From 1e22dc742844c60e615319b55f6cf26f9d0abfda Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 12 Jan 2016 23:40:44 +0200 Subject: [PATCH] tests: ERP and anonymous identity Signed-off-by: Jouni Malinen --- tests/hwsim/test_erp.py | 73 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 72 insertions(+), 1 deletion(-) diff --git a/tests/hwsim/test_erp.py b/tests/hwsim/test_erp.py index e98e2a79b..01e81d01a 100644 --- a/tests/hwsim/test_erp.py +++ b/tests/hwsim/test_erp.py @@ -11,7 +11,7 @@ import os import time import hostapd -from utils import HwsimSkip +from utils import HwsimSkip, alloc_fail, wait_fail_trigger from test_ap_eap import int_eap_server_params from test_ap_psk import find_wpas_process, read_process_memory, verify_not_present, get_key_locations @@ -415,3 +415,74 @@ def test_erp_key_lifetime_in_memory(dev, apdev, params): get_key_locations(buf, rIK, "rIK") verify_not_present(buf, rRK, fname, "rRK") verify_not_present(buf, rIK, fname, "rIK") + +def test_erp_anonymous_identity(dev, apdev): + """ERP and anonymous identity""" + check_erp_capa(dev[0]) + params = int_eap_server_params() + params['erp_send_reauth_start'] = '1' + params['erp_domain'] = 'example.com' + params['eap_server_erp'] = '1' + params['disable_pmksa_caching'] = '1' + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + + dev[0].request("ERP_FLUSH") + dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", + identity="erp-ttls@example.com", + anonymous_identity="anonymous@example.com", + password="password", + ca_cert="auth_serv/ca.pem", phase2="auth=PAP", + erp="1", scan_freq="2412") + for i in range(3): + dev[0].request("DISCONNECT") + dev[0].wait_disconnected(timeout=15) + dev[0].request("RECONNECT") + ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15) + if ev is None: + raise Exception("EAP success timed out") + if "EAP re-authentication completed successfully" not in ev: + raise Exception("Did not use ERP") + dev[0].wait_connected(timeout=15, error="Reconnection timed out") + +def test_erp_home_realm_oom(dev, apdev): + """ERP and home realm OOM""" + check_erp_capa(dev[0]) + params = int_eap_server_params() + params['erp_send_reauth_start'] = '1' + params['erp_domain'] = 'example.com' + params['eap_server_erp'] = '1' + params['disable_pmksa_caching'] = '1' + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + + for count in range(1, 3): + with alloc_fail(dev[0], count, "eap_home_realm"): + dev[0].request("ERP_FLUSH") + dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", + identity="erp-ttls@example.com", + anonymous_identity="anonymous@example.com", + password="password", + ca_cert="auth_serv/ca.pem", phase2="auth=PAP", + erp="1", scan_freq="2412", wait_connect=False) + dev[0].wait_connected(timeout=10) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected() + + for count in range(1, 3): + dev[0].request("ERP_FLUSH") + dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", + identity="erp-ttls@example.com", + anonymous_identity="anonymous@example.com", + password="password", + ca_cert="auth_serv/ca.pem", phase2="auth=PAP", + erp="1", scan_freq="2412", wait_connect=False) + dev[0].wait_connected(timeout=10) + if range > 1: + continue + with alloc_fail(dev[0], count, "eap_home_realm"): + dev[0].request("DISCONNECT") + dev[0].wait_disconnected(timeout=15) + dev[0].request("RECONNECT") + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected()