tests: WPA2-Enterprise with PMF required
Increase test coverage with PMF required configuration and SHA256-based AKM in one of the EAP test cases. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
71390dc87e
commit
2b00519431
1 changed files with 15 additions and 10 deletions
|
|
@ -18,16 +18,17 @@ import hostapd
|
||||||
def eap_connect(dev, method, identity, anonymous_identity=None, password=None,
|
def eap_connect(dev, method, identity, anonymous_identity=None, password=None,
|
||||||
phase1=None, phase2=None, ca_cert=None,
|
phase1=None, phase2=None, ca_cert=None,
|
||||||
domain_suffix_match=None, password_hex=None,
|
domain_suffix_match=None, password_hex=None,
|
||||||
client_cert=None, private_key=None):
|
client_cert=None, private_key=None, sha256=False):
|
||||||
dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap=method,
|
dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256", eap=method,
|
||||||
identity=identity, anonymous_identity=anonymous_identity,
|
identity=identity, anonymous_identity=anonymous_identity,
|
||||||
password=password, phase1=phase1, phase2=phase2,
|
password=password, phase1=phase1, phase2=phase2,
|
||||||
ca_cert=ca_cert, domain_suffix_match=domain_suffix_match,
|
ca_cert=ca_cert, domain_suffix_match=domain_suffix_match,
|
||||||
wait_connect=False, scan_freq="2412", password_hex=password_hex,
|
wait_connect=False, scan_freq="2412", password_hex=password_hex,
|
||||||
client_cert=client_cert, private_key=private_key)
|
client_cert=client_cert, private_key=private_key,
|
||||||
eap_check_auth(dev, method, True)
|
ieee80211w="1")
|
||||||
|
eap_check_auth(dev, method, True, sha256=sha256)
|
||||||
|
|
||||||
def eap_check_auth(dev, method, initial, rsn=True):
|
def eap_check_auth(dev, method, initial, rsn=True, sha256=False):
|
||||||
ev = dev.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10)
|
ev = dev.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10)
|
||||||
if ev is None:
|
if ev is None:
|
||||||
raise Exception("Association and EAP start timed out")
|
raise Exception("Association and EAP start timed out")
|
||||||
|
|
@ -61,16 +62,18 @@ def eap_check_auth(dev, method, initial, rsn=True):
|
||||||
raise Exception("Port not authorized")
|
raise Exception("Port not authorized")
|
||||||
if method not in status["selectedMethod"]:
|
if method not in status["selectedMethod"]:
|
||||||
raise Exception("Incorrect EAP method status")
|
raise Exception("Incorrect EAP method status")
|
||||||
if rsn:
|
if sha256:
|
||||||
|
e = "WPA2-EAP-SHA256"
|
||||||
|
elif rsn:
|
||||||
e = "WPA2/IEEE 802.1X/EAP"
|
e = "WPA2/IEEE 802.1X/EAP"
|
||||||
else:
|
else:
|
||||||
e = "WPA/IEEE 802.1X/EAP"
|
e = "WPA/IEEE 802.1X/EAP"
|
||||||
if status["key_mgmt"] != e:
|
if status["key_mgmt"] != e:
|
||||||
raise Exception("Unexpected key_mgmt status: " + status["key_mgmt"])
|
raise Exception("Unexpected key_mgmt status: " + status["key_mgmt"])
|
||||||
|
|
||||||
def eap_reauth(dev, method, rsn=True):
|
def eap_reauth(dev, method, rsn=True, sha256=False):
|
||||||
dev.request("REAUTHENTICATE")
|
dev.request("REAUTHENTICATE")
|
||||||
eap_check_auth(dev, method, False, rsn=rsn)
|
eap_check_auth(dev, method, False, rsn=rsn, sha256=sha256)
|
||||||
|
|
||||||
def test_ap_wpa2_eap_sim(dev, apdev):
|
def test_ap_wpa2_eap_sim(dev, apdev):
|
||||||
"""WPA2-Enterprise connection using EAP-SIM"""
|
"""WPA2-Enterprise connection using EAP-SIM"""
|
||||||
|
|
@ -361,10 +364,12 @@ def test_ap_wpa2_eap_pax(dev, apdev):
|
||||||
def test_ap_wpa2_eap_psk(dev, apdev):
|
def test_ap_wpa2_eap_psk(dev, apdev):
|
||||||
"""WPA2-Enterprise connection using EAP-PSK"""
|
"""WPA2-Enterprise connection using EAP-PSK"""
|
||||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
params["wpa_key_mgmt"] = "WPA-EAP-SHA256"
|
||||||
|
params["ieee80211w"] = "2"
|
||||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||||
eap_connect(dev[0], "PSK", "psk.user@example.com",
|
eap_connect(dev[0], "PSK", "psk.user@example.com",
|
||||||
password_hex="0123456789abcdef0123456789abcdef")
|
password_hex="0123456789abcdef0123456789abcdef", sha256=True)
|
||||||
eap_reauth(dev[0], "PSK")
|
eap_reauth(dev[0], "PSK", sha256=True)
|
||||||
|
|
||||||
def test_ap_wpa_eap_peap_eap_mschapv2(dev, apdev):
|
def test_ap_wpa_eap_peap_eap_mschapv2(dev, apdev):
|
||||||
"""WPA-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2"""
|
"""WPA-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2"""
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue