From 604f559ae472ad2a699231b22388d6888944d674 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 4 Jul 2016 12:15:15 +0300 Subject: [PATCH] tests: Hotspot 2.0 and failures during profile configuration Signed-off-by: Jouni Malinen --- tests/hwsim/auth_serv/eap_user.conf | 1 + tests/hwsim/test_ap_hs20.py | 288 ++++++++++++++++++++++++++++ tests/hwsim/wpasupplicant.py | 2 +- 3 files changed, 290 insertions(+), 1 deletion(-) diff --git a/tests/hwsim/auth_serv/eap_user.conf b/tests/hwsim/auth_serv/eap_user.conf index 329435d11..b85b9c5eb 100644 --- a/tests/hwsim/auth_serv/eap_user.conf +++ b/tests/hwsim/auth_serv/eap_user.conf @@ -106,6 +106,7 @@ radius_accept_attr=89:s:macacl-cui-test "mschap user" TTLS-MSCHAP "password" [2] "DOMAIN\mschapv2 user" TTLS-MSCHAPV2 hash:8846f7eaee8fb117ad06bdd830b7586c [2] "hs20-test" TTLS-MSCHAPV2 "password" [2] +"hs20-test-with-domain@example.com" TTLS-MSCHAPV2 "password" [2] "utf8-user" TTLS-MSCHAPV2 "secret-åäö-€-password" [2] "utf8-user-hash" TTLS-MSCHAPV2 hash:bd5844fad2489992da7fe8c5a01559cf [2] diff --git a/tests/hwsim/test_ap_hs20.py b/tests/hwsim/test_ap_hs20.py index f2db44e65..4d63a7104 100644 --- a/tests/hwsim/test_ap_hs20.py +++ b/tests/hwsim/test_ap_hs20.py @@ -4443,3 +4443,291 @@ def test_ap_hs20_anqp_invalid_gas_response(dev, apdev): raise Exception("No ANQP-QUERY-DONE seen") if "result=SUCCESS" not in ev: raise Exception("Unexpected result: " + ev) + +def test_ap_hs20_set_profile_failures(dev, apdev): + """Hotspot 2.0 and failures during profile configuration""" + bssid = apdev[0]['bssid'] + params = hs20_ap_params() + params['hessid'] = bssid + params['anqp_3gpp_cell_net'] = "555,444" + hapd = hostapd.add_ap(apdev[0], params) + + dev[0].hs20_enable() + dev[0].scan_for_bss(bssid, freq="2412") + + id = dev[0].add_cred_values({ 'realm': "example.com", + 'domain': "example.com", + 'username': "test", + 'password': "secret", + 'eap': 'TTLS' }) + interworking_select(dev[0], bssid, "home", freq=2412) + dev[0].dump_monitor() + dev[0].request("NOTE ssid->eap.eap_methods = os_malloc()") + with alloc_fail(dev[0], 1, "interworking_set_eap_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].remove_cred(id) + + id = dev[0].add_cred_values({ 'realm': "example.com", + 'domain': "example.com", + 'username': "hs20-test-with-domain@example.com", + 'password': "password" }) + interworking_select(dev[0], bssid, "home", freq=2412) + dev[0].dump_monitor() + dev[0].request("NOTE anon = os_malloc()") + with alloc_fail(dev[0], 1, "interworking_set_eap_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE Successful connection with cred->username including realm") + dev[0].request("INTERWORKING_CONNECT " + bssid) + dev[0].wait_connected() + dev[0].remove_cred(id) + dev[0].wait_disconnected() + + id = dev[0].add_cred_values({ 'realm': "example.com", + 'domain': "example.com", + 'username': "hs20-test", + 'password': "password" }) + interworking_select(dev[0], bssid, "home", freq=2412) + dev[0].dump_monitor() + dev[0].request("NOTE anon = os_malloc() (second)") + with alloc_fail(dev[0], 1, "interworking_set_eap_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + with alloc_fail(dev[0], 1, "wpa_config_add_network;interworking_connect"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + with alloc_fail(dev[0], 1, "=interworking_connect"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE wpa_config_set(eap)") + with alloc_fail(dev[0], 1, "wpa_config_parse_eap;wpa_config_set;interworking_connect"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE wpa_config_set(TTLS-NON_EAP_MSCHAPV2-phase2)") + with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].remove_cred(id) + + id = dev[0].add_cred_values({ 'roaming_consortium': "112233", + 'domain': "example.com", + 'username': "hs20-test", + 'password': "password", + 'eap': 'TTLS', + 'phase2': "auth=MSCHAPV2" }) + interworking_select(dev[0], bssid, "home", freq=2412) + dev[0].dump_monitor() + dev[0].request("NOTE anon = os_strdup()") + with alloc_fail(dev[0], 2, "interworking_set_eap_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE wpa_config_set_quoted(anonymous_identity)") + with alloc_fail(dev[0], 1, "=wpa_config_set_quoted;interworking_set_eap_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE Successful connection with cred->realm not included") + dev[0].request("INTERWORKING_CONNECT " + bssid) + dev[0].wait_connected() + dev[0].remove_cred(id) + dev[0].wait_disconnected() + + id = dev[0].add_cred_values({ 'roaming_consortium': "112233", + 'domain': "example.com", + 'realm': "example.com", + 'username': "user", + 'password': "password", + 'eap': 'PEAP' }) + interworking_select(dev[0], bssid, "home", freq=2412) + dev[0].dump_monitor() + dev[0].request("NOTE id = os_strdup()") + with alloc_fail(dev[0], 2, "interworking_set_eap_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE wpa_config_set_quoted(identity)") + with alloc_fail(dev[0], 1, "=wpa_config_set_quoted;interworking_set_eap_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].remove_cred(id) + + id = dev[0].add_cred_values({ 'roaming_consortium': "112233", + 'domain': "example.com", + 'realm': "example.com", + 'username': "user", + 'password': "password", + 'eap': "TTLS" }) + interworking_select(dev[0], bssid, "home", freq=2412) + dev[0].dump_monitor() + dev[0].request("NOTE wpa_config_set_quoted(identity) (second)") + with alloc_fail(dev[0], 2, "=wpa_config_set_quoted;interworking_set_eap_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE wpa_config_set_quoted(password)") + with alloc_fail(dev[0], 3, "=wpa_config_set_quoted;interworking_set_eap_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + with alloc_fail(dev[0], 1, "wpa_config_add_network;interworking_connect_roaming_consortium"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + with alloc_fail(dev[0], 1, "=interworking_connect_roaming_consortium"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].remove_cred(id) + + id = dev[0].add_cred_values({ 'roaming_consortium': "112233", + 'domain': "example.com", + 'realm': "example.com", + 'username': "user", + 'eap': "PEAP" }) + dev[0].set_cred(id, "password", "ext:password"); + interworking_select(dev[0], bssid, "home", freq=2412) + dev[0].dump_monitor() + dev[0].request("NOTE wpa_config_set(password)") + with alloc_fail(dev[0], 3, "wpa_config_set;interworking_set_eap_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + with alloc_fail(dev[0], 1, "interworking_set_hs20_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].remove_cred(id) + + id = dev[0].add_cred_values({ 'realm': "example.com", + 'domain': "example.com", + 'username': "certificate-user", + 'phase1': "include_tls_length=0", + 'domain_suffix_match': "example.com", + 'ca_cert': "auth_serv/ca.pem", + 'client_cert': "auth_serv/user.pem", + 'private_key': "auth_serv/user.key", + 'private_key_passwd': "secret" }) + interworking_select(dev[0], bssid, "home", freq=2412) + dev[0].dump_monitor() + dev[0].request("NOTE wpa_config_set_quoted(client_cert)") + with alloc_fail(dev[0], 2, "=wpa_config_set_quoted;interworking_set_eap_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE wpa_config_set_quoted(private_key)") + with alloc_fail(dev[0], 3, "=wpa_config_set_quoted;interworking_set_eap_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE wpa_config_set_quoted(private_key_passwd)") + with alloc_fail(dev[0], 4, "=wpa_config_set_quoted;interworking_set_eap_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE wpa_config_set_quoted(ca_cert)") + with alloc_fail(dev[0], 5, "=wpa_config_set_quoted;interworking_set_eap_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE wpa_config_set_quoted(domain_suffix_match)") + with alloc_fail(dev[0], 6, "=wpa_config_set_quoted;interworking_set_eap_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + with alloc_fail(dev[0], 1, "interworking_set_hs20_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].remove_cred(id) + + id = dev[0].add_cred_values({ 'imsi': "555444-333222111", 'eap': "SIM", + 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"}) + interworking_select(dev[0], bssid, freq=2412) + dev[0].dump_monitor() + with alloc_fail(dev[0], 1, "interworking_set_hs20_params"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE wpa_config_set_quoted(password;milenage)") + with alloc_fail(dev[0], 2, "=wpa_config_set_quoted;interworking_connect_3gpp"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE wpa_config_set(eap)") + with alloc_fail(dev[0], 1, "wpa_config_parse_eap;wpa_config_set;interworking_connect_3gpp"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE set_root_nai:wpa_config_set(identity)") + with alloc_fail(dev[0], 1, "wpa_config_parse_str;interworking_connect_3gpp"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].remove_cred(id) + + id = dev[0].add_cred_values({ 'roaming_consortium': "112233", + 'username': "user@example.com", + 'password': "password" }) + interworking_select(dev[0], bssid, freq=2412) + dev[0].dump_monitor() + dev[0].request("NOTE Interworking: No EAP method set for credential using roaming consortium") + dev[0].request("INTERWORKING_CONNECT " + bssid) + dev[0].remove_cred(id) + + hapd.disable() + params = hs20_ap_params() + params['nai_realm'] = "0,example.com,25[3:26]" + hapd = hostapd.add_ap(apdev[0], params) + id = dev[0].add_cred_values({ 'realm': "example.com", + 'domain': "example.com", + 'username': "hs20-test", + 'password': "password" }) + interworking_select(dev[0], bssid, freq=2412) + dev[0].dump_monitor() + dev[0].request("NOTE wpa_config_set(PEAP/FAST-phase1)") + with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE wpa_config_set(PEAP/FAST-pac_interworking)") + with alloc_fail(dev[0], 2, "wpa_config_parse_str;wpa_config_set;interworking_connect"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + dev[0].request("NOTE wpa_config_set(PEAP/FAST-phase2)") + with alloc_fail(dev[0], 3, "wpa_config_parse_str;wpa_config_set;interworking_connect"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + + hapd.disable() + params = hs20_ap_params() + params['nai_realm'] = "0,example.com,21" + hapd = hostapd.add_ap(apdev[0], params) + interworking_select(dev[0], bssid, freq=2412) + dev[0].request("NOTE wpa_config_set(TTLS-defaults-phase2)") + with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + + hapd.disable() + params = hs20_ap_params() + params['nai_realm'] = "0,example.com,21[2:3]" + hapd = hostapd.add_ap(apdev[0], params) + interworking_select(dev[0], bssid, freq=2412) + dev[0].request("NOTE wpa_config_set(TTLS-NON_EAP_MSCHAP-phase2)") + with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + + hapd.disable() + params = hs20_ap_params() + params['nai_realm'] = "0,example.com,21[2:2]" + hapd = hostapd.add_ap(apdev[0], params) + interworking_select(dev[0], bssid, freq=2412) + dev[0].request("NOTE wpa_config_set(TTLS-NON_EAP_CHAP-phase2)") + with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + + hapd.disable() + params = hs20_ap_params() + params['nai_realm'] = "0,example.com,21[2:1]" + hapd = hostapd.add_ap(apdev[0], params) + interworking_select(dev[0], bssid, freq=2412) + dev[0].request("NOTE wpa_config_set(TTLS-NON_EAP_PAP-phase2)") + with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + + hapd.disable() + params = hs20_ap_params() + params['nai_realm'] = "0,example.com,21[3:26]" + hapd = hostapd.add_ap(apdev[0], params) + interworking_select(dev[0], bssid, freq=2412) + dev[0].request("NOTE wpa_config_set(TTLS-EAP-MSCHAPV2-phase2)") + with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"): + dev[0].request("INTERWORKING_CONNECT " + bssid) + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") + + dev[0].remove_cred(id) diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py index ddcd6ef49..d50a4c819 100644 --- a/tests/hwsim/wpasupplicant.py +++ b/tests/hwsim/wpasupplicant.py @@ -367,7 +367,7 @@ class WpaSupplicant: quoted = [ "realm", "username", "password", "domain", "imsi", "excluded_ssid", "milenage", "ca_cert", "client_cert", "private_key", "domain_suffix_match", "provisioning_sp", - "roaming_partner", "phase1", "phase2" ] + "roaming_partner", "phase1", "phase2", "private_key_passwd" ] for field in quoted: if field in params: self.set_cred_quoted(id, field, params[field])