From e8706c109e922f288542f02c8c58766ef4e26ed7 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 25 Jan 2023 20:43:16 +0200 Subject: [PATCH] tests: Work around pyrad issues with octet strings that start with "0x" pyrad's tools.py EncodeOctets() uses a design that tries to automatically determine when the octetstring is a hex string based on the binary data starting with "0x". That is not really nice since it will result in failing one out of 65536 possible random inputs with "binascii.Error: Non-hexadecimal digit found" when trying to decode an actual (non-hex) binary string as a hexstring. Work around this by convering the special cases where the Message-Authenticator binary value happens to start with b"0x" to a hexstring. Signed-off-by: Jouni Malinen --- tests/hwsim/test_eap_proto.py | 10 +++++++++- tests/hwsim/test_radius.py | 7 ++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/tests/hwsim/test_eap_proto.py b/tests/hwsim/test_eap_proto.py index 60d2e90da..4254620b4 100644 --- a/tests/hwsim/test_eap_proto.py +++ b/tests/hwsim/test_eap_proto.py @@ -74,6 +74,14 @@ EAP_ERP_TLV_NAS_IDENTIFIER = 130 EAP_ERP_TLV_NAS_IP_ADDRESS = 131 EAP_ERP_TLV_NAS_IPV6_ADDRESS = 132 +def add_message_authenticator_attr(reply, digest): + if digest.startswith(b'0x'): + # Work around pyrad tools.py EncodeOctets() functionality that + # assumes a binary value that happens to start with "0x" to be + # a hex string. + digest = b"0x" + binascii.hexlify(digest) + reply.AddAttribute("Message-Authenticator", digest) + def run_pyrad_server(srv, t_stop, eap_handler): srv.RunWithStop(t_stop, eap_handler) @@ -119,7 +127,7 @@ def start_radius_server(eap_handler): hmac_obj.update(pkt.authenticator) hmac_obj.update(attrs) del reply[80] - reply.AddAttribute("Message-Authenticator", hmac_obj.digest()) + add_message_authenticator_attr(reply, hmac_obj.digest()) self.SendReplyPacket(pkt.fd, reply) diff --git a/tests/hwsim/test_radius.py b/tests/hwsim/test_radius.py index 80c11002d..8014f8869 100644 --- a/tests/hwsim/test_radius.py +++ b/tests/hwsim/test_radius.py @@ -21,6 +21,7 @@ import hostapd from utils import * from test_ap_hs20 import build_dhcp_ack from test_ap_ft import ft_params1 +from test_eap_proto import add_message_authenticator_attr def connect(dev, ssid, wait_connect=True): dev.connect(ssid, key_mgmt="WPA-EAP", scan_freq="2412", @@ -791,7 +792,7 @@ def add_message_auth_req(req): hmac_obj.update(16*b"\x00") # all zeros Authenticator in calculation hmac_obj.update(attrs) del req[80] - req.AddAttribute("Message-Authenticator", hmac_obj.digest()) + add_message_authenticator_attr(req, hmac_obj.digest()) def test_radius_das_disconnect_time_window(dev, apdev): """RADIUS Dynamic Authorization Extensions - Disconnect - time window""" @@ -1077,7 +1078,7 @@ def test_radius_protocol(dev, apdev): logger.info("Include two Message-Authenticator attributes") else: del reply[80] - reply.AddAttribute("Message-Authenticator", hmac_obj.digest()) + add_message_authenticator_attr(reply, hmac_obj.digest()) self.SendReplyPacket(pkt.fd, reply) def RunWithStop(self, t_events): @@ -1477,7 +1478,7 @@ def add_message_auth(req): hmac_obj.update(req.authenticator) hmac_obj.update(attrs) del req[80] - req.AddAttribute("Message-Authenticator", hmac_obj.digest()) + add_message_authenticator_attr(req, hmac_obj.digest()) def test_radius_server_failures(dev, apdev): """RADIUS server failure cases"""