tests: Adding EAP-SIM/AKA coverage for ID selection

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2023-09-21 10:56:42 +03:00 committed by Jouni Malinen
parent ec6acdbb6b
commit 71b26a7675

View file

@ -429,6 +429,26 @@ def test_ap_wpa2_eap_sim_sql(dev, apdev, params):
logger.info("SIM reauth with max reauth count reached") logger.info("SIM reauth with max reauth count reached")
eap_reauth(dev[0], "SIM") eap_reauth(dev[0], "SIM")
def test_ap_wpa2_eap_sim_sql_fallback_to_pseudonym(dev, apdev, params):
"""WPA2-Enterprise connection using EAP-SIM (SQL) and fallback to pseudonym without SIM-Identity"""
run_ap_wpa2_eap_sim_sql_fallback_to_pseudonym(dev, apdev, params, 7)
def run_ap_wpa2_eap_sim_sql_fallback_to_pseudonym(dev, apdev, params,
eap_sim_id):
check_hlr_auc_gw_support()
db = os.path.join(params['logdir'], "hostapd.db")
params = int_eap_server_params()
params['eap_sim_db'] = 'unix:/tmp/hlr_auc_gw.sock db=' + db
params['eap_sim_aka_fast_reauth_limit'] = '0'
params['eap_sim_id'] = str(eap_sim_id)
hapd = hostapd.add_ap(apdev[0], params)
eap_connect(dev[0], hapd, "SIM", "1232010000000000",
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
logger.info("SIM fallback from fast re-auth to full auth with pseudonym")
eap_reauth(dev[0], "SIM")
def test_ap_wpa2_eap_sim_config(dev, apdev): def test_ap_wpa2_eap_sim_config(dev, apdev):
"""EAP-SIM configuration options""" """EAP-SIM configuration options"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
@ -476,6 +496,22 @@ def test_ap_wpa2_eap_sim_id_3(dev, apdev):
"""WPA2-Enterprise connection using EAP-SIM (pseudonym and reauth)""" """WPA2-Enterprise connection using EAP-SIM (pseudonym and reauth)"""
run_ap_wpa2_eap_sim_id(dev, apdev, 3) run_ap_wpa2_eap_sim_id(dev, apdev, 3)
def test_ap_wpa2_eap_sim_id_4(dev, apdev):
"""WPA2-Enterprise connection using EAP-SIM (no pseudonym or reauth)"""
run_ap_wpa2_eap_sim_id(dev, apdev, 4)
def test_ap_wpa2_eap_sim_id_5(dev, apdev):
"""WPA2-Enterprise connection using EAP-SIM (pseudonym, no reauth)"""
run_ap_wpa2_eap_sim_id(dev, apdev, 5)
def test_ap_wpa2_eap_sim_id_6(dev, apdev):
"""WPA2-Enterprise connection using EAP-SIM (no pseudonym, reauth)"""
run_ap_wpa2_eap_sim_id(dev, apdev, 6)
def test_ap_wpa2_eap_sim_id_7(dev, apdev):
"""WPA2-Enterprise connection using EAP-SIM (pseudonym and reauth)"""
run_ap_wpa2_eap_sim_id(dev, apdev, 7)
def run_ap_wpa2_eap_sim_id(dev, apdev, eap_sim_id): def run_ap_wpa2_eap_sim_id(dev, apdev, eap_sim_id):
check_hlr_auc_gw_support() check_hlr_auc_gw_support()
params = int_eap_server_params() params = int_eap_server_params()
@ -1098,9 +1134,25 @@ def test_ap_wpa2_eap_aka(dev, apdev):
def test_ap_wpa2_eap_aka_imsi_identity(dev, apdev, params): def test_ap_wpa2_eap_aka_imsi_identity(dev, apdev, params):
"""WPA2-Enterprise connection using EAP-AKA and imsi_identity""" """WPA2-Enterprise connection using EAP-AKA and imsi_identity"""
run_ap_wpa2_eap_aka_imsi_identity(dev, apdev, params, False)
def test_ap_wpa2_eap_aka_imsi_identity_fallback(dev, apdev, params):
"""WPA2-Enterprise connection using EAP-AKA and imsi_identity"""
run_ap_wpa2_eap_aka_imsi_identity(dev, apdev, params, True)
def run_ap_wpa2_eap_aka_imsi_identity(dev, apdev, params, fallback):
check_hlr_auc_gw_support() check_hlr_auc_gw_support()
prefix = params['prefix'] prefix = params['prefix']
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") if fallback:
db = os.path.join(params['logdir'], "hostapd.db")
params = int_eap_server_params()
params['imsi_privacy_key'] = "auth_serv/imsi-privacy-key.pem"
params['eap_sim_db'] = 'unix:/tmp/hlr_auc_gw.sock db=' + db
params['eap_sim_aka_fast_reauth_limit'] = '0'
params['eap_sim_id'] = "7"
else:
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hapd = hostapd.add_ap(apdev[0], params) hapd = hostapd.add_ap(apdev[0], params)
check_imsi_privacy_support(hapd) check_imsi_privacy_support(hapd)
@ -1242,6 +1294,71 @@ def test_ap_wpa2_eap_aka_sql(dev, apdev, params):
logger.info("AKA reauth with max reauth count reached") logger.info("AKA reauth with max reauth count reached")
eap_reauth(dev[0], "AKA") eap_reauth(dev[0], "AKA")
def test_ap_wpa2_eap_aka_sql_fallback_to_pseudonym_id(dev, apdev, params):
"""WPA2-Enterprise connection using EAP-AKA (SQL) and fallback to pseudonym using AKA-Identity"""
run_ap_wpa2_eap_aka_sql_fallback_to_pseudonym(dev, apdev, params, 3)
def test_ap_wpa2_eap_aka_sql_fallback_to_pseudonym(dev, apdev, params):
"""WPA2-Enterprise connection using EAP-AKA (SQL) and fallback to pseudonym without AKA-Identity"""
run_ap_wpa2_eap_aka_sql_fallback_to_pseudonym(dev, apdev, params, 7)
def run_ap_wpa2_eap_aka_sql_fallback_to_pseudonym(dev, apdev, params,
eap_sim_id):
check_hlr_auc_gw_support()
db = os.path.join(params['logdir'], "hostapd.db")
params = int_eap_server_params()
params['eap_sim_db'] = 'unix:/tmp/hlr_auc_gw.sock db=' + db
params['eap_sim_aka_fast_reauth_limit'] = '0'
params['eap_sim_id'] = str(eap_sim_id)
hapd = hostapd.add_ap(apdev[0], params)
eap_connect(dev[0], hapd, "AKA", "0232010000000000",
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000000")
logger.info("AKA fallback from fast re-auth to full auth with pseudonym")
eap_reauth(dev[0], "AKA")
def test_ap_wpa2_eap_aka_id_0(dev, apdev):
"""WPA2-Enterprise connection using EAP-AKA (no pseudonym or reauth)"""
run_ap_wpa2_eap_aka_id(dev, apdev, 0)
def test_ap_wpa2_eap_aka_id_1(dev, apdev):
"""WPA2-Enterprise connection using EAP-AKA (pseudonym, no reauth)"""
run_ap_wpa2_eap_aka_id(dev, apdev, 1)
def test_ap_wpa2_eap_aka_id_2(dev, apdev):
"""WPA2-Enterprise connection using EAP-AKA (no pseudonym, reauth)"""
run_ap_wpa2_eap_aka_id(dev, apdev, 2)
def test_ap_wpa2_eap_aka_id_3(dev, apdev):
"""WPA2-Enterprise connection using EAP-AKA (pseudonym and reauth)"""
run_ap_wpa2_eap_aka_id(dev, apdev, 3)
def test_ap_wpa2_eap_aka_id_4(dev, apdev):
"""WPA2-Enterprise connection using EAP-AKA (no pseudonym or reauth)"""
run_ap_wpa2_eap_aka_id(dev, apdev, 4)
def test_ap_wpa2_eap_aka_id_5(dev, apdev):
"""WPA2-Enterprise connection using EAP-AKA (pseudonym, no reauth)"""
run_ap_wpa2_eap_aka_id(dev, apdev, 5)
def test_ap_wpa2_eap_aka_id_6(dev, apdev):
"""WPA2-Enterprise connection using EAP-AKA (no pseudonym, reauth)"""
run_ap_wpa2_eap_aka_id(dev, apdev, 6)
def test_ap_wpa2_eap_aka_id_7(dev, apdev):
"""WPA2-Enterprise connection using EAP-AKA (pseudonym and reauth)"""
run_ap_wpa2_eap_aka_id(dev, apdev, 7)
def run_ap_wpa2_eap_aka_id(dev, apdev, eap_sim_id):
check_hlr_auc_gw_support()
params = int_eap_server_params()
params['eap_sim_id'] = str(eap_sim_id)
params['eap_sim_db'] = 'unix:/tmp/hlr_auc_gw.sock'
hapd = hostapd.add_ap(apdev[0], params)
eap_connect(dev[0], hapd, "AKA", "0232010000000000",
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000000")
eap_reauth(dev[0], "AKA")
def test_ap_wpa2_eap_aka_config(dev, apdev): def test_ap_wpa2_eap_aka_config(dev, apdev):
"""EAP-AKA configuration options""" """EAP-AKA configuration options"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")