tests: ERP with EAP-SIM/AKA/AKA' fast reauthentication

Verify Session-Id derivation when using EAP-SIM/AKA/AKA' fast
reauthentication.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-05-25 17:18:39 +03:00
parent 5eefa8115b
commit 2d11e5d5e6

View file

@ -229,7 +229,7 @@ def run_erp_radius_ext(dev, apdev):
raise Exception("Did not use ERP") raise Exception("Did not use ERP")
dev[0].wait_connected(timeout=15, error="Reconnection timed out") dev[0].wait_connected(timeout=15, error="Reconnection timed out")
def erp_test(dev, hapd, **kwargs): def erp_test(dev, hapd, reauth=False, **kwargs):
res = dev.get_capability("eap") res = dev.get_capability("eap")
if kwargs['eap'] not in res: if kwargs['eap'] not in res:
logger.info("Skip ERP test with %s due to missing support" % kwargs['eap']) logger.info("Skip ERP test with %s due to missing support" % kwargs['eap'])
@ -241,7 +241,23 @@ def erp_test(dev, hapd, **kwargs):
scan_freq="2412", **kwargs) scan_freq="2412", **kwargs)
dev.request("DISCONNECT") dev.request("DISCONNECT")
dev.wait_disconnected(timeout=15) dev.wait_disconnected(timeout=15)
dev.dump_monitor()
hapd.dump_monitor() hapd.dump_monitor()
if reauth:
dev.request("ERP_FLUSH")
dev.request("RECONNECT")
ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
if ev is None:
raise Exception("EAP success timed out")
if "EAP re-authentication completed successfully" in ev:
raise Exception("Used ERP unexpectedly")
dev.wait_connected(timeout=15, error="Reconnection timed out")
dev.request("DISCONNECT")
dev.wait_disconnected(timeout=15)
dev.dump_monitor()
hapd.dump_monitor()
dev.request("RECONNECT") dev.request("RECONNECT")
ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15) ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
if ev is None: if ev is None:
@ -268,8 +284,14 @@ def test_erp_radius_eap_methods(dev, apdev):
erp_test(dev[0], hapd, eap="AKA", identity="0232010000000000@example.com", erp_test(dev[0], hapd, eap="AKA", identity="0232010000000000@example.com",
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123") password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
erp_test(dev[0], hapd, reauth=True,
eap="AKA", identity="0232010000000000@example.com",
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
erp_test(dev[0], hapd, eap="AKA'", identity="6555444333222111@example.com", erp_test(dev[0], hapd, eap="AKA'", identity="6555444333222111@example.com",
password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123") password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
erp_test(dev[0], hapd, reauth=True,
eap="AKA'", identity="6555444333222111@example.com",
password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
erp_test(dev[0], hapd, eap="EKE", identity="erp-eke@example.com", erp_test(dev[0], hapd, eap="EKE", identity="erp-eke@example.com",
password="hello") password="hello")
if "FAST" in eap_methods: if "FAST" in eap_methods:
@ -297,6 +319,9 @@ def test_erp_radius_eap_methods(dev, apdev):
password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef") password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")
erp_test(dev[0], hapd, eap="SIM", identity="1232010000000000@example.com", erp_test(dev[0], hapd, eap="SIM", identity="1232010000000000@example.com",
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581") password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
erp_test(dev[0], hapd, reauth=True,
eap="SIM", identity="1232010000000000@example.com",
password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
erp_test(dev[0], hapd, eap="TLS", identity="erp-tls@example.com", erp_test(dev[0], hapd, eap="TLS", identity="erp-tls@example.com",
ca_cert="auth_serv/ca.pem", client_cert="auth_serv/user.pem", ca_cert="auth_serv/ca.pem", client_cert="auth_serv/user.pem",
private_key="auth_serv/user.key") private_key="auth_serv/user.key")