tests: HS 2.0 deauthentication imminent with and without URL timing

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-21 22:57:51 +02:00 · 2022-11-21 22:57:51 +02:00 · 22a5d615ba
commit 22a5d615ba
parent 34d93b0c9d
2 changed files with 20 additions and 5 deletions
--- a/tests/hwsim/auth_serv/eap_user.conf
+++ b/tests/hwsim/auth_serv/eap_user.conf
@ -152,6 +152,10 @@ radius_accept_attr=56:x:32000011
 "hs20-deauth-test"	TTLS-MSCHAPV2	"password"	[2]
 radius_accept_attr=26:x:00009f680405016400

+"hs20-deauth-test-url"	TTLS-MSCHAPV2	"password"	[2]
+radius_accept_attr=26:x:00009f68042000000068747470733a2f2f6578616d706c652e636f6d2f6465617574682f
+
+
 "hs20-subrem-test"	TTLS-MSCHAPV2	"password"	[2]
 radius_accept_attr=26:x:00009f6801170168747470733a2f2f6578616d706c652e636f6d2f

--- a/tests/hwsim/test_ap_hs20.py
+++ b/tests/hwsim/test_ap_hs20.py
@ -2587,7 +2587,15 @@ def test_ap_hs20_deauth_req_from_radius(dev, apdev):
    finally:
        dev[0].request("SET pmf 0")

-def _test_ap_hs20_deauth_req_from_radius(dev, apdev):
+def test_ap_hs20_deauth_req_from_radius_url(dev, apdev):
+    """Hotspot 2.0 connection and deauthentication request from RADIUS with URL"""
+    check_eap_capa(dev[0], "MSCHAPV2")
+    try:
+        _test_ap_hs20_deauth_req_from_radius(dev, apdev, url=True)
+    finally:
+        dev[0].set("pmf", "0")
+
+def _test_ap_hs20_deauth_req_from_radius(dev, apdev, url=False):
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['nai_realm'] = ["0,example.com,21[2:4]"]
@ -2596,17 +2604,20 @@ def _test_ap_hs20_deauth_req_from_radius(dev, apdev):

    dev[0].request("SET pmf 2")
    dev[0].hs20_enable()
+    user = "hs20-deauth-test-url" if url else "hs20-deauth-test"
    dev[0].add_cred_values({'realm': "example.com",
-                            'username': "hs20-deauth-test",
+                            'username': user,
                            'password': "password"})
    interworking_select(dev[0], bssid, freq="2412")
    interworking_connect(dev[0], bssid, "TTLS")
    ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"], timeout=5)
    if ev is None:
        raise Exception("Timeout on deauth imminent notice")
-    if " 1 100" not in ev:
-        raise Exception("Unexpected deauth imminent contents")
-    dev[0].wait_disconnected(timeout=3)
+    if not url and ev.split(' ', 1)[1] != "1 100 ":
+        raise Exception("Unexpected deauth imminent contents: " + ev)
+    if url and ev.split(' ', 1)[1] != "0 0 https://example.com/deauth/":
+        raise Exception("Unexpected deauth imminent contents: " + ev)
+    dev[0].wait_disconnected(timeout=3 if url else 1)

 def test_ap_hs20_deauth_req_without_pmf(dev, apdev):
    """Hotspot 2.0 connection and deauthentication request without PMF"""