tests: EAP-IKEv2 protocol tests
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
8779ac8a67
commit
cb0555f7be
1 changed files with 470 additions and 4 deletions
|
|
@ -65,10 +65,13 @@ def start_radius_server(eap_handler):
|
||||||
eap_req = self.eap_handler(self.ctx, eap)
|
eap_req = self.eap_handler(self.ctx, eap)
|
||||||
reply = self.CreateReplyPacket(pkt)
|
reply = self.CreateReplyPacket(pkt)
|
||||||
if eap_req:
|
if eap_req:
|
||||||
|
while True:
|
||||||
if len(eap_req) > 253:
|
if len(eap_req) > 253:
|
||||||
logger.info("Need to fragment EAP-Message")
|
reply.AddAttribute("EAP-Message", eap_req[0:253])
|
||||||
# TODO: fragment
|
eap_req = eap_req[253:]
|
||||||
|
else:
|
||||||
reply.AddAttribute("EAP-Message", eap_req)
|
reply.AddAttribute("EAP-Message", eap_req)
|
||||||
|
break
|
||||||
else:
|
else:
|
||||||
logger.info("No EAP request available")
|
logger.info("No EAP request available")
|
||||||
reply.code = pyrad.packet.AccessChallenge
|
reply.code = pyrad.packet.AccessChallenge
|
||||||
|
|
@ -3561,3 +3564,466 @@ def test_eap_proto_sim(dev, apdev):
|
||||||
dev[0].request("REMOVE_NETWORK all")
|
dev[0].request("REMOVE_NETWORK all")
|
||||||
finally:
|
finally:
|
||||||
stop_radius_server(srv)
|
stop_radius_server(srv)
|
||||||
|
|
||||||
|
def test_eap_proto_ikev2(dev, apdev):
|
||||||
|
"""EAP-IKEv2 protocol tests"""
|
||||||
|
def ikev2_handler(ctx, req):
|
||||||
|
logger.info("ikev2_handler - RX " + req.encode("hex"))
|
||||||
|
if 'num' not in ctx:
|
||||||
|
ctx['num'] = 0
|
||||||
|
ctx['num'] = ctx['num'] + 1
|
||||||
|
if 'id' not in ctx:
|
||||||
|
ctx['id'] = 1
|
||||||
|
ctx['id'] = (ctx['id'] + 1) % 256
|
||||||
|
|
||||||
|
idx = 0
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Missing payload")
|
||||||
|
return struct.pack(">BBHB", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1,
|
||||||
|
EAP_TYPE_IKEV2)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Truncated Message Length field")
|
||||||
|
return struct.pack(">BBHBB3B", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 3,
|
||||||
|
EAP_TYPE_IKEV2, 0x80, 0, 0, 0)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Too short Message Length value")
|
||||||
|
return struct.pack(">BBHBBLB", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 4 + 1,
|
||||||
|
EAP_TYPE_IKEV2, 0x80, 0, 1)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Truncated message")
|
||||||
|
return struct.pack(">BBHBBL", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 4,
|
||||||
|
EAP_TYPE_IKEV2, 0x80, 1)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Truncated message(2)")
|
||||||
|
return struct.pack(">BBHBBL", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 4,
|
||||||
|
EAP_TYPE_IKEV2, 0x80, 0xffffffff)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Truncated message(3)")
|
||||||
|
return struct.pack(">BBHBBL", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 4,
|
||||||
|
EAP_TYPE_IKEV2, 0xc0, 0xffffffff)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Truncated message(4)")
|
||||||
|
return struct.pack(">BBHBBL", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 4,
|
||||||
|
EAP_TYPE_IKEV2, 0xc0, 10000000)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Too long fragments (first fragment)")
|
||||||
|
return struct.pack(">BBHBBLB", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 4 + 1,
|
||||||
|
EAP_TYPE_IKEV2, 0xc0, 2, 1)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Too long fragments (second fragment)")
|
||||||
|
return struct.pack(">BBHBB2B", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 2,
|
||||||
|
EAP_TYPE_IKEV2, 0x00, 2, 3)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: No Message Length field in first fragment")
|
||||||
|
return struct.pack(">BBHBBB", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 1,
|
||||||
|
EAP_TYPE_IKEV2, 0x40, 1)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: ICV before keys")
|
||||||
|
return struct.pack(">BBHBB", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1,
|
||||||
|
EAP_TYPE_IKEV2, 0x20)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Unsupported IKEv2 header version")
|
||||||
|
return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 28,
|
||||||
|
EAP_TYPE_IKEV2, 0x00,
|
||||||
|
0, 0, 0, 0,
|
||||||
|
0, 0, 0, 0, 0, 0)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Incorrect IKEv2 header Length")
|
||||||
|
return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 28,
|
||||||
|
EAP_TYPE_IKEV2, 0x00,
|
||||||
|
0, 0, 0, 0,
|
||||||
|
0, 0x20, 0, 0, 0, 0)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Unexpected IKEv2 Exchange Type in SA_INIT state")
|
||||||
|
return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 28,
|
||||||
|
EAP_TYPE_IKEV2, 0x00,
|
||||||
|
0, 0, 0, 0,
|
||||||
|
0, 0x20, 0, 0, 0, 28)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Unexpected IKEv2 Message ID in SA_INIT state")
|
||||||
|
return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 28,
|
||||||
|
EAP_TYPE_IKEV2, 0x00,
|
||||||
|
0, 0, 0, 0,
|
||||||
|
0, 0x20, 34, 0, 1, 28)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Unexpected IKEv2 Flags value")
|
||||||
|
return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 28,
|
||||||
|
EAP_TYPE_IKEV2, 0x00,
|
||||||
|
0, 0, 0, 0,
|
||||||
|
0, 0x20, 34, 0, 0, 28)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Unexpected IKEv2 Flags value(2)")
|
||||||
|
return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 28,
|
||||||
|
EAP_TYPE_IKEV2, 0x00,
|
||||||
|
0, 0, 0, 0,
|
||||||
|
0, 0x20, 34, 0x20, 0, 28)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: No SAi1 in SA_INIT")
|
||||||
|
return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1 + 28,
|
||||||
|
EAP_TYPE_IKEV2, 0x00,
|
||||||
|
0, 0, 0, 0,
|
||||||
|
0, 0x20, 34, 0x08, 0, 28)
|
||||||
|
|
||||||
|
def build_ike(id, next=0, exch_type=34, flags=0x00, ike=''):
|
||||||
|
return struct.pack(">BBHBB2L2LBBBBLL", EAP_CODE_REQUEST, id,
|
||||||
|
4 + 1 + 1 + 28 + len(ike),
|
||||||
|
EAP_TYPE_IKEV2, flags,
|
||||||
|
0, 0, 0, 0,
|
||||||
|
next, 0x20, exch_type, 0x08, 0,
|
||||||
|
28 + len(ike)) + ike
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Unexpected extra data after payloads")
|
||||||
|
return build_ike(ctx['id'], ike=struct.pack(">B", 1))
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Truncated payload header")
|
||||||
|
return build_ike(ctx['id'], next=128, ike=struct.pack(">B", 1))
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Too small payload header length")
|
||||||
|
ike = struct.pack(">BBH", 0, 0, 3)
|
||||||
|
return build_ike(ctx['id'], next=128, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Too large payload header length")
|
||||||
|
ike = struct.pack(">BBH", 0, 0, 5)
|
||||||
|
return build_ike(ctx['id'], next=128, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Unsupported payload (non-critical and critical)")
|
||||||
|
ike = struct.pack(">BBHBBH", 129, 0, 4, 0, 0x01, 4)
|
||||||
|
return build_ike(ctx['id'], next=128, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Certificate and empty SAi1")
|
||||||
|
ike = struct.pack(">BBHBBH", 33, 0, 4, 0, 0, 4)
|
||||||
|
return build_ike(ctx['id'], next=37, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Too short proposal")
|
||||||
|
ike = struct.pack(">BBHBBHBBB", 0, 0, 4 + 7,
|
||||||
|
0, 0, 7, 0, 0, 0)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Too small proposal length in SAi1")
|
||||||
|
ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
|
||||||
|
0, 0, 7, 0, 0, 0, 0)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Too large proposal length in SAi1")
|
||||||
|
ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
|
||||||
|
0, 0, 9, 0, 0, 0, 0)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Unexpected proposal type in SAi1")
|
||||||
|
ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
|
||||||
|
1, 0, 8, 0, 0, 0, 0)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Unexpected Protocol ID in SAi1")
|
||||||
|
ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
|
||||||
|
0, 0, 8, 0, 0, 0, 0)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Unexpected proposal number in SAi1")
|
||||||
|
ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
|
||||||
|
0, 0, 8, 0, 1, 0, 0)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Not enough room for SPI in SAi1")
|
||||||
|
ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
|
||||||
|
0, 0, 8, 1, 1, 1, 0)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Unexpected SPI in SAi1")
|
||||||
|
ike = struct.pack(">BBHBBHBBBBB", 0, 0, 4 + 9,
|
||||||
|
0, 0, 9, 1, 1, 1, 0, 1)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: No transforms in SAi1")
|
||||||
|
ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
|
||||||
|
0, 0, 8, 1, 1, 0, 0)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Too short transform in SAi1")
|
||||||
|
ike = struct.pack(">BBHBBHBBBB", 0, 0, 4 + 8,
|
||||||
|
0, 0, 8, 1, 1, 0, 1)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Too small transform length in SAi1")
|
||||||
|
ike = struct.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
|
||||||
|
0, 0, 8 + 8, 1, 1, 0, 1,
|
||||||
|
0, 0, 7, 0, 0, 0)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Too large transform length in SAi1")
|
||||||
|
ike = struct.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
|
||||||
|
0, 0, 8 + 8, 1, 1, 0, 1,
|
||||||
|
0, 0, 9, 0, 0, 0)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Unexpected Transform type in SAi1")
|
||||||
|
ike = struct.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
|
||||||
|
0, 0, 8 + 8, 1, 1, 0, 1,
|
||||||
|
1, 0, 8, 0, 0, 0)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: No transform attributes in SAi1")
|
||||||
|
ike = struct.pack(">BBHBBHBBBBBBHBBH", 0, 0, 4 + 8 + 8,
|
||||||
|
0, 0, 8 + 8, 1, 1, 0, 1,
|
||||||
|
0, 0, 8, 0, 0, 0)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: No transform attr for AES and unexpected data after transforms in SAi1")
|
||||||
|
tlen1 = 8 + 3
|
||||||
|
tlen2 = 8 + 4
|
||||||
|
tlen3 = 8 + 4
|
||||||
|
tlen = tlen1 + tlen2 + tlen3
|
||||||
|
ike = struct.pack(">BBHBBHBBBBBBHBBH3BBBHBBHHHBBHBBHHHB",
|
||||||
|
0, 0, 4 + 8 + tlen + 1,
|
||||||
|
0, 0, 8 + tlen + 1, 1, 1, 0, 3,
|
||||||
|
3, 0, tlen1, 1, 0, 12, 1, 2, 3,
|
||||||
|
3, 0, tlen2, 1, 0, 12, 0, 128,
|
||||||
|
0, 0, tlen3, 1, 0, 12, 0x8000 | 14, 127,
|
||||||
|
1)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
def build_sa(next=0):
|
||||||
|
tlen = 5 * 8
|
||||||
|
return struct.pack(">BBHBBHBBBBBBHBBHBBHBBHBBHBBHBBHBBHBBHBBH",
|
||||||
|
next, 0, 4 + 8 + tlen,
|
||||||
|
0, 0, 8 + tlen, 1, 1, 0, 5,
|
||||||
|
3, 0, 8, 1, 0, 3,
|
||||||
|
3, 0, 8, 2, 0, 1,
|
||||||
|
3, 0, 8, 3, 0, 1,
|
||||||
|
3, 0, 8, 4, 0, 5,
|
||||||
|
0, 0, 8, 241, 0, 0)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Valid proposal, but no KEi in SAi1")
|
||||||
|
ike = build_sa()
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Empty KEi in SAi1")
|
||||||
|
ike = build_sa(next=34) + struct.pack(">BBH", 0, 0, 4)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Mismatch in DH Group in SAi1")
|
||||||
|
ike = build_sa(next=34)
|
||||||
|
ike += struct.pack(">BBHHH", 0, 0, 4 + 4 + 96, 12345, 0)
|
||||||
|
ike += 96*'\x00'
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: EAP-Failure")
|
||||||
|
return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Invalid DH public value length in SAi1")
|
||||||
|
ike = build_sa(next=34)
|
||||||
|
ike += struct.pack(">BBHHH", 0, 0, 4 + 4 + 96, 5, 0)
|
||||||
|
ike += 96*'\x00'
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
def build_ke(next=0):
|
||||||
|
ke = struct.pack(">BBHHH", next, 0, 4 + 4 + 192, 5, 0)
|
||||||
|
ke += 192*'\x00'
|
||||||
|
return ke
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Valid proposal and KEi, but no Ni in SAi1")
|
||||||
|
ike = build_sa(next=34)
|
||||||
|
ike += build_ke()
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Too short Ni in SAi1")
|
||||||
|
ike = build_sa(next=34)
|
||||||
|
ike += build_ke(next=40)
|
||||||
|
ike += struct.pack(">BBH", 0, 0, 4)
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Too long Ni in SAi1")
|
||||||
|
ike = build_sa(next=34)
|
||||||
|
ike += build_ke(next=40)
|
||||||
|
ike += struct.pack(">BBH", 0, 0, 4 + 257) + 257*'\x00'
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
def build_ni(next=0):
|
||||||
|
return struct.pack(">BBH", next, 0, 4 + 256) + 256*'\x00'
|
||||||
|
|
||||||
|
def build_sai1(id):
|
||||||
|
ike = build_sa(next=34)
|
||||||
|
ike += build_ke(next=40)
|
||||||
|
ike += build_ni()
|
||||||
|
return build_ike(ctx['id'], next=33, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Valid proposal, KEi, and Ni in SAi1")
|
||||||
|
return build_sai1(ctx['id'])
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: EAP-Failure")
|
||||||
|
return struct.pack(">BBH", EAP_CODE_FAILURE, ctx['id'], 4)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Valid proposal, KEi, and Ni in SAi1")
|
||||||
|
return build_sai1(ctx['id'])
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: No integrity checksum")
|
||||||
|
ike = ''
|
||||||
|
return build_ike(ctx['id'], next=37, ike=ike)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Valid proposal, KEi, and Ni in SAi1")
|
||||||
|
return build_sai1(ctx['id'])
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Truncated integrity checksum")
|
||||||
|
return struct.pack(">BBHBB",
|
||||||
|
EAP_CODE_REQUEST, ctx['id'],
|
||||||
|
4 + 1 + 1,
|
||||||
|
EAP_TYPE_IKEV2, 0x20)
|
||||||
|
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Valid proposal, KEi, and Ni in SAi1")
|
||||||
|
return build_sai1(ctx['id'])
|
||||||
|
idx += 1
|
||||||
|
if ctx['num'] == idx:
|
||||||
|
logger.info("Test: Invalid integrity checksum")
|
||||||
|
ike = ''
|
||||||
|
return build_ike(ctx['id'], next=37, flags=0x20, ike=ike)
|
||||||
|
|
||||||
|
return None
|
||||||
|
|
||||||
|
srv = start_radius_server(ikev2_handler)
|
||||||
|
if srv is None:
|
||||||
|
return "skip"
|
||||||
|
|
||||||
|
try:
|
||||||
|
hapd = start_ap(apdev[0]['ifname'])
|
||||||
|
|
||||||
|
for i in range(49):
|
||||||
|
dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412",
|
||||||
|
eap="IKEV2", identity="user",
|
||||||
|
password="password",
|
||||||
|
wait_connect=False)
|
||||||
|
ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"],
|
||||||
|
timeout=15)
|
||||||
|
if ev is None:
|
||||||
|
raise Exception("Timeout on EAP start")
|
||||||
|
if i in [ 40, 45 ]:
|
||||||
|
ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"],
|
||||||
|
timeout=10)
|
||||||
|
if ev is None:
|
||||||
|
raise Exception("Timeout on EAP failure")
|
||||||
|
else:
|
||||||
|
time.sleep(0.05)
|
||||||
|
dev[0].request("REMOVE_NETWORK all")
|
||||||
|
finally:
|
||||||
|
stop_radius_server(srv)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue