blob: 04cd40d623b5f746d814bcaf5d6117c35a91f48b [file] [log] [blame]
Chetan Gaonkercb122cc2016-05-10 10:58:34 -07001#!/usr/bin/env python
Chetan Gaonkercfcce782016-05-10 10:10:42 -07002#
3# Copyright 2016-present Ciena Corporation
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16#
A R Karthicka2e53d62016-02-19 17:38:30 -080017#### Authentication parameters
Chetan Gaonker35cb16f2016-03-02 03:05:28 -080018from scapy.all import *
A R Karthicka2e53d62016-02-19 17:38:30 -080019from socket import *
20from struct import *
A R Karthicka2e53d62016-02-19 17:38:30 -080021import sys
22from nose.tools import assert_equal, assert_not_equal, assert_raises, assert_true
23
24USER = "raduser"
25PASS = "radpass"
26WRONG_USER = "XXXX"
27WRONG_PASS = "XXXX"
28NO_USER = ""
29NO_PASS = ""
30DEV = "tap0"
31ETHERTYPE_PAE = 0x888e
32PAE_GROUP_ADDR = "\xff\xff\xff\xff\xff\xff"
33EAPOL_VERSION = 1
34EAPOL_EAPPACKET = 0
35EAPOL_START = 1
36EAPOL_LOGOFF = 2
37EAPOL_KEY = 3
38EAPOL_ASF = 4
39EAP_REQUEST = 1
40EAP_RESPONSE = 2
41EAP_SUCCESS = 3
42EAP_FAILURE = 4
43EAP_TYPE_ID = 1
44EAP_TYPE_MD5 = 4
45EAP_TYPE_MSCHAP = 26
46EAP_TYPE_TLS = 13
47cCertMsg = '\x0b\x00\x00\x03\x00\x00\x00'
48TLS_LENGTH_INCLUDED = 0x80
49
A R Karthicka2e53d62016-02-19 17:38:30 -080050class EapolPacket(object):
51
52 def __init__(self, intf = 'veth0'):
53 self.intf = intf
54 self.s = None
55 self.max_payload_size = 1600
56
57 def setup(self):
58 self.s = socket(AF_PACKET, SOCK_RAW, htons(ETHERTYPE_PAE))
59 self.s.bind((self.intf, ETHERTYPE_PAE))
60 self.mymac = self.s.getsockname()[4]
Chetan Gaonker35cb16f2016-03-02 03:05:28 -080061 self.llheader = Ether(dst = PAE_GROUP_ADDR, src = self.mymac, type = ETHERTYPE_PAE)
Chetan Gaonker5b366302016-03-21 16:18:21 -070062 self.recv_sock = L2Socket(iface = self.intf, type = ETHERTYPE_PAE)
A R Karthicka2e53d62016-02-19 17:38:30 -080063
64 def cleanup(self):
65 if self.s is not None:
66 self.s.close()
67 self.s = None
68
69 def eapol(self, req_type, payload=""):
Chetan Gaonker35cb16f2016-03-02 03:05:28 -080070 return EAPOL(version = EAPOL_VERSION, type = req_type)/payload
A R Karthicka2e53d62016-02-19 17:38:30 -080071
72 def eap(self, code, pkt_id, req_type=0, data=""):
Chetan Gaonker35cb16f2016-03-02 03:05:28 -080073 return EAP(code = code, id = pkt_id, type = req_type)/data
A R Karthicka2e53d62016-02-19 17:38:30 -080074
75 def eapTLS(self, code, pkt_id, flags = TLS_LENGTH_INCLUDED, data=""):
76 req_type = EAP_TYPE_TLS
77 if code in [EAP_SUCCESS, EAP_FAILURE]:
78 return pack("!BBH", code, pkt_id, 4)
79 else:
80 if flags & TLS_LENGTH_INCLUDED:
81 flags_dlen = pack("!BL", flags, len(data))
82 return pack("!BBHB", code, pkt_id, 5+len(flags_dlen)+len(data), req_type) + flags_dlen + data
83 flags_str = pack("!B", flags)
84 return pack("!BBHB", code, pkt_id, 5+len(flags_str)+len(data), req_type) + flags_str + data
85
86 def eapol_send(self, eapol_type, eap_payload):
Chetan Gaonker35cb16f2016-03-02 03:05:28 -080087 return sendp(self.llheader/self.eapol(eapol_type, eap_payload), iface=self.intf)
A R Karthicka2e53d62016-02-19 17:38:30 -080088
89 def eapol_recv(self):
90 p = self.s.recv(self.max_payload_size)[14:]
91 vers,pkt_type,eapollen = unpack("!BBH",p[:4])
92 print "Version %d, type %d, len %d" %(vers, pkt_type, eapollen)
93 assert_equal(pkt_type, EAPOL_EAPPACKET)
94 return p[4:]
95
Chetan Gaonker5b366302016-03-21 16:18:21 -070096 def eapol_scapy_recv(self, cb = None, lfilter = None, count = 1):
97 def eapol_default_cb(pkt): pass
98 if cb is None:
99 cb = eapol_default_cb
100 sniff(prn = cb, lfilter = lfilter, count = count, opened_socket = self.recv_sock)
101
A R Karthicka2e53d62016-02-19 17:38:30 -0800102 def eapol_start(self):
103 eap_payload = self.eap(EAPOL_START, 2)
104 return self.eapol_send(EAPOL_START, eap_payload)
105
106 def eapol_id_req(self, pkt_id = 0, user = USER):
107 eap_payload = self.eap(EAP_RESPONSE, pkt_id, EAP_TYPE_ID, user)
108 return self.eapol_send(EAPOL_EAPPACKET, eap_payload)
109
Chetan Gaonker4a25e2b2016-03-04 14:45:15 -0800110 def eap_md5_challenge_recv(self,rad_pwd):
111 PASS = rad_pwd
112 print 'Inside EAP MD5 Challenge Exchange'
113 p = self.s.recv(self.max_payload_size)[14:]
114 vers,pkt_type,eapollen = unpack("!BBH",p[:4])
115 print "EAPOL Version %d, type %d, len %d" %(vers, pkt_type, eapollen)
116 code, pkt_id, eaplen = unpack("!BBH", p[4:8])
117 print "EAP Code %d, id %d, len %d" %(code, pkt_id, eaplen)
118 assert_equal(code, EAP_REQUEST)
119 reqtype = unpack("!B", p[8:9])[0]
120 reqdata = p[9:4+eaplen]
121 print 'Request type is %d' %(reqtype)
122 assert_equal(reqtype, EAP_TYPE_MD5)
123 challenge=pack("!B",pkt_id)+PASS+reqdata[1:]
124 print "Generating md5 challenge for %s" % challenge
125 return (challenge,pkt_id)
126
127 def eap_Status(self):
128 print 'Inside EAP Status'
129 p = self.s.recv(self.max_payload_size)[14:]
130 code, id, eaplen = unpack("!BBH", p[4:8])
131 return code
132