From 22b99086ce80c997243f6454f4c7ea672017c56e Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 3 Nov 2013 11:58:38 +0200 Subject: [PATCH] tests: Add more EAP test cases This increases EAP method coverage for WPA2-Enterprise to include EAP-pwd, EAP-GPSK, EAP-SAKE, EAP-EKE, EAP-IKEv2, EAP-PAX, and EAP-PSK. Signed-hostap: Jouni Malinen --- tests/hwsim/auth_serv/eap_user.conf | 8 +++++ tests/hwsim/example-hostapd.config | 1 + tests/hwsim/test_ap_eap.py | 50 +++++++++++++++++++++++++++-- tests/hwsim/wpasupplicant.py | 4 ++- 4 files changed, 60 insertions(+), 3 deletions(-) diff --git a/tests/hwsim/auth_serv/eap_user.conf b/tests/hwsim/auth_serv/eap_user.conf index 2baa278bc..c24a99634 100644 --- a/tests/hwsim/auth_serv/eap_user.conf +++ b/tests/hwsim/auth_serv/eap_user.conf @@ -1,3 +1,11 @@ +"pwd user" PWD "secret password" +"gpsk user" GPSK "abcdefghijklmnop0123456789abcdef" +"sake user" SAKE 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef +"eke user" EKE "hello" +"ikev2 user" IKEV2 "ike password" +"pax.user@example.com" PAX 0123456789abcdef0123456789abcdef +"psk.user@example.com" PSK 0123456789abcdef0123456789abcdef + "0"* AKA "1"* SIM "2"* AKA diff --git a/tests/hwsim/example-hostapd.config b/tests/hwsim/example-hostapd.config index 224aec0d0..89dc6a883 100644 --- a/tests/hwsim/example-hostapd.config +++ b/tests/hwsim/example-hostapd.config @@ -33,6 +33,7 @@ CONFIG_EAP_UNAUTH_TLS=y ifeq ($(CONFIG_TLS), openssl) CONFIG_EAP_PWD=y endif +CONFIG_EAP_EKE=y CONFIG_PKCS12=y CONFIG_RADIUS_SERVER=y CONFIG_IPV6=y diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index d3c32d059..58a3abc44 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -17,12 +17,12 @@ import hostapd def eap_connect(dev, method, identity, anonymous_identity=None, password=None, phase1=None, phase2=None, ca_cert=None, - domain_suffix_match=None): + domain_suffix_match=None, password_hex=None): dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap=method, identity=identity, anonymous_identity=anonymous_identity, password=password, phase1=phase1, phase2=phase2, ca_cert=ca_cert, domain_suffix_match=domain_suffix_match, - wait_connect=False, scan_freq="2412") + wait_connect=False, scan_freq="2412", password_hex=password_hex) ev = dev.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10) if ev is None: raise Exception("Association and EAP start timed out") @@ -257,3 +257,49 @@ def test_ap_wpa2_eap_tls_neg_suffix_match(dev, apdev): ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10) if ev is None: raise Exception("Network block disabling not reported") + +def test_ap_wpa2_eap_pwd(dev, apdev): + """WPA2-Enterprise connection using EAP-pwd""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hostapd.add_ap(apdev[0]['ifname'], params) + eap_connect(dev[0], "PWD", "pwd user", password="secret password") + +def test_ap_wpa2_eap_gpsk(dev, apdev): + """WPA2-Enterprise connection using EAP-GPSK""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hostapd.add_ap(apdev[0]['ifname'], params) + eap_connect(dev[0], "GPSK", "gpsk user", + password="abcdefghijklmnop0123456789abcdef") + +def test_ap_wpa2_eap_sake(dev, apdev): + """WPA2-Enterprise connection using EAP-SAKE""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hostapd.add_ap(apdev[0]['ifname'], params) + eap_connect(dev[0], "SAKE", "sake user", + password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef") + +def test_ap_wpa2_eap_eke(dev, apdev): + """WPA2-Enterprise connection using EAP-EKE""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hostapd.add_ap(apdev[0]['ifname'], params) + eap_connect(dev[0], "EKE", "eke user", password="hello") + +def test_ap_wpa2_eap_ikev2(dev, apdev): + """WPA2-Enterprise connection using EAP-IKEv2""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hostapd.add_ap(apdev[0]['ifname'], params) + eap_connect(dev[0], "IKEV2", "ikev2 user", password="ike password") + +def test_ap_wpa2_eap_pax(dev, apdev): + """WPA2-Enterprise connection using EAP-PAX""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hostapd.add_ap(apdev[0]['ifname'], params) + eap_connect(dev[0], "PAX", "pax.user@example.com", + password_hex="0123456789abcdef0123456789abcdef") + +def test_ap_wpa2_eap_psk(dev, apdev): + """WPA2-Enterprise connection using EAP-PSK""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hostapd.add_ap(apdev[0]['ifname'], params) + eap_connect(dev[0], "PSK", "psk.user@example.com", + password_hex="0123456789abcdef0123456789abcdef") diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py index bb4e569a1..af38a15bb 100644 --- a/tests/hwsim/wpasupplicant.py +++ b/tests/hwsim/wpasupplicant.py @@ -510,7 +510,7 @@ class WpaSupplicant: ieee80211w=None, pairwise=None, group=None, scan_freq=None, eap=None, identity=None, anonymous_identity=None, password=None, phase1=None, phase2=None, ca_cert=None, - domain_suffix_match=None, + domain_suffix_match=None, password_hex=None, wait_connect=True): logger.info("Connect STA " + self.ifname + " to AP") id = self.add_network() @@ -540,6 +540,8 @@ class WpaSupplicant: anonymous_identity) if password: self.set_network_quoted(id, "password", password) + if password_hex: + self.set_network(id, "password", password_hex) if ca_cert: self.set_network_quoted(id, "ca_cert", ca_cert) if phase1: