From 3adc44e65b47dcdb11561e68937dd3c516fc0c86 Mon Sep 17 00:00:00 2001
From: Pierre Lorinquer <pierre.lorinquer@ssi.gouv.fr>
Date: Tue, 18 Apr 2017 14:07:57 +0200
Subject: [PATCH] LEAP - (Cisco) Lightweight EAP support added.

---
 scapy/layers/l2.py  | 20 ++++++++++++++++++++
 test/regression.uts | 42 +++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 61 insertions(+), 1 deletion(-)

diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py
index b3c626dd..4ae73856 100644
--- a/scapy/layers/l2.py
+++ b/scapy/layers/l2.py
@@ -591,6 +591,26 @@ class EAP_FAST(EAP):
     ]
 
 
+class LEAP(EAP):
+    """
+    Cisco LEAP (Lightweight EAP)
+    https://freeradius.org/rfc/leap.txt
+    """
+
+    name = "Cisco LEAP"
+    fields_desc = [
+        ByteEnumField("code", 1, eap_codes),
+        ByteField("id", 0),
+        ShortField("len", None),
+        ByteEnumField("type", 17, eap_types),
+        ByteField('version', 1),
+        XByteField('unused', 0),
+        FieldLenField("count", None, "challenge_response", "B", adjust=lambda p, x: len(p.challenge_response)),
+        XStrLenField("challenge_response", "", length_from=lambda p: 0 or p.count),
+        StrLenField("username", "", length_from=lambda p: p.len - (8 + (0 or p.count)))
+    ]
+
+
 #############################################################################
 ##### IEEE 802.1X-2010 - MACsec Key Agreement (MKA) protocol
 #############################################################################
diff --git a/test/regression.uts b/test/regression.uts
index a4205431..ac28da6b 100644
--- a/test/regression.uts
+++ b/test/regression.uts
@@ -5838,23 +5838,60 @@ assert(eap[EAP_MD5].value_size == 16)
 assert(eap[EAP_MD5].value == b'\xfd\x1e\xffe\xf5\x80y\xa8\xe3\xc8\xf1\xbd\xc2\x85\xae\xcf')
 assert(eap[EAP_MD5].optional_name == '')
 
+= EAP - LEAP - Basic Instantiation
+str(LEAP()) == b'\x01\x00\x00\x08\x11\x01\x00\x00'
+
+= EAP - LEAP - Request - Dissection (10)
+s = b'\x01D\x00\x1c\x11\x01\x00\x088\xb6\xd7\xa1E<!\x15supplicant-1'
+eap = LEAP(s)
+assert(eap.code == 1)
+assert(eap.id == 68)
+assert(eap.len == 28)
+assert(eap.type == 17)
+assert(eap.haslayer(LEAP))
+assert(eap[LEAP].version == 1)
+assert(eap[LEAP].count == 8)
+assert(eap[LEAP].challenge_response == b'8\xb6\xd7\xa1E<!\x15')
+assert(eap[LEAP].username == "supplicant-1")
+
+= EAP - LEAP - Response - Dissection (11)
+s = b'\x02D\x00,\x11\x01\x00\x18\xb3\x82[\x82\x8a\xc8M*\xf3\xe7\xb3\xad,7\x8b\xbfG\x81\xda\xbf\xe6\xc1\x9b\x95supplicant-1'
+eap = LEAP(s)
+assert(eap.code == 2)
+assert(eap.id == 68)
+assert(eap.len == 44)
+assert(eap.type == 17)
+assert(eap.haslayer(LEAP))
+assert(eap[LEAP].version == 1)
+assert(eap[LEAP].count == 24)
+assert(eap[LEAP].challenge_response == b'\xb3\x82[\x82\x8a\xc8M*\xf3\xe7\xb3\xad,7\x8b\xbfG\x81\xda\xbf\xe6\xc1\x9b\x95')
+assert(eap[LEAP].username == "supplicant-1")
+
 = EAP - Layers (1)
 eap = EAP_MD5()
 assert(EAP_MD5 in eap)
 assert(not EAP_TLS in eap)
 assert(not EAP_FAST in eap)
+assert(not LEAP in eap)
 assert(EAP in eap)
 eap = EAP_TLS()
 assert(EAP_TLS in eap)
 assert(not EAP_MD5 in eap)
 assert(not EAP_FAST in eap)
+assert(not LEAP in eap)
 assert(EAP in eap)
 eap = EAP_FAST()
 assert(EAP_FAST in eap)
 assert(not EAP_MD5 in eap)
 assert(not EAP_TLS in eap)
+assert(not LEAP in eap)
+assert(EAP in eap)
+eap = LEAP()
+assert(not EAP_MD5 in eap)
+assert(not EAP_TLS in eap)
+assert(not EAP_FAST in eap)
+assert(LEAP in eap)
 assert(EAP in eap)
-
 
 = EAP - Layers (2)
 eap = EAP_MD5()
@@ -5863,6 +5900,9 @@ eap = EAP_TLS()
 assert(type(eap[EAP]) == EAP_TLS)
 eap = EAP_FAST()
 assert(type(eap[EAP]) == EAP_FAST)
+eap = LEAP()
+assert(type(eap[EAP]) == LEAP)
+
 
 
 ############
-- 
GitLab