jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

tests: Add more EAP test cases

Browse source 
This increases EAP method coverage for WPA2-Enterprise to include
EAP-pwd, EAP-GPSK, EAP-SAKE, EAP-EKE, EAP-IKEv2, EAP-PAX, and EAP-PSK.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2013-11-03 11:58:38 +02:00
parent 186c905912
commit 22b99086ce
4 changed files with 60 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
tests/hwsim/auth_serv/eap_user.conf
View file

@ -1,3 +1,11 @@
"pwd user" PWD "secret password"
"gpsk user" GPSK "abcdefghijklmnop0123456789abcdef"
"sake user" SAKE 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
"eke user" EKE "hello"
"ikev2 user" IKEV2 "ike password"
"pax.user@example.com" PAX 0123456789abcdef0123456789abcdef
"psk.user@example.com" PSK 0123456789abcdef0123456789abcdef
"0"* AKA "0"* AKA
"1"* SIM "1"* SIM
"2"* AKA "2"* AKA

1
tests/hwsim/example-hostapd.config
View file

@ -33,6 +33,7 @@ CONFIG_EAP_UNAUTH_TLS=y
ifeq ($(CONFIG_TLS), openssl) ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y CONFIG_EAP_PWD=y
endif endif
CONFIG_EAP_EKE=y
CONFIG_PKCS12=y CONFIG_PKCS12=y
CONFIG_RADIUS_SERVER=y CONFIG_RADIUS_SERVER=y
CONFIG_IPV6=y CONFIG_IPV6=y

50
tests/hwsim/test_ap_eap.py
View file

@ -17,12 +17,12 @@ import hostapd
def eap_connect(dev, method, identity, anonymous_identity=None, password=None, def eap_connect(dev, method, identity, anonymous_identity=None, password=None,
phase1=None, phase2=None, ca_cert=None, phase1=None, phase2=None, ca_cert=None,
domain_suffix_match=None): domain_suffix_match=None, password_hex=None):
dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap=method, dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap=method,
identity=identity, anonymous_identity=anonymous_identity, identity=identity, anonymous_identity=anonymous_identity,
password=password, phase1=phase1, phase2=phase2, password=password, phase1=phase1, phase2=phase2,
ca_cert=ca_cert, domain_suffix_match=domain_suffix_match, ca_cert=ca_cert, domain_suffix_match=domain_suffix_match,
wait_connect=False, scan_freq="2412") wait_connect=False, scan_freq="2412", password_hex=password_hex)
ev = dev.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10) ev = dev.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10)
if ev is None: if ev is None:
raise Exception("Association and EAP start timed out") raise Exception("Association and EAP start timed out")
@ -257,3 +257,49 @@ def test_ap_wpa2_eap_tls_neg_suffix_match(dev, apdev):
ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10) ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
if ev is None: if ev is None:
raise Exception("Network block disabling not reported") raise Exception("Network block disabling not reported")
def test_ap_wpa2_eap_pwd(dev, apdev):
"""WPA2-Enterprise connection using EAP-pwd"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "PWD", "pwd user", password="secret password")
def test_ap_wpa2_eap_gpsk(dev, apdev):
"""WPA2-Enterprise connection using EAP-GPSK"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "GPSK", "gpsk user",
password="abcdefghijklmnop0123456789abcdef")
def test_ap_wpa2_eap_sake(dev, apdev):
"""WPA2-Enterprise connection using EAP-SAKE"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "SAKE", "sake user",
password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")
def test_ap_wpa2_eap_eke(dev, apdev):
"""WPA2-Enterprise connection using EAP-EKE"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "EKE", "eke user", password="hello")
def test_ap_wpa2_eap_ikev2(dev, apdev):
"""WPA2-Enterprise connection using EAP-IKEv2"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "IKEV2", "ikev2 user", password="ike password")
def test_ap_wpa2_eap_pax(dev, apdev):
"""WPA2-Enterprise connection using EAP-PAX"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "PAX", "pax.user@example.com",
password_hex="0123456789abcdef0123456789abcdef")
def test_ap_wpa2_eap_psk(dev, apdev):
"""WPA2-Enterprise connection using EAP-PSK"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], "PSK", "psk.user@example.com",
password_hex="0123456789abcdef0123456789abcdef")

4
tests/hwsim/wpasupplicant.py
View file

@ -510,7 +510,7 @@ class WpaSupplicant:
ieee80211w=None, pairwise=None, group=None, scan_freq=None, ieee80211w=None, pairwise=None, group=None, scan_freq=None,
eap=None, identity=None, anonymous_identity=None, eap=None, identity=None, anonymous_identity=None,
password=None, phase1=None, phase2=None, ca_cert=None, password=None, phase1=None, phase2=None, ca_cert=None,
domain_suffix_match=None, domain_suffix_match=None, password_hex=None,
wait_connect=True): wait_connect=True):
logger.info("Connect STA " + self.ifname + " to AP") logger.info("Connect STA " + self.ifname + " to AP")
id = self.add_network() id = self.add_network()
@ -540,6 +540,8 @@ class WpaSupplicant:
anonymous_identity) anonymous_identity)
if password: if password:
self.set_network_quoted(id, "password", password) self.set_network_quoted(id, "password", password)
if password_hex:
self.set_network(id, "password", password_hex)
if ca_cert: if ca_cert:
self.set_network_quoted(id, "ca_cert", ca_cert) self.set_network_quoted(id, "ca_cert", ca_cert)
if phase1: if phase1: