tests: EAP-GTC server error cases
In addition, no-password-configured coverage extended to EAP-MD5 and EAP-MSCHAPv2 as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
745d93695b
commit
95a15d793e
2 changed files with 82 additions and 0 deletions
|
@ -84,6 +84,8 @@ radius_accept_attr=27:d:3
|
||||||
"utf8-user-hash" TTLS-MSCHAPV2 hash:bd5844fad2489992da7fe8c5a01559cf [2]
|
"utf8-user-hash" TTLS-MSCHAPV2 hash:bd5844fad2489992da7fe8c5a01559cf [2]
|
||||||
|
|
||||||
"user" MSCHAPV2,MD5,GTC "password" [2]
|
"user" MSCHAPV2,MD5,GTC "password" [2]
|
||||||
|
"user2" MSCHAPV2,MD5,GTC "password" [2]
|
||||||
|
"user-no-passwd" MSCHAPV2,MD5,GTC [2]
|
||||||
"cert user" TLS [2]
|
"cert user" TLS [2]
|
||||||
|
|
||||||
"hs20-deauth-test" TTLS-MSCHAPV2 "password" [2]
|
"hs20-deauth-test" TTLS-MSCHAPV2 "password" [2]
|
||||||
|
|
|
@ -906,6 +906,48 @@ def test_ap_wpa2_eap_ttls_eap_gtc(dev, apdev):
|
||||||
hwsim_utils.test_connectivity(dev[0], hapd)
|
hwsim_utils.test_connectivity(dev[0], hapd)
|
||||||
eap_reauth(dev[0], "TTLS")
|
eap_reauth(dev[0], "TTLS")
|
||||||
|
|
||||||
|
def test_ap_wpa2_eap_ttls_eap_gtc_incorrect_password(dev, apdev):
|
||||||
|
"""WPA2-Enterprise connection using EAP-TTLS/EAP-GTC - incorrect password"""
|
||||||
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
||||||
|
eap_connect(dev[0], apdev[0], "TTLS", "user",
|
||||||
|
anonymous_identity="ttls", password="wrong",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
|
||||||
|
expect_failure=True)
|
||||||
|
|
||||||
|
def test_ap_wpa2_eap_ttls_eap_gtc_no_password(dev, apdev):
|
||||||
|
"""WPA2-Enterprise connection using EAP-TTLS/EAP-GTC - no password"""
|
||||||
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
||||||
|
eap_connect(dev[0], apdev[0], "TTLS", "user-no-passwd",
|
||||||
|
anonymous_identity="ttls", password="password",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
|
||||||
|
expect_failure=True)
|
||||||
|
|
||||||
|
def test_ap_wpa2_eap_ttls_eap_gtc_server_oom(dev, apdev):
|
||||||
|
"""WPA2-Enterprise connection using EAP-TTLS/EAP-GTC - server OOM"""
|
||||||
|
params = int_eap_server_params()
|
||||||
|
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
||||||
|
with alloc_fail(hapd, 1, "eap_gtc_init"):
|
||||||
|
eap_connect(dev[0], apdev[0], "TTLS", "user",
|
||||||
|
anonymous_identity="ttls", password="password",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
|
||||||
|
expect_failure=True)
|
||||||
|
dev[0].request("REMOVE_NETWORK all")
|
||||||
|
|
||||||
|
with alloc_fail(hapd, 1, "eap_gtc_buildReq"):
|
||||||
|
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
|
||||||
|
eap="TTLS", identity="user",
|
||||||
|
anonymous_identity="ttls", password="password",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
|
||||||
|
wait_connect=False, scan_freq="2412")
|
||||||
|
# This would eventually time out, but we can stop after having reached
|
||||||
|
# the allocation failure.
|
||||||
|
for i in range(20):
|
||||||
|
time.sleep(0.1)
|
||||||
|
if hapd.request("GET_ALLOC_FAIL").startswith('0'):
|
||||||
|
break
|
||||||
|
|
||||||
def test_ap_wpa2_eap_ttls_eap_md5(dev, apdev):
|
def test_ap_wpa2_eap_ttls_eap_md5(dev, apdev):
|
||||||
"""WPA2-Enterprise connection using EAP-TTLS/EAP-MD5"""
|
"""WPA2-Enterprise connection using EAP-TTLS/EAP-MD5"""
|
||||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
@ -925,6 +967,15 @@ def test_ap_wpa2_eap_ttls_eap_md5_incorrect_password(dev, apdev):
|
||||||
ca_cert="auth_serv/ca.pem", phase2="autheap=MD5",
|
ca_cert="auth_serv/ca.pem", phase2="autheap=MD5",
|
||||||
expect_failure=True)
|
expect_failure=True)
|
||||||
|
|
||||||
|
def test_ap_wpa2_eap_ttls_eap_md5_no_password(dev, apdev):
|
||||||
|
"""WPA2-Enterprise connection using EAP-TTLS/EAP-MD5 - no password"""
|
||||||
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
||||||
|
eap_connect(dev[0], apdev[0], "TTLS", "user-no-passwd",
|
||||||
|
anonymous_identity="ttls", password="password",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="autheap=MD5",
|
||||||
|
expect_failure=True)
|
||||||
|
|
||||||
def test_ap_wpa2_eap_ttls_eap_md5_server_oom(dev, apdev):
|
def test_ap_wpa2_eap_ttls_eap_md5_server_oom(dev, apdev):
|
||||||
"""WPA2-Enterprise connection using EAP-TTLS/EAP-MD5 - server OOM"""
|
"""WPA2-Enterprise connection using EAP-TTLS/EAP-MD5 - server OOM"""
|
||||||
params = int_eap_server_params()
|
params = int_eap_server_params()
|
||||||
|
@ -966,6 +1017,15 @@ def test_ap_wpa2_eap_ttls_eap_mschapv2(dev, apdev):
|
||||||
ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2",
|
ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2",
|
||||||
expect_failure=True)
|
expect_failure=True)
|
||||||
|
|
||||||
|
def test_ap_wpa2_eap_ttls_eap_mschapv2_no_password(dev, apdev):
|
||||||
|
"""WPA2-Enterprise connection using EAP-TTLS/EAP-MSCHAPv2 - no password"""
|
||||||
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
||||||
|
eap_connect(dev[0], apdev[0], "TTLS", "user-no-passwd",
|
||||||
|
anonymous_identity="ttls", password="password",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2",
|
||||||
|
expect_failure=True)
|
||||||
|
|
||||||
def test_ap_wpa2_eap_ttls_eap_aka(dev, apdev):
|
def test_ap_wpa2_eap_ttls_eap_aka(dev, apdev):
|
||||||
"""WPA2-Enterprise connection using EAP-TTLS/EAP-AKA"""
|
"""WPA2-Enterprise connection using EAP-TTLS/EAP-AKA"""
|
||||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
@ -1981,6 +2041,26 @@ def test_ap_wpa2_eap_fast_gtc_auth_prov(dev, apdev):
|
||||||
if res['tls_session_reused'] != '1':
|
if res['tls_session_reused'] != '1':
|
||||||
raise Exception("EAP-FAST could not use PAC session ticket")
|
raise Exception("EAP-FAST could not use PAC session ticket")
|
||||||
|
|
||||||
|
def test_ap_wpa2_eap_fast_gtc_identity_change(dev, apdev):
|
||||||
|
"""WPA2-Enterprise connection using EAP-FAST/GTC and identity changing"""
|
||||||
|
check_eap_capa(dev[0], "FAST")
|
||||||
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
||||||
|
id = eap_connect(dev[0], apdev[0], "FAST", "user",
|
||||||
|
anonymous_identity="FAST", password="password",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="auth=GTC",
|
||||||
|
phase1="fast_provisioning=2",
|
||||||
|
pac_file="blob://fast_pac_auth")
|
||||||
|
dev[0].set_network_quoted(id, "identity", "user2")
|
||||||
|
dev[0].wait_disconnected()
|
||||||
|
ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
|
||||||
|
if ev is None:
|
||||||
|
raise Exception("EAP-FAST not started")
|
||||||
|
ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
|
||||||
|
if ev is None:
|
||||||
|
raise Exception("EAP failure not reported")
|
||||||
|
dev[0].wait_disconnected()
|
||||||
|
|
||||||
def test_ap_wpa2_eap_tls_ocsp(dev, apdev):
|
def test_ap_wpa2_eap_tls_ocsp(dev, apdev):
|
||||||
"""WPA2-Enterprise connection using EAP-TLS and verifying OCSP"""
|
"""WPA2-Enterprise connection using EAP-TLS and verifying OCSP"""
|
||||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
|
Loading…
Reference in a new issue