Chetan Gaonker | cfcce78 | 2016-05-10 10:10:42 -0700 | [diff] [blame] | 1 | # |
| 2 | # Copyright 2016-present Ciena Corporation |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | # you may not use this file except in compliance with the License. |
| 6 | # You may obtain a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | # See the License for the specific language governing permissions and |
| 14 | # limitations under the License. |
| 15 | # |
A R Karthick | a2e53d6 | 2016-02-19 17:38:30 -0800 | [diff] [blame] | 16 | #### Authentication parameters |
Chetan Gaonker | 35cb16f | 2016-03-02 03:05:28 -0800 | [diff] [blame] | 17 | from scapy.all import * |
A R Karthick | a2e53d6 | 2016-02-19 17:38:30 -0800 | [diff] [blame] | 18 | from socket import * |
| 19 | from struct import * |
A R Karthick | a2e53d6 | 2016-02-19 17:38:30 -0800 | [diff] [blame] | 20 | import sys |
| 21 | from nose.tools import assert_equal, assert_not_equal, assert_raises, assert_true |
| 22 | |
| 23 | USER = "raduser" |
| 24 | PASS = "radpass" |
| 25 | WRONG_USER = "XXXX" |
| 26 | WRONG_PASS = "XXXX" |
| 27 | NO_USER = "" |
| 28 | NO_PASS = "" |
| 29 | DEV = "tap0" |
| 30 | ETHERTYPE_PAE = 0x888e |
| 31 | PAE_GROUP_ADDR = "\xff\xff\xff\xff\xff\xff" |
| 32 | EAPOL_VERSION = 1 |
| 33 | EAPOL_EAPPACKET = 0 |
| 34 | EAPOL_START = 1 |
| 35 | EAPOL_LOGOFF = 2 |
| 36 | EAPOL_KEY = 3 |
| 37 | EAPOL_ASF = 4 |
| 38 | EAP_REQUEST = 1 |
| 39 | EAP_RESPONSE = 2 |
| 40 | EAP_SUCCESS = 3 |
| 41 | EAP_FAILURE = 4 |
| 42 | EAP_TYPE_ID = 1 |
| 43 | EAP_TYPE_MD5 = 4 |
| 44 | EAP_TYPE_MSCHAP = 26 |
| 45 | EAP_TYPE_TLS = 13 |
| 46 | cCertMsg = '\x0b\x00\x00\x03\x00\x00\x00' |
| 47 | TLS_LENGTH_INCLUDED = 0x80 |
| 48 | |
A R Karthick | a2e53d6 | 2016-02-19 17:38:30 -0800 | [diff] [blame] | 49 | class EapolPacket(object): |
| 50 | |
| 51 | def __init__(self, intf = 'veth0'): |
| 52 | self.intf = intf |
| 53 | self.s = None |
| 54 | self.max_payload_size = 1600 |
| 55 | |
| 56 | def setup(self): |
| 57 | self.s = socket(AF_PACKET, SOCK_RAW, htons(ETHERTYPE_PAE)) |
| 58 | self.s.bind((self.intf, ETHERTYPE_PAE)) |
| 59 | self.mymac = self.s.getsockname()[4] |
Chetan Gaonker | 35cb16f | 2016-03-02 03:05:28 -0800 | [diff] [blame] | 60 | self.llheader = Ether(dst = PAE_GROUP_ADDR, src = self.mymac, type = ETHERTYPE_PAE) |
Chetan Gaonker | 5b36630 | 2016-03-21 16:18:21 -0700 | [diff] [blame] | 61 | self.recv_sock = L2Socket(iface = self.intf, type = ETHERTYPE_PAE) |
A R Karthick | a2e53d6 | 2016-02-19 17:38:30 -0800 | [diff] [blame] | 62 | |
| 63 | def cleanup(self): |
| 64 | if self.s is not None: |
| 65 | self.s.close() |
| 66 | self.s = None |
| 67 | |
| 68 | def eapol(self, req_type, payload=""): |
Chetan Gaonker | 35cb16f | 2016-03-02 03:05:28 -0800 | [diff] [blame] | 69 | return EAPOL(version = EAPOL_VERSION, type = req_type)/payload |
A R Karthick | a2e53d6 | 2016-02-19 17:38:30 -0800 | [diff] [blame] | 70 | |
| 71 | def eap(self, code, pkt_id, req_type=0, data=""): |
Chetan Gaonker | 35cb16f | 2016-03-02 03:05:28 -0800 | [diff] [blame] | 72 | return EAP(code = code, id = pkt_id, type = req_type)/data |
A R Karthick | a2e53d6 | 2016-02-19 17:38:30 -0800 | [diff] [blame] | 73 | |
| 74 | def eapTLS(self, code, pkt_id, flags = TLS_LENGTH_INCLUDED, data=""): |
| 75 | req_type = EAP_TYPE_TLS |
| 76 | if code in [EAP_SUCCESS, EAP_FAILURE]: |
| 77 | return pack("!BBH", code, pkt_id, 4) |
| 78 | else: |
| 79 | if flags & TLS_LENGTH_INCLUDED: |
| 80 | flags_dlen = pack("!BL", flags, len(data)) |
| 81 | return pack("!BBHB", code, pkt_id, 5+len(flags_dlen)+len(data), req_type) + flags_dlen + data |
| 82 | flags_str = pack("!B", flags) |
| 83 | return pack("!BBHB", code, pkt_id, 5+len(flags_str)+len(data), req_type) + flags_str + data |
| 84 | |
| 85 | def eapol_send(self, eapol_type, eap_payload): |
Chetan Gaonker | 35cb16f | 2016-03-02 03:05:28 -0800 | [diff] [blame] | 86 | return sendp(self.llheader/self.eapol(eapol_type, eap_payload), iface=self.intf) |
A R Karthick | a2e53d6 | 2016-02-19 17:38:30 -0800 | [diff] [blame] | 87 | |
| 88 | def eapol_recv(self): |
| 89 | p = self.s.recv(self.max_payload_size)[14:] |
| 90 | vers,pkt_type,eapollen = unpack("!BBH",p[:4]) |
| 91 | print "Version %d, type %d, len %d" %(vers, pkt_type, eapollen) |
| 92 | assert_equal(pkt_type, EAPOL_EAPPACKET) |
| 93 | return p[4:] |
| 94 | |
Chetan Gaonker | 5b36630 | 2016-03-21 16:18:21 -0700 | [diff] [blame] | 95 | def eapol_scapy_recv(self, cb = None, lfilter = None, count = 1): |
| 96 | def eapol_default_cb(pkt): pass |
| 97 | if cb is None: |
| 98 | cb = eapol_default_cb |
| 99 | sniff(prn = cb, lfilter = lfilter, count = count, opened_socket = self.recv_sock) |
| 100 | |
A R Karthick | a2e53d6 | 2016-02-19 17:38:30 -0800 | [diff] [blame] | 101 | def eapol_start(self): |
| 102 | eap_payload = self.eap(EAPOL_START, 2) |
| 103 | return self.eapol_send(EAPOL_START, eap_payload) |
| 104 | |
| 105 | def eapol_id_req(self, pkt_id = 0, user = USER): |
| 106 | eap_payload = self.eap(EAP_RESPONSE, pkt_id, EAP_TYPE_ID, user) |
| 107 | return self.eapol_send(EAPOL_EAPPACKET, eap_payload) |
| 108 | |
Chetan Gaonker | 4a25e2b | 2016-03-04 14:45:15 -0800 | [diff] [blame] | 109 | def eap_md5_challenge_recv(self,rad_pwd): |
| 110 | PASS = rad_pwd |
| 111 | print 'Inside EAP MD5 Challenge Exchange' |
| 112 | p = self.s.recv(self.max_payload_size)[14:] |
| 113 | vers,pkt_type,eapollen = unpack("!BBH",p[:4]) |
| 114 | print "EAPOL Version %d, type %d, len %d" %(vers, pkt_type, eapollen) |
| 115 | code, pkt_id, eaplen = unpack("!BBH", p[4:8]) |
| 116 | print "EAP Code %d, id %d, len %d" %(code, pkt_id, eaplen) |
| 117 | assert_equal(code, EAP_REQUEST) |
| 118 | reqtype = unpack("!B", p[8:9])[0] |
| 119 | reqdata = p[9:4+eaplen] |
| 120 | print 'Request type is %d' %(reqtype) |
| 121 | assert_equal(reqtype, EAP_TYPE_MD5) |
| 122 | challenge=pack("!B",pkt_id)+PASS+reqdata[1:] |
| 123 | print "Generating md5 challenge for %s" % challenge |
| 124 | return (challenge,pkt_id) |
| 125 | |
| 126 | def eap_Status(self): |
| 127 | print 'Inside EAP Status' |
| 128 | p = self.s.recv(self.max_payload_size)[14:] |
| 129 | code, id, eaplen = unpack("!BBH", p[4:8]) |
| 130 | return code |
| 131 | |