| Chetan Gaonker | cb122cc | 2016-05-10 10:58:34 -0700 | [diff] [blame^] | 1 | #!/usr/bin/env python |
| Chetan Gaonker | cfcce78 | 2016-05-10 10:10:42 -0700 | [diff] [blame] | 2 | # |
| 3 | # Copyright 2016-present Ciena Corporation |
| 4 | # |
| 5 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | # you may not use this file except in compliance with the License. |
| 7 | # You may obtain a copy of the License at |
| 8 | # |
| 9 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | # |
| 11 | # Unless required by applicable law or agreed to in writing, software |
| 12 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | # See the License for the specific language governing permissions and |
| 15 | # limitations under the License. |
| 16 | # |
| Chetan Gaonker | b424ff8 | 2016-03-08 12:11:12 -0800 | [diff] [blame] | 17 | import sys, os |
| 18 | from EapolAAA import * |
| 19 | from enum import * |
| 20 | import noseMd5AuthHolder as md5AuthHolder |
| 21 | from socket import * |
| 22 | from struct import * |
| 23 | from md5 import md5 |
| 24 | from scapy.all import * |
| 25 | from nose.tools import * |
| 26 | from CordTestBase import CordTester |
| 27 | |
| 28 | class MD5AuthTest(EapolPacket, CordTester): |
| 29 | |
| 30 | md5StateTable = Enumeration("MD5StateTable", ("ST_EAP_SETUP", |
| 31 | "ST_EAP_START", |
| 32 | "ST_EAP_ID_REQ", |
| 33 | "ST_EAP_MD5_CHALLENGE", |
| 34 | "ST_EAP_STATUS", |
| 35 | "ST_EAP_MD5_DONE" |
| 36 | ) |
| 37 | ) |
| 38 | md5EventTable = Enumeration("MD5EventTable", ("EVT_EAP_SETUP", |
| 39 | "EVT_EAP_START", |
| 40 | "EVT_EAP_ID_REQ", |
| 41 | "EVT_EAP_MD5_CHALLENGE", |
| 42 | "EVT_EAP_STATUS", |
| 43 | "EVT_EAP_MD5_DONE" |
| 44 | ) |
| 45 | ) |
| 46 | def __init__(self, intf = 'veth0', password = "password", required_status = "EAP_SUCCESS"): |
| 47 | self.passwd = password |
| 48 | self.req_status = required_status |
| 49 | self.fsmTable = md5AuthHolder.initMd5AuthHolderFsmTable(self, self.md5StateTable, self.md5EventTable) |
| 50 | EapolPacket.__init__(self, intf) |
| 51 | CordTester.__init__(self, self.fsmTable, self.md5StateTable.ST_EAP_MD5_DONE) |
| 52 | self.currentState = self.md5StateTable.ST_EAP_SETUP |
| 53 | self.currentEvent = self.md5EventTable.EVT_EAP_SETUP |
| 54 | self.nextState = None |
| 55 | self.nextEvent = None |
| 56 | |
| 57 | def _eapSetup(self): |
| 58 | print 'Inside EAP Setup' |
| 59 | self.setup() |
| 60 | self.nextEvent = self.md5EventTable.EVT_EAP_START |
| 61 | |
| 62 | def _eapStart(self): |
| 63 | print 'Inside EAP Start' |
| 64 | self.eapol_start() |
| 65 | self.nextEvent = self.md5EventTable.EVT_EAP_ID_REQ |
| 66 | |
| 67 | def _eapIdReq(self): |
| 68 | print 'Inside EAP ID Req' |
| 69 | p = self.eapol_recv() |
| 70 | code, pkt_id, eaplen = unpack("!BBH", p[0:4]) |
| 71 | print "Code %d, id %d, len %d" %(code, pkt_id, eaplen) |
| 72 | assert_equal(code, EAP_REQUEST) |
| 73 | reqtype = unpack("!B", p[4:5])[0] |
| 74 | reqdata = p[5:4+eaplen] |
| 75 | assert_equal(reqtype, EAP_TYPE_ID) |
| 76 | print "<====== Send EAP Response with identity = %s ================>" % USER |
| 77 | self.eapol_id_req(pkt_id, USER) |
| 78 | self.nextEvent = self.md5EventTable.EVT_EAP_MD5_CHALLENGE |
| 79 | |
| 80 | def _eapMd5Challenge(self): |
| 81 | print 'Inside EAP MD5 Challenge Exchange' |
| 82 | challenge,pkt_id =self.eap_md5_challenge_recv(self.passwd) |
| 83 | resp=md5(challenge).digest() |
| 84 | resp=chr(len(resp))+resp |
| 85 | length= 5+len(resp) |
| 86 | print "Generated MD5 challenge is %s Length : %d" % (resp,length) |
| 87 | print "--> Send EAP response with MD5 challenge" |
| 88 | eap_payload = self.eap(EAP_RESPONSE, pkt_id, EAP_TYPE_MD5, str(resp)) |
| 89 | self.eapol_send(EAPOL_EAPPACKET, eap_payload) |
| 90 | self.nextEvent = self.md5EventTable.EVT_EAP_STATUS |
| 91 | |
| 92 | def _eapStatus(self): |
| 93 | print 'Inside EAP Status -- Sucess/Failure' |
| 94 | if self.req_status == "EAP_SUCCESS": |
| 95 | status=self.eap_Status() |
| 96 | print "<============EAP code received is = %d ====================>" % status |
| 97 | assert_equal(status, EAP_SUCCESS) |
| 98 | print"Received EAP SUCCESS" |
| 99 | else: |
| 100 | print 'Inside EAP Status -- Sucess/Failure ===> SUCCESS should not be received , Since Negative Testcase' |
| 101 | self.s.settimeout(10) |
| 102 | assert_equal(self.s.gettimeout(), 10) |
| 103 | print "Check if the socket timed out ====> Since negative testcase socket should timeout because ONOS is not sending the EAP FAILURE Message" |
| 104 | assert_raises(socket.error, self.s.recv, 1024) |
| 105 | self.nextEvent = self.md5EventTable.EVT_EAP_MD5_DONE |
| 106 | |
| 107 | def _wrong_password(self): |
| 108 | print 'Start Testcase for EAP-MD5 Wrong Password' |
| 109 | #self._eap_md5_states() |
| 110 | self.__init__(intf = 'veth0', password = "wrong_password", required_status = "EAP_FAILURE") |
| 111 | |
| 112 | |