From 4c04db5618a13d45676901776a966b4a4c8651e3 Mon Sep 17 00:00:00 2001 From: Andrew Zaborowski Date: Fri, 30 Oct 2015 11:12:24 +0100 Subject: [PATCH] unit: Add an EAPOL+EAP-TTLS+EAP-MD5 scenario test --- unit/test-eapol.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) diff --git a/unit/test-eapol.c b/unit/test-eapol.c index d91c37da..9662395e 100644 --- a/unit/test-eapol.c +++ b/unit/test-eapol.c @@ -2348,6 +2348,92 @@ static void eapol_sm_test_eap_tls(const void *data) eapol_sm_test_tls(&s, eapol_8021x_config); } +static const uint8_t eap_ttls_eap_identity_avp[] = { + 0x00, 0x00, 0x00, 0x4f, 0x40, 0x00, 0x00, 0x1c, 0x02, 0x00, 0x00, 0x14, + 0x01, 0x61, 0x62, 0x63, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, + 0x2e, 0x63, 0x6f, 0x6d +}; + +static const uint8_t eap_ttls_eap_md5_challenge_avp[] = { + 0x00, 0x00, 0x00, 0x4f, 0x40, 0x00, 0x00, 0x1e, 0x01, 0xbb, 0x00, 0x16, + 0x04, 0x10, 0x3a, 0x34, 0x58, 0xc4, 0xf1, 0xa3, 0xdc, 0x45, 0xd0, 0xca, + 0x96, 0x33, 0x9b, 0x95, 0xb8, 0xd6, 0x00, 0x00 +}; + +static const uint8_t eap_ttls_eap_md5_response_avp[] = { + 0x00, 0x00, 0x00, 0x4f, 0x40, 0x00, 0x00, 0x1e, 0x02, 0xbb, 0x00, 0x16, + 0x04, 0x10, 0x10, 0xcc, 0x62, 0x4c, 0x98, 0x2b, 0x82, 0xbd, 0x13, 0x4a, + 0x81, 0xcb, 0x70, 0x78, 0xcd, 0xc2, 0x00, 0x00 +}; + +struct eapol_8021x_eap_ttls_test_state { + struct eapol_8021x_tls_test_state tls; + bool challenge_sent; +}; + +static void eapol_sm_test_eap_ttls_new_data(const uint8_t *data, size_t len, + void *user_data) +{ + struct eapol_8021x_eap_ttls_test_state *s = user_data; + + if (!s->challenge_sent) { + assert(len == sizeof(eap_ttls_eap_identity_avp)); + assert(!memcmp(data, eap_ttls_eap_identity_avp, len)); + + l_tls_write(s->tls.tls, eap_ttls_eap_md5_challenge_avp, + sizeof(eap_ttls_eap_md5_challenge_avp)); + + s->challenge_sent = true; + } else { + assert(len == sizeof(eap_ttls_eap_md5_response_avp)); + assert(!memcmp(data, eap_ttls_eap_md5_response_avp, len)); + + s->tls.success = true; + } +} + +static void eapol_sm_test_eap_ttls_test_ready(const char *peer_identity, + void *user_data) +{ + struct eapol_8021x_eap_ttls_test_state *s = user_data; + uint8_t seed[64]; + + assert(!s->tls.tx_ack); + /* TODO: require the right peer_identity */ + + memcpy(seed + 0, s->tls.tls->pending.client_random, 32); + memcpy(seed + 32, s->tls.tls->pending.server_random, 32); + + tls_prf_get_bytes(s->tls.tls, L_CHECKSUM_SHA256, 32, + s->tls.tls->pending.master_secret, + sizeof(s->tls.tls->pending.master_secret), + "ttls keying material", seed, 64, + s->tls.pmk, 32); + + s->challenge_sent = false; +} + +static void eapol_sm_test_eap_ttls_md5(const void *data) +{ + static const char *eapol_8021x_config = "[Security]\n" + "EAP-Method=TTLS\n" + "EAP-Identity=abc@example.com\n" + "EAP-TTLS-CACert=ell/unit/cert-ca.pem\n" + "EAP-TTLS-ClientCert=ell/unit/cert-client.pem\n" + "EAP-TTLS-ClientKey=ell/unit/cert-client-key.pem\n" + "EAP-TTLS-Phase2-Method=MD5\n" + "EAP-TTLS-Phase2-Identity=abc@example.com\n" + "EAP-TTLS-Phase2-MD5-Secret=testpasswd"; + struct eapol_8021x_eap_ttls_test_state s; + + s.tls.app_data_cb = eapol_sm_test_eap_ttls_new_data; + s.tls.ready_cb = eapol_sm_test_eap_ttls_test_ready; + s.tls.disconnect_cb = eapol_sm_test_tls_test_disconnected; + s.tls.method = EAP_TYPE_TTLS; + + eapol_sm_test_tls(&s.tls, eapol_8021x_config); +} + int main(int argc, char *argv[]) { l_test_init(&argc, &argv); @@ -2432,5 +2518,8 @@ int main(int argc, char *argv[]) l_test_add("EAPoL/8021x EAP-TLS & 4-Way Handshake", &eapol_sm_test_eap_tls, NULL); + l_test_add("EAPoL/8021x EAP-TTLS+EAP-MD5 & 4-Way Handshake", + &eapol_sm_test_eap_ttls_md5, NULL); + return l_test_run(); }