", + wait_connect=False) + ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], + timeout=15) + if ev is None: + raise Exception("Timeout on EAP start") + if i in [ 0 ]: + time.sleep(0.1) + else: + ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], + timeout=10) + if ev is None: + raise Exception("Timeout on EAP failure") + dev[0].request("REMOVE_NETWORK all") + finally: + stop_radius_server(srv)