1 /*
2 * Testing tool for EAPOL-Key Supplicant/Authenticator routines
3 * Copyright (c) 2006-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "rsn_supp/wpa.h"
14 #include "ap/wpa_auth.h"
15
16
17 struct wpa {
18 enum { AUTH, SUPP } test_peer;
19 enum { READ, WRITE } test_oper;
20 FILE *f;
21 int wpa1;
22
23 u8 auth_addr[ETH_ALEN];
24 u8 supp_addr[ETH_ALEN];
25 u8 psk[PMK_LEN];
26
27 /* from authenticator */
28 u8 *auth_eapol;
29 size_t auth_eapol_len;
30
31 /* from supplicant */
32 u8 *supp_eapol;
33 size_t supp_eapol_len;
34
35 struct wpa_sm *supp;
36 struct wpa_authenticator *auth_group;
37 struct wpa_state_machine *auth;
38
39 u8 supp_ie[80];
40 size_t supp_ie_len;
41
42 int key_request_done;
43 int key_request_done1;
44 int auth_sent;
45 };
46
47
48 const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
49
50
51 static int auth_read_msg(struct wpa *wpa);
52 static void supp_eapol_key_request(void *eloop_data, void *user_ctx);
53
54
usage(void)55 static void usage(void) {
56 wpa_printf(MSG_INFO,
57 "usage: test-eapol <auth/supp> <read/write> <file>");
58 exit(-1);
59 }
60
61
write_msg(FILE * f,const u8 * msg,size_t msg_len)62 static void write_msg(FILE *f, const u8 *msg, size_t msg_len)
63 {
64 u8 len[2];
65
66 wpa_printf(MSG_DEBUG, "TEST: Write message to file (msg_len=%u)",
67 (unsigned int) msg_len);
68 WPA_PUT_BE16(len, msg_len);
69 fwrite(len, 2, 1, f);
70 fwrite(msg, msg_len, 1, f);
71 }
72
73
read_msg(FILE * f,size_t * ret_len)74 static u8 * read_msg(FILE *f, size_t *ret_len)
75 {
76 u8 len[2];
77 u16 msg_len;
78 u8 *msg;
79
80 if (fread(len, 2, 1, f) != 1) {
81 wpa_printf(MSG_ERROR, "TEST-ERROR: Could not read msg len");
82 eloop_terminate();
83 return NULL;
84 }
85 msg_len = WPA_GET_BE16(len);
86
87 msg = os_malloc(msg_len);
88 if (!msg)
89 return NULL;
90 if (msg_len > 0 && fread(msg, msg_len, 1, f) != 1) {
91 wpa_printf(MSG_ERROR, "TEST-ERROR: Truncated msg (msg_len=%u)",
92 msg_len);
93 os_free(msg);
94 eloop_terminate();
95 return NULL;
96 }
97 wpa_hexdump(MSG_DEBUG, "TEST: Read message from file", msg, msg_len);
98
99 *ret_len = msg_len;
100 return msg;
101 }
102
103
supp_get_bssid(void * ctx,u8 * bssid)104 static int supp_get_bssid(void *ctx, u8 *bssid)
105 {
106 struct wpa *wpa = ctx;
107 wpa_printf(MSG_DEBUG, "SUPP: %s", __func__);
108 os_memcpy(bssid, wpa->auth_addr, ETH_ALEN);
109 return 0;
110 }
111
112
supp_set_state(void * ctx,enum wpa_states state)113 static void supp_set_state(void *ctx, enum wpa_states state)
114 {
115 wpa_printf(MSG_DEBUG, "SUPP: %s(state=%d)", __func__, state);
116 }
117
118
auth_eapol_rx(void * eloop_data,void * user_ctx)119 static void auth_eapol_rx(void *eloop_data, void *user_ctx)
120 {
121 struct wpa *wpa = eloop_data;
122
123 wpa_printf(MSG_DEBUG, "AUTH: RX EAPOL frame");
124 wpa->auth_sent = 0;
125 wpa_receive(wpa->auth_group, wpa->auth, wpa->supp_eapol,
126 wpa->supp_eapol_len);
127 if (!wpa->auth_sent && wpa->test_peer == SUPP &&
128 wpa->test_oper == READ) {
129 /* Speed up process by not going through retransmit timeout */
130 wpa_printf(MSG_DEBUG,
131 "AUTH: No response was sent - process next message");
132 auth_read_msg(wpa);
133 }
134 if (wpa->wpa1 && wpa->key_request_done && !wpa->key_request_done1) {
135 wpa->key_request_done1 = 1;
136 eloop_register_timeout(0, 0, supp_eapol_key_request,
137 wpa, NULL);
138 }
139
140 }
141
142
supp_eapol_rx(void * eloop_data,void * user_ctx)143 static void supp_eapol_rx(void *eloop_data, void *user_ctx)
144 {
145 struct wpa *wpa = eloop_data;
146
147 wpa_printf(MSG_DEBUG, "SUPP: RX EAPOL frame");
148 wpa_sm_rx_eapol(wpa->supp, wpa->auth_addr, wpa->auth_eapol,
149 wpa->auth_eapol_len);
150 }
151
152
supp_read_msg(struct wpa * wpa)153 static int supp_read_msg(struct wpa *wpa)
154 {
155 os_free(wpa->auth_eapol);
156 wpa->auth_eapol = read_msg(wpa->f, &wpa->auth_eapol_len);
157 if (!wpa->auth_eapol)
158 return -1;
159 eloop_register_timeout(0, 0, supp_eapol_rx, wpa, NULL);
160 return 0;
161 }
162
163
supp_ether_send(void * ctx,const u8 * dest,u16 proto,const u8 * buf,size_t len)164 static int supp_ether_send(void *ctx, const u8 *dest, u16 proto, const u8 *buf,
165 size_t len)
166 {
167 struct wpa *wpa = ctx;
168
169 wpa_printf(MSG_DEBUG, "SUPP: %s(dest=" MACSTR " proto=0x%04x "
170 "len=%lu)",
171 __func__, MAC2STR(dest), proto, (unsigned long) len);
172
173 if (wpa->test_peer == SUPP && wpa->test_oper == WRITE)
174 write_msg(wpa->f, buf, len);
175
176 if (wpa->test_peer == AUTH && wpa->test_oper == READ)
177 return supp_read_msg(wpa);
178
179 os_free(wpa->supp_eapol);
180 wpa->supp_eapol = os_malloc(len);
181 if (!wpa->supp_eapol)
182 return -1;
183 os_memcpy(wpa->supp_eapol, buf, len);
184 wpa->supp_eapol_len = len;
185 eloop_register_timeout(0, 0, auth_eapol_rx, wpa, NULL);
186
187 return 0;
188 }
189
190
supp_alloc_eapol(void * ctx,u8 type,const void * data,u16 data_len,size_t * msg_len,void ** data_pos)191 static u8 * supp_alloc_eapol(void *ctx, u8 type, const void *data,
192 u16 data_len, size_t *msg_len, void **data_pos)
193 {
194 struct ieee802_1x_hdr *hdr;
195
196 wpa_printf(MSG_DEBUG, "SUPP: %s(type=%d data_len=%d)",
197 __func__, type, data_len);
198
199 *msg_len = sizeof(*hdr) + data_len;
200 hdr = os_malloc(*msg_len);
201 if (hdr == NULL)
202 return NULL;
203
204 hdr->version = 2;
205 hdr->type = type;
206 hdr->length = host_to_be16(data_len);
207
208 if (data)
209 os_memcpy(hdr + 1, data, data_len);
210 else
211 os_memset(hdr + 1, 0, data_len);
212
213 if (data_pos)
214 *data_pos = hdr + 1;
215
216 return (u8 *) hdr;
217 }
218
219
supp_get_beacon_ie(void * ctx)220 static int supp_get_beacon_ie(void *ctx)
221 {
222 struct wpa *wpa = ctx;
223 const u8 *ie;
224 size_t ielen;
225
226 wpa_printf(MSG_DEBUG, "SUPP: %s", __func__);
227
228 ie = wpa_auth_get_wpa_ie(wpa->auth_group, &ielen);
229 if (ie == NULL || ielen < 1)
230 return -1;
231 if (ie[0] == WLAN_EID_RSN)
232 return wpa_sm_set_ap_rsn_ie(wpa->supp, ie, 2 + ie[1]);
233 return wpa_sm_set_ap_wpa_ie(wpa->supp, ie, 2 + ie[1]);
234 }
235
236
supp_set_key(void * ctx,enum wpa_alg alg,const u8 * addr,int key_idx,int set_tx,const u8 * seq,size_t seq_len,const u8 * key,size_t key_len)237 static int supp_set_key(void *ctx, enum wpa_alg alg,
238 const u8 *addr, int key_idx, int set_tx,
239 const u8 *seq, size_t seq_len,
240 const u8 *key, size_t key_len)
241 {
242 wpa_printf(MSG_DEBUG, "SUPP: %s(alg=%d addr=" MACSTR " key_idx=%d "
243 "set_tx=%d)",
244 __func__, alg, MAC2STR(addr), key_idx, set_tx);
245 wpa_hexdump(MSG_DEBUG, "SUPP: set_key - seq", seq, seq_len);
246 wpa_hexdump(MSG_DEBUG, "SUPP: set_key - key", key, key_len);
247 return 0;
248 }
249
250
supp_mlme_setprotection(void * ctx,const u8 * addr,int protection_type,int key_type)251 static int supp_mlme_setprotection(void *ctx, const u8 *addr,
252 int protection_type, int key_type)
253 {
254 wpa_printf(MSG_DEBUG, "SUPP: %s(addr=" MACSTR " protection_type=%d "
255 "key_type=%d)",
256 __func__, MAC2STR(addr), protection_type, key_type);
257 return 0;
258 }
259
260
supp_cancel_auth_timeout(void * ctx)261 static void supp_cancel_auth_timeout(void *ctx)
262 {
263 wpa_printf(MSG_DEBUG, "SUPP: %s", __func__);
264 }
265
266
supp_get_network_ctx(void * ctx)267 static void * supp_get_network_ctx(void *ctx)
268 {
269 return (void *) 1;
270 }
271
272
supp_deauthenticate(void * ctx,int reason_code)273 static void supp_deauthenticate(void *ctx, int reason_code)
274 {
275 wpa_printf(MSG_DEBUG, "SUPP: %s(%d)", __func__, reason_code);
276 }
277
278
supp_get_state(void * ctx)279 static enum wpa_states supp_get_state(void *ctx)
280 {
281 return WPA_COMPLETED;
282 }
283
284
supp_init(struct wpa * wpa)285 static int supp_init(struct wpa *wpa)
286 {
287 struct wpa_sm_ctx *ctx = os_zalloc(sizeof(*ctx));
288
289 if (!ctx)
290 return -1;
291
292 ctx->ctx = wpa;
293 ctx->msg_ctx = wpa;
294 ctx->set_state = supp_set_state;
295 ctx->get_bssid = supp_get_bssid;
296 ctx->ether_send = supp_ether_send;
297 ctx->get_beacon_ie = supp_get_beacon_ie;
298 ctx->alloc_eapol = supp_alloc_eapol;
299 ctx->set_key = supp_set_key;
300 ctx->mlme_setprotection = supp_mlme_setprotection;
301 ctx->cancel_auth_timeout = supp_cancel_auth_timeout;
302 ctx->get_network_ctx = supp_get_network_ctx;
303 ctx->deauthenticate = supp_deauthenticate;
304 ctx->get_state = supp_get_state;
305 wpa->supp = wpa_sm_init(ctx);
306 if (!wpa->supp) {
307 wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_init() failed");
308 return -1;
309 }
310
311 wpa_sm_set_own_addr(wpa->supp, wpa->supp_addr);
312 if (wpa->wpa1) {
313 wpa_sm_set_param(wpa->supp, WPA_PARAM_RSN_ENABLED, 0);
314 wpa_sm_set_param(wpa->supp, WPA_PARAM_PROTO, WPA_PROTO_WPA);
315 wpa_sm_set_param(wpa->supp, WPA_PARAM_PAIRWISE,
316 WPA_CIPHER_TKIP);
317 wpa_sm_set_param(wpa->supp, WPA_PARAM_GROUP, WPA_CIPHER_TKIP);
318 wpa_sm_set_param(wpa->supp, WPA_PARAM_KEY_MGMT,
319 WPA_KEY_MGMT_PSK);
320 } else {
321 wpa_sm_set_param(wpa->supp, WPA_PARAM_RSN_ENABLED, 1);
322 wpa_sm_set_param(wpa->supp, WPA_PARAM_PROTO, WPA_PROTO_RSN);
323 wpa_sm_set_param(wpa->supp, WPA_PARAM_PAIRWISE,
324 WPA_CIPHER_CCMP);
325 wpa_sm_set_param(wpa->supp, WPA_PARAM_GROUP, WPA_CIPHER_CCMP);
326 wpa_sm_set_param(wpa->supp, WPA_PARAM_KEY_MGMT,
327 WPA_KEY_MGMT_PSK);
328 wpa_sm_set_param(wpa->supp, WPA_PARAM_MFP,
329 MGMT_FRAME_PROTECTION_OPTIONAL);
330 }
331 wpa_sm_set_pmk(wpa->supp, wpa->psk, PMK_LEN, NULL, NULL);
332
333 wpa->supp_ie_len = sizeof(wpa->supp_ie);
334 if (wpa_sm_set_assoc_wpa_ie_default(wpa->supp, wpa->supp_ie,
335 &wpa->supp_ie_len) < 0) {
336 wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_set_assoc_wpa_ie_default()"
337 " failed");
338 return -1;
339 }
340
341 wpa_sm_notify_assoc(wpa->supp, wpa->auth_addr);
342
343 return 0;
344 }
345
346
auth_logger(void * ctx,const u8 * addr,logger_level level,const char * txt)347 static void auth_logger(void *ctx, const u8 *addr, logger_level level,
348 const char *txt)
349 {
350 if (addr)
351 wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " - %s",
352 MAC2STR(addr), txt);
353 else
354 wpa_printf(MSG_DEBUG, "AUTH: %s", txt);
355 }
356
357
auth_read_msg(struct wpa * wpa)358 static int auth_read_msg(struct wpa *wpa)
359 {
360 os_free(wpa->supp_eapol);
361 wpa->supp_eapol = read_msg(wpa->f, &wpa->supp_eapol_len);
362 if (!wpa->supp_eapol)
363 return -1;
364 eloop_register_timeout(0, 0, auth_eapol_rx, wpa, NULL);
365 return 0;
366 }
367
368
auth_send_eapol(void * ctx,const u8 * addr,const u8 * data,size_t data_len,int encrypt)369 static int auth_send_eapol(void *ctx, const u8 *addr, const u8 *data,
370 size_t data_len, int encrypt)
371 {
372 struct wpa *wpa = ctx;
373
374 wpa_printf(MSG_DEBUG, "AUTH: %s(addr=" MACSTR " data_len=%lu "
375 "encrypt=%d)",
376 __func__, MAC2STR(addr), (unsigned long) data_len, encrypt);
377 wpa->auth_sent = 1;
378
379 if (wpa->test_peer == AUTH && wpa->test_oper == WRITE)
380 write_msg(wpa->f, data, data_len);
381
382 if (wpa->test_peer == SUPP && wpa->test_oper == READ)
383 return auth_read_msg(wpa);
384
385 os_free(wpa->auth_eapol);
386 wpa->auth_eapol = os_malloc(data_len);
387 if (!wpa->auth_eapol)
388 return -1;
389 os_memcpy(wpa->auth_eapol, data, data_len);
390 wpa->auth_eapol_len = data_len;
391 eloop_register_timeout(0, 0, supp_eapol_rx, wpa, NULL);
392
393 return 0;
394 }
395
396
auth_get_psk(void * ctx,const u8 * addr,const u8 * p2p_dev_addr,const u8 * prev_psk,size_t * psk_len)397 static const u8 * auth_get_psk(void *ctx, const u8 *addr,
398 const u8 *p2p_dev_addr, const u8 *prev_psk,
399 size_t *psk_len)
400 {
401 struct wpa *wpa = ctx;
402
403 wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)",
404 __func__, MAC2STR(addr), prev_psk);
405 if (psk_len)
406 *psk_len = PMK_LEN;
407 if (prev_psk)
408 return NULL;
409 return wpa->psk;
410 }
411
412
supp_eapol_key_request(void * eloop_data,void * user_ctx)413 static void supp_eapol_key_request(void *eloop_data, void *user_ctx)
414 {
415 struct wpa *wpa = eloop_data;
416
417 wpa_printf(MSG_DEBUG, "SUPP: EAPOL-Key Request trigger");
418 if (wpa->test_peer == SUPP && wpa->test_oper == READ) {
419 if (!eloop_is_timeout_registered(auth_eapol_rx, wpa, NULL))
420 auth_read_msg(wpa);
421 } else {
422 wpa_sm_key_request(wpa->supp, 0, 1);
423 }
424 }
425
426
auth_set_key(void * ctx,int vlan_id,enum wpa_alg alg,const u8 * addr,int idx,u8 * key,size_t key_len)427 static int auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
428 const u8 *addr, int idx, u8 *key,
429 size_t key_len)
430 {
431 struct wpa *wpa = ctx;
432
433 wpa_printf(MSG_DEBUG, "AUTH: %s (vlan_id=%d alg=%d idx=%d key_len=%d)",
434 __func__, vlan_id, alg, idx, (int) key_len);
435 if (addr)
436 wpa_printf(MSG_DEBUG, "AUTH: addr=" MACSTR, MAC2STR(addr));
437
438 if (alg != WPA_ALG_NONE && idx == 0 && key_len > 0 &&
439 !wpa->key_request_done) {
440 wpa_printf(MSG_DEBUG, "Test EAPOL-Key Request");
441 wpa->key_request_done = 1;
442 if (!wpa->wpa1)
443 eloop_register_timeout(0, 0, supp_eapol_key_request,
444 wpa, NULL);
445 }
446
447 return 0;
448 }
449
450
auth_init_group(struct wpa * wpa)451 static int auth_init_group(struct wpa *wpa)
452 {
453 struct wpa_auth_config conf;
454 struct wpa_auth_callbacks cb;
455
456 wpa_printf(MSG_DEBUG, "AUTH: Initializing group state machine");
457
458 os_memset(&conf, 0, sizeof(conf));
459 if (wpa->wpa1) {
460 conf.wpa = 1;
461 conf.wpa_key_mgmt = WPA_KEY_MGMT_PSK;
462 conf.wpa_pairwise = WPA_CIPHER_TKIP;
463 conf.wpa_group = WPA_CIPHER_TKIP;
464 } else {
465 conf.wpa = 2;
466 conf.wpa_key_mgmt = WPA_KEY_MGMT_PSK;
467 conf.wpa_pairwise = WPA_CIPHER_CCMP;
468 conf.rsn_pairwise = WPA_CIPHER_CCMP;
469 conf.wpa_group = WPA_CIPHER_CCMP;
470 conf.ieee80211w = 2;
471 conf.group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
472 }
473 conf.eapol_version = 2;
474 conf.wpa_group_update_count = 4;
475 conf.wpa_pairwise_update_count = 4;
476
477 os_memset(&cb, 0, sizeof(cb));
478 cb.logger = auth_logger;
479 cb.send_eapol = auth_send_eapol;
480 cb.get_psk = auth_get_psk;
481 cb.set_key = auth_set_key,
482
483 wpa->auth_group = wpa_init(wpa->auth_addr, &conf, &cb, wpa);
484 if (!wpa->auth_group) {
485 wpa_printf(MSG_DEBUG, "AUTH: wpa_init() failed");
486 return -1;
487 }
488
489 return 0;
490 }
491
492
auth_init(struct wpa * wpa)493 static int auth_init(struct wpa *wpa)
494 {
495 if (wpa->test_peer == AUTH && wpa->test_oper == READ)
496 return supp_read_msg(wpa);
497
498 wpa->auth = wpa_auth_sta_init(wpa->auth_group, wpa->supp_addr, NULL);
499 if (!wpa->auth) {
500 wpa_printf(MSG_DEBUG, "AUTH: wpa_auth_sta_init() failed");
501 return -1;
502 }
503
504 if (wpa_validate_wpa_ie(wpa->auth_group, wpa->auth, wpa->supp_ie,
505 wpa->supp_ie_len, NULL, 0, NULL, 0) !=
506 WPA_IE_OK) {
507 wpa_printf(MSG_DEBUG, "AUTH: wpa_validate_wpa_ie() failed");
508 return -1;
509 }
510
511 wpa_auth_sm_event(wpa->auth, WPA_ASSOC);
512
513 wpa_auth_sta_associated(wpa->auth_group, wpa->auth);
514
515 return 0;
516 }
517
518
deinit(struct wpa * wpa)519 static void deinit(struct wpa *wpa)
520 {
521 wpa_auth_sta_deinit(wpa->auth);
522 wpa_sm_deinit(wpa->supp);
523 wpa_deinit(wpa->auth_group);
524 os_free(wpa->auth_eapol);
525 wpa->auth_eapol = NULL;
526 os_free(wpa->supp_eapol);
527 wpa->supp_eapol = NULL;
528 }
529
530
main(int argc,char * argv[])531 int main(int argc, char *argv[])
532 {
533 const char *file;
534 int ret;
535 struct wpa wpa;
536
537 if (os_program_init())
538 return -1;
539
540 wpa_debug_level = 0;
541 wpa_debug_show_keys = 1;
542 os_memset(&wpa, 0, sizeof(wpa));
543
544 if (argc < 4)
545 usage();
546
547 if (os_strcmp(argv[1], "auth") == 0) {
548 wpa.test_peer = AUTH;
549 } else if (os_strcmp(argv[1], "auth1") == 0) {
550 wpa.test_peer = AUTH;
551 wpa.wpa1 = 1;
552 } else if (os_strcmp(argv[1], "supp") == 0) {
553 wpa.test_peer = SUPP;
554 } else if (os_strcmp(argv[1], "supp1") == 0) {
555 wpa.test_peer = SUPP;
556 wpa.wpa1 = 1;
557 } else {
558 usage();
559 }
560
561 if (os_strcmp(argv[2], "read") == 0)
562 wpa.test_oper = READ;
563 else if (os_strcmp(argv[2], "write") == 0)
564 wpa.test_oper = WRITE;
565 else
566 usage();
567
568 file = argv[3];
569
570 wpa.f = fopen(file, wpa.test_oper == READ ? "r" : "w");
571 if (!wpa.f)
572 return -1;
573
574 os_memset(wpa.auth_addr, 0x12, ETH_ALEN);
575 os_memset(wpa.supp_addr, 0x32, ETH_ALEN);
576 os_memset(wpa.psk, 0x44, PMK_LEN);
577
578 if (eloop_init()) {
579 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
580 goto fail;
581 }
582
583 if (auth_init_group(&wpa) < 0)
584 goto fail;
585
586 if (supp_init(&wpa) < 0)
587 goto fail;
588
589 if (auth_init(&wpa) < 0)
590 goto fail;
591
592 wpa_printf(MSG_DEBUG, "Starting eloop");
593 eloop_run();
594 wpa_printf(MSG_DEBUG, "eloop done");
595
596 ret = 0;
597 fail:
598 deinit(&wpa);
599 fclose(wpa.f);
600
601 eloop_destroy();
602
603 os_program_deinit();
604
605 return ret;
606 }
607