1# IEEE 802.1X tests 2# Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi> 3# 4# This software may be distributed under the terms of the BSD license. 5# See README for more details. 6 7from remotehost import remote_compatible 8import binascii 9import hmac 10import logging 11import os 12import time 13 14import hostapd 15import hwsim_utils 16from utils import * 17from tshark import run_tshark 18 19logger = logging.getLogger() 20 21def test_ieee8021x_wep104(dev, apdev): 22 """IEEE 802.1X connection using dynamic WEP104""" 23 check_wep_capa(dev[0]) 24 skip_with_fips(dev[0]) 25 params = hostapd.radius_params() 26 params["ssid"] = "ieee8021x-wep" 27 params["ieee8021x"] = "1" 28 params["wep_key_len_broadcast"] = "13" 29 params["wep_key_len_unicast"] = "13" 30 hapd = hostapd.add_ap(apdev[0], params) 31 32 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK", 33 identity="psk.user@example.com", 34 password_hex="0123456789abcdef0123456789abcdef", 35 scan_freq="2412") 36 hwsim_utils.test_connectivity(dev[0], hapd) 37 38def test_ieee8021x_wep40(dev, apdev): 39 """IEEE 802.1X connection using dynamic WEP40""" 40 check_wep_capa(dev[0]) 41 skip_with_fips(dev[0]) 42 params = hostapd.radius_params() 43 params["ssid"] = "ieee8021x-wep" 44 params["ieee8021x"] = "1" 45 params["wep_key_len_broadcast"] = "5" 46 params["wep_key_len_unicast"] = "5" 47 hapd = hostapd.add_ap(apdev[0], params) 48 49 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK", 50 identity="psk.user@example.com", 51 password_hex="0123456789abcdef0123456789abcdef", 52 scan_freq="2412") 53 hwsim_utils.test_connectivity(dev[0], hapd) 54 55def test_ieee8021x_wep_index_workaround(dev, apdev): 56 """IEEE 802.1X and EAPOL-Key index workaround""" 57 check_wep_capa(dev[0]) 58 skip_with_fips(dev[0]) 59 params = hostapd.radius_params() 60 params["ssid"] = "ieee8021x-wep" 61 params["ieee8021x"] = "1" 62 params["wep_key_len_broadcast"] = "5" 63 params["eapol_key_index_workaround"] = "1" 64 hapd = hostapd.add_ap(apdev[0], params) 65 66 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eapol_flags="1", 67 eap="PSK", 68 identity="psk.user@example.com", 69 password_hex="0123456789abcdef0123456789abcdef", 70 scan_freq="2412") 71 72def test_ieee8021x_open(dev, apdev): 73 """IEEE 802.1X connection using open network""" 74 params = hostapd.radius_params() 75 params["ssid"] = "ieee8021x-open" 76 params["ieee8021x"] = "1" 77 hapd = hostapd.add_ap(apdev[0], params) 78 79 id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", 80 eap="PSK", identity="psk.user@example.com", 81 password_hex="0123456789abcdef0123456789abcdef", 82 scan_freq="2412") 83 hwsim_utils.test_connectivity(dev[0], hapd) 84 85 logger.info("Test EAPOL-Logoff") 86 dev[0].request("LOGOFF") 87 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"]) 88 if ev is None: 89 raise Exception("Did not get disconnected") 90 if "reason=23" not in ev: 91 raise Exception("Unexpected disconnection reason") 92 93 dev[0].request("LOGON") 94 dev[0].connect_network(id) 95 hwsim_utils.test_connectivity(dev[0], hapd) 96 97def test_ieee8021x_static_wep40(dev, apdev): 98 """IEEE 802.1X connection using static WEP40""" 99 run_static_wep(dev, apdev, '"hello"') 100 101def test_ieee8021x_static_wep104(dev, apdev): 102 """IEEE 802.1X connection using static WEP104""" 103 run_static_wep(dev, apdev, '"hello-there-/"') 104 105def run_static_wep(dev, apdev, key): 106 check_wep_capa(dev[0]) 107 params = hostapd.radius_params() 108 params["ssid"] = "ieee8021x-wep" 109 params["ieee8021x"] = "1" 110 params["wep_key0"] = key 111 hapd = hostapd.add_ap(apdev[0], params) 112 113 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK", 114 identity="psk.user@example.com", 115 password_hex="0123456789abcdef0123456789abcdef", 116 wep_key0=key, eapol_flags="0", 117 scan_freq="2412") 118 hwsim_utils.test_connectivity(dev[0], hapd) 119 120def test_ieee8021x_proto(dev, apdev): 121 """IEEE 802.1X and EAPOL supplicant protocol testing""" 122 params = hostapd.radius_params() 123 params["ssid"] = "ieee8021x-open" 124 params["ieee8021x"] = "1" 125 hapd = hostapd.add_ap(apdev[0], params) 126 bssid = apdev[0]['bssid'] 127 128 dev[1].request("SET ext_eapol_frame_io 1") 129 dev[1].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", 130 eap="PSK", identity="psk.user@example.com", 131 password_hex="0123456789abcdef0123456789abcdef", 132 scan_freq="2412", wait_connect=False) 133 id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", 134 eap="PSK", identity="psk.user@example.com", 135 password_hex="0123456789abcdef0123456789abcdef", 136 scan_freq="2412") 137 ev = dev[1].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5) 138 139 start = dev[0].get_mib() 140 141 tests = ["11", 142 "11223344", 143 "020000050a93000501", 144 "020300050a93000501", 145 "0203002c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", 146 "0203002c0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000", 147 "0203002c0100050000000000000000000000000000000000000000000000000000000000000000000000000000000000", 148 "02aa00050a93000501"] 149 for frame in tests: 150 res = dev[0].request("EAPOL_RX " + bssid + " " + frame) 151 if "OK" not in res: 152 raise Exception("EAPOL_RX to wpa_supplicant failed") 153 dev[1].request("EAPOL_RX " + bssid + " " + frame) 154 155 stop = dev[0].get_mib() 156 157 logger.info("MIB before test frames: " + str(start)) 158 logger.info("MIB after test frames: " + str(stop)) 159 160 vals = ['dot1xSuppInvalidEapolFramesRx', 161 'dot1xSuppEapLengthErrorFramesRx'] 162 for val in vals: 163 if int(stop[val]) <= int(start[val]): 164 raise Exception(val + " did not increase") 165 166@remote_compatible 167def test_ieee8021x_eapol_start(dev, apdev): 168 """IEEE 802.1X and EAPOL-Start retransmissions""" 169 params = hostapd.radius_params() 170 params["ssid"] = "ieee8021x-open" 171 params["ieee8021x"] = "1" 172 hapd = hostapd.add_ap(apdev[0], params) 173 bssid = apdev[0]['bssid'] 174 addr0 = dev[0].own_addr() 175 176 hapd.set("ext_eapol_frame_io", "1") 177 try: 178 dev[0].request("SET EAPOL::startPeriod 1") 179 dev[0].request("SET EAPOL::maxStart 1") 180 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", 181 eap="PSK", identity="psk.user@example.com", 182 password_hex="0123456789abcdef0123456789abcdef", 183 scan_freq="2412", wait_connect=False) 184 held = False 185 for i in range(30): 186 pae = dev[0].get_status_field('Supplicant PAE state') 187 if pae == "HELD": 188 mib = hapd.get_sta(addr0, info="eapol") 189 if mib['auth_pae_state'] != 'AUTHENTICATING': 190 raise Exception("Unexpected Auth PAE state: " + mib['auth_pae_state']) 191 held = True 192 break 193 time.sleep(0.25) 194 if not held: 195 raise Exception("PAE state HELD not reached") 196 dev[0].wait_disconnected() 197 finally: 198 dev[0].request("SET EAPOL::startPeriod 30") 199 dev[0].request("SET EAPOL::maxStart 3") 200 201def test_ieee8021x_held(dev, apdev): 202 """IEEE 802.1X and HELD state""" 203 params = hostapd.radius_params() 204 params["ssid"] = "ieee8021x-open" 205 params["ieee8021x"] = "1" 206 hapd = hostapd.add_ap(apdev[0], params) 207 bssid = apdev[0]['bssid'] 208 209 hapd.set("ext_eapol_frame_io", "1") 210 try: 211 dev[0].request("SET EAPOL::startPeriod 1") 212 dev[0].request("SET EAPOL::maxStart 0") 213 dev[0].request("SET EAPOL::heldPeriod 1") 214 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", 215 eap="PSK", identity="psk.user@example.com", 216 password_hex="0123456789abcdef0123456789abcdef", 217 scan_freq="2412", wait_connect=False) 218 held = False 219 for i in range(30): 220 pae = dev[0].get_status_field('Supplicant PAE state') 221 if pae == "HELD": 222 held = True 223 break 224 time.sleep(0.25) 225 if not held: 226 raise Exception("PAE state HELD not reached") 227 228 hapd.set("ext_eapol_frame_io", "0") 229 for i in range(30): 230 pae = dev[0].get_status_field('Supplicant PAE state') 231 if pae != "HELD": 232 held = False 233 break 234 time.sleep(0.25) 235 if held: 236 raise Exception("PAE state HELD not left") 237 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", 238 "CTRL-EVENT-DISCONNECTED"], timeout=10) 239 if ev is None: 240 raise Exception("Connection timed out") 241 if "CTRL-EVENT-DISCONNECTED" in ev: 242 raise Exception("Unexpected disconnection") 243 finally: 244 dev[0].request("SET EAPOL::startPeriod 30") 245 dev[0].request("SET EAPOL::maxStart 3") 246 dev[0].request("SET EAPOL::heldPeriod 60") 247 248def test_ieee8021x_force_unauth(dev, apdev): 249 """IEEE 802.1X and FORCE_UNAUTH state""" 250 params = hostapd.radius_params() 251 params["ssid"] = "ieee8021x-open" 252 params["ieee8021x"] = "1" 253 hapd = hostapd.add_ap(apdev[0], params) 254 bssid = apdev[0]['bssid'] 255 256 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", 257 eap="PSK", identity="psk.user@example.com", 258 password_hex="0123456789abcdef0123456789abcdef", 259 scan_freq="2412") 260 dev[0].request("SET EAPOL::portControl ForceUnauthorized") 261 pae = dev[0].get_status_field('Supplicant PAE state') 262 dev[0].wait_disconnected() 263 dev[0].request("SET EAPOL::portControl Auto") 264 265def send_eapol_key(dev, bssid, signkey, frame_start, frame_end): 266 zero_sign = "00000000000000000000000000000000" 267 frame = frame_start + zero_sign + frame_end 268 hmac_obj = hmac.new(binascii.unhexlify(signkey), digestmod='MD5') 269 hmac_obj.update(binascii.unhexlify(frame)) 270 sign = hmac_obj.digest() 271 frame = frame_start + binascii.hexlify(sign).decode() + frame_end 272 dev.request("EAPOL_RX " + bssid + " " + frame) 273 274def test_ieee8021x_eapol_key(dev, apdev): 275 """IEEE 802.1X connection and EAPOL-Key protocol tests""" 276 check_wep_capa(dev[0]) 277 skip_with_fips(dev[0]) 278 params = hostapd.radius_params() 279 params["ssid"] = "ieee8021x-wep" 280 params["ieee8021x"] = "1" 281 params["wep_key_len_broadcast"] = "5" 282 params["wep_key_len_unicast"] = "5" 283 hapd = hostapd.add_ap(apdev[0], params) 284 bssid = apdev[0]['bssid'] 285 286 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="VENDOR-TEST", 287 identity="vendor-test", scan_freq="2412") 288 289 # Hardcoded MSK from VENDOR-TEST 290 encrkey = "1111111111111111111111111111111111111111111111111111111111111111" 291 signkey = "2222222222222222222222222222222222222222222222222222222222222222" 292 293 # EAPOL-Key replay counter does not increase 294 send_eapol_key(dev[0], bssid, signkey, 295 "02030031" + "010005" + "0000000000000000" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", 296 "1c636a30a4") 297 298 # EAPOL-Key too large Key Length field value 299 send_eapol_key(dev[0], bssid, signkey, 300 "02030031" + "010021" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", 301 "1c636a30a4") 302 303 # EAPOL-Key too much key data 304 send_eapol_key(dev[0], bssid, signkey, 305 "0203004d" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", 306 33*"ff") 307 308 # EAPOL-Key too little key data 309 send_eapol_key(dev[0], bssid, signkey, 310 "02030030" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", 311 "1c636a30") 312 313 # EAPOL-Key with no key data and too long WEP key length 314 send_eapol_key(dev[0], bssid, signkey, 315 "0203002c" + "010020" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", 316 "") 317 318def test_ieee8021x_reauth(dev, apdev): 319 """IEEE 802.1X and EAPOL_REAUTH request""" 320 params = hostapd.radius_params() 321 params["ssid"] = "ieee8021x-open" 322 params["ieee8021x"] = "1" 323 hapd = hostapd.add_ap(apdev[0], params) 324 325 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", 326 eap="PSK", identity="psk.user@example.com", 327 password_hex="0123456789abcdef0123456789abcdef", 328 scan_freq="2412") 329 330 hapd.request("EAPOL_REAUTH " + dev[0].own_addr()) 331 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5) 332 if ev is None: 333 raise Exception("EAP authentication did not start") 334 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5) 335 if ev is None: 336 raise Exception("EAP authentication did not succeed") 337 time.sleep(0.1) 338 hwsim_utils.test_connectivity(dev[0], hapd) 339 340def test_ieee8021x_reauth_peap(dev, apdev): 341 """IEEE 802.1X and EAPOL_REAUTH request (PEAP and session resumption)""" 342 run_ieee8021x_reauth_peap(dev, apdev, False) 343 344def test_ieee8021x_reauth_peap2(dev, apdev): 345 """IEEE 802.1X and EAPOL_REAUTH request (PEAP and session resumption; Phase 2 auth forced)""" 346 run_ieee8021x_reauth_peap(dev, apdev, True) 347 348def run_ieee8021x_reauth_peap(dev, apdev, phase2_auth): 349 params = {"eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf", 350 "ca_cert": "auth_serv/ca.pem", 351 "server_cert": "auth_serv/server.pem", 352 "private_key": "auth_serv/server.key", 353 "dh_file": "auth_serv/dh.conf", 354 "tls_session_lifetime": "60"} 355 params["ssid"] = "ieee8021x-open" 356 params["ieee8021x"] = "1" 357 hapd = hostapd.add_ap(apdev[0], params) 358 359 phase1 = "phase2_auth=2" if phase2_auth else "" 360 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", 361 eap="PEAP", identity="user", anonymous_identity="peap", 362 password="password", ca_cert="auth_serv/ca.pem", 363 phase1=phase1, phase2="auth=MSCHAPV2", 364 scan_freq="2412") 365 366 hapd.request("EAPOL_REAUTH " + dev[0].own_addr()) 367 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5) 368 if ev is None: 369 raise Exception("EAP authentication did not start") 370 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5) 371 if ev is None: 372 raise Exception("EAP authentication did not succeed") 373 reused = dev[0].get_status_field("tls_session_reused") == '1' 374 if phase2_auth and reused: 375 raise Exception("Session resumption used on the second connection") 376 if not phase2_auth and not reused: 377 raise Exception("Session resumption not used on the second connection") 378 379def test_ieee8021x_reauth_wep(dev, apdev, params): 380 """IEEE 802.1X and EAPOL_REAUTH request with WEP""" 381 check_wep_capa(dev[0]) 382 logdir = params['logdir'] 383 384 params = hostapd.radius_params() 385 params["ssid"] = "ieee8021x-open" 386 params["ieee8021x"] = "1" 387 params["wep_key_len_broadcast"] = "13" 388 params["wep_key_len_unicast"] = "13" 389 hapd = hostapd.add_ap(apdev[0], params) 390 391 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", 392 eap="PSK", identity="psk.user@example.com", 393 password_hex="0123456789abcdef0123456789abcdef", 394 scan_freq="2412") 395 hwsim_utils.test_connectivity(dev[0], hapd) 396 397 hapd.request("EAPOL_REAUTH " + dev[0].own_addr()) 398 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5) 399 if ev is None: 400 raise Exception("EAP authentication did not start") 401 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5) 402 if ev is None: 403 raise Exception("EAP authentication did not succeed") 404 time.sleep(0.1) 405 hwsim_utils.test_connectivity(dev[0], hapd) 406 407 out = run_tshark(os.path.join(logdir, "hwsim0.pcapng"), 408 "llc.type == 0x888e", ["eapol.type", "eap.code"]) 409 if out is None: 410 raise Exception("Could not find EAPOL frames in capture") 411 num_eapol_key = 0 412 num_eap_req = 0 413 num_eap_resp = 0 414 for line in out.splitlines(): 415 vals = line.split() 416 if vals[0] == '3': 417 num_eapol_key += 1 418 if vals[0] == '0' and len(vals) == 2: 419 if vals[1] == '1': 420 num_eap_req += 1 421 elif vals[1] == '2': 422 num_eap_resp += 1 423 logger.info("num_eapol_key: %d" % num_eapol_key) 424 logger.info("num_eap_req: %d" % num_eap_req) 425 logger.info("num_eap_resp: %d" % num_eap_resp) 426 if num_eapol_key < 4: 427 raise Exception("Did not see four unencrypted EAPOL-Key frames") 428 if num_eap_req < 6: 429 raise Exception("Did not see six unencrypted EAP-Request frames") 430 if num_eap_resp < 6: 431 raise Exception("Did not see six unencrypted EAP-Response frames") 432 433def test_ieee8021x_set_conf(dev, apdev): 434 """IEEE 802.1X and EAPOL_SET command""" 435 params = hostapd.radius_params() 436 params["ssid"] = "ieee8021x-open" 437 params["ieee8021x"] = "1" 438 hapd = hostapd.add_ap(apdev[0], params) 439 440 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", 441 eap="PSK", identity="psk.user@example.com", 442 password_hex="0123456789abcdef0123456789abcdef", 443 scan_freq="2412", 444 # The workaround in eap_success_workaround can trigger a 445 # rare failure when the EAPOL frame ID wraps. 446 eap_workaround="0") 447 448 addr0 = dev[0].own_addr() 449 tests = ["EAPOL_SET 1", 450 "EAPOL_SET %sfoo bar" % addr0, 451 "EAPOL_SET %s foo" % addr0, 452 "EAPOL_SET %s foo bar" % addr0, 453 "EAPOL_SET %s AdminControlledDirections bar" % addr0, 454 "EAPOL_SET %s AdminControlledPortControl bar" % addr0, 455 "EAPOL_SET %s reAuthEnabled bar" % addr0, 456 "EAPOL_SET %s KeyTransmissionEnabled bar" % addr0, 457 "EAPOL_SET 11:22:33:44:55:66 AdminControlledDirections Both"] 458 for t in tests: 459 if "FAIL" not in hapd.request(t): 460 raise Exception("Invalid EAPOL_SET command accepted: " + t) 461 462 tests = [("AdminControlledDirections", "adminControlledDirections", "In"), 463 ("AdminControlledDirections", "adminControlledDirections", 464 "Both"), 465 ("quietPeriod", "quietPeriod", "13"), 466 ("serverTimeout", "serverTimeout", "7"), 467 ("reAuthPeriod", "reAuthPeriod", "1234"), 468 ("reAuthEnabled", "reAuthEnabled", "FALSE"), 469 ("reAuthEnabled", "reAuthEnabled", "TRUE"), 470 ("KeyTransmissionEnabled", "keyTxEnabled", "TRUE"), 471 ("KeyTransmissionEnabled", "keyTxEnabled", "FALSE"), 472 ("AdminControlledPortControl", "portControl", "ForceAuthorized"), 473 ("AdminControlledPortControl", "portControl", 474 "ForceUnauthorized"), 475 ("AdminControlledPortControl", "portControl", "Auto")] 476 for param, mibparam, val in tests: 477 if "OK" not in hapd.request("EAPOL_SET %s %s %s" % (addr0, param, val)): 478 raise Exception("Failed to set %s %s" % (param, val)) 479 mib = hapd.get_sta(addr0, info="eapol") 480 if mib[mibparam] != val: 481 raise Exception("Unexpected %s value: %s (expected %s)" % (param, mib[mibparam], val)) 482 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5) 483 if ev is None: 484 raise Exception("EAP authentication did not succeed") 485 time.sleep(0.1) 486 hwsim_utils.test_connectivity(dev[0], hapd) 487 488def test_ieee8021x_auth_awhile(dev, apdev): 489 """IEEE 802.1X and EAPOL Authenticator aWhile handling""" 490 params = hostapd.radius_params() 491 params["ssid"] = "ieee8021x-open" 492 params["ieee8021x"] = "1" 493 params['auth_server_port'] = "18129" 494 hapd = hostapd.add_ap(apdev[0], params) 495 bssid = apdev[0]['bssid'] 496 addr0 = dev[0].own_addr() 497 498 params = {} 499 params['ssid'] = 'as' 500 params['beacon_int'] = '2000' 501 params['radius_server_clients'] = 'auth_serv/radius_clients.conf' 502 params['radius_server_auth_port'] = '18129' 503 params['eap_server'] = '1' 504 params['eap_user_file'] = 'auth_serv/eap_user.conf' 505 params['ca_cert'] = 'auth_serv/ca.pem' 506 params['server_cert'] = 'auth_serv/server.pem' 507 params['private_key'] = 'auth_serv/server.key' 508 hapd1 = hostapd.add_ap(apdev[1], params) 509 510 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", 511 eap="PSK", identity="psk.user@example.com", 512 password_hex="0123456789abcdef0123456789abcdef", 513 scan_freq="2412") 514 hapd1.disable() 515 if "OK" not in hapd.request("EAPOL_SET %s serverTimeout 1" % addr0): 516 raise Exception("Failed to set serverTimeout") 517 hapd.request("EAPOL_REAUTH " + dev[0].own_addr()) 518 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5) 519 520 for i in range(40): 521 mib = hapd.get_sta(addr0, info="eapol") 522 val = int(mib['aWhile']) 523 if val > 0: 524 break 525 time.sleep(1) 526 if val == 0: 527 raise Exception("aWhile did not increase") 528 529 hapd.dump_monitor() 530 for i in range(40): 531 mib = hapd.get_sta(addr0, info="eapol") 532 val = int(mib['aWhile']) 533 if val < 5: 534 break 535 time.sleep(1) 536 ev = hapd.wait_event(["CTRL-EVENT-EAP-PROPOSED"], timeout=10) 537 if ev is None: 538 raise Exception("Authentication restart not seen") 539 540def test_ieee8021x_open_leap(dev, apdev): 541 """IEEE 802.1X connection with LEAP included in configuration""" 542 params = hostapd.radius_params() 543 params["ssid"] = "ieee8021x-open" 544 params["ieee8021x"] = "1" 545 hapd = hostapd.add_ap(apdev[0], params) 546 547 dev[1].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", 548 eap="LEAP", identity="psk.user@example.com", 549 password_hex="0123456789abcdef0123456789abcdef", 550 scan_freq="2412", wait_connect=False) 551 dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", 552 eap="PSK LEAP", identity="psk.user@example.com", 553 password_hex="0123456789abcdef0123456789abcdef", 554 scan_freq="2412") 555 ev = dev[1].wait_event(["CTRL-EVENT-AUTH-REJECT"], timeout=5) 556 dev[1].request("DISCONNECT") 557 558def test_ieee8021x_and_wpa_enabled(dev, apdev): 559 """IEEE 802.1X connection using dynamic WEP104 when WPA enabled""" 560 check_wep_capa(dev[0]) 561 skip_with_fips(dev[0]) 562 params = hostapd.radius_params() 563 params["ssid"] = "ieee8021x-wep" 564 params["ieee8021x"] = "1" 565 params["wep_key_len_broadcast"] = "13" 566 params["wep_key_len_unicast"] = "13" 567 hapd = hostapd.add_ap(apdev[0], params) 568 569 dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X WPA-EAP", eap="PSK", 570 identity="psk.user@example.com", 571 password_hex="0123456789abcdef0123456789abcdef", 572 scan_freq="2412") 573 hwsim_utils.test_connectivity(dev[0], hapd) 574