diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index 25b6720c4..e9ecefb9a 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -445,6 +445,19 @@ def test_ap_wpa2_eap_ttls_pap(dev, apdev): check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-1"), ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-1") ]) +def test_ap_wpa2_eap_ttls_pap_incorrect_password(dev, apdev): + """WPA2-Enterprise connection using EAP-TTLS/PAP - incorrect password""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + eap_connect(dev[0], apdev[0], "TTLS", "pap user", + anonymous_identity="ttls", password="wrong", + ca_cert="auth_serv/ca.pem", phase2="auth=PAP", + expect_failure=True) + eap_connect(dev[1], apdev[0], "TTLS", "user", + anonymous_identity="ttls", password="password", + ca_cert="auth_serv/ca.pem", phase2="auth=PAP", + expect_failure=True) + def test_ap_wpa2_eap_ttls_chap(dev, apdev): """WPA2-Enterprise connection using EAP-TTLS/CHAP""" params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") @@ -456,6 +469,19 @@ def test_ap_wpa2_eap_ttls_chap(dev, apdev): hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname']) eap_reauth(dev[0], "TTLS") +def test_ap_wpa2_eap_ttls_chap_incorrect_password(dev, apdev): + """WPA2-Enterprise connection using EAP-TTLS/CHAP - incorrect password""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + eap_connect(dev[0], apdev[0], "TTLS", "chap user", + anonymous_identity="ttls", password="wrong", + ca_cert="auth_serv/ca.pem", phase2="auth=CHAP", + expect_failure=True) + eap_connect(dev[1], apdev[0], "TTLS", "user", + anonymous_identity="ttls", password="password", + ca_cert="auth_serv/ca.pem", phase2="auth=CHAP", + expect_failure=True) + def test_ap_wpa2_eap_ttls_mschap(dev, apdev): """WPA2-Enterprise connection using EAP-TTLS/MSCHAP""" params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") @@ -472,6 +498,23 @@ def test_ap_wpa2_eap_ttls_mschap(dev, apdev): ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP", fragment_size="200") +def test_ap_wpa2_eap_ttls_mschap_incorrect_password(dev, apdev): + """WPA2-Enterprise connection using EAP-TTLS/CHAP - incorrect password""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + eap_connect(dev[0], apdev[0], "TTLS", "mschap user", + anonymous_identity="ttls", password="wrong", + ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP", + expect_failure=True) + eap_connect(dev[1], apdev[0], "TTLS", "user", + anonymous_identity="ttls", password="password", + ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP", + expect_failure=True) + eap_connect(dev[2], apdev[0], "TTLS", "no such user", + anonymous_identity="ttls", password="password", + ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP", + expect_failure=True) + def test_ap_wpa2_eap_ttls_mschapv2(dev, apdev): """WPA2-Enterprise connection using EAP-TTLS/MSCHAPv2""" params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") @@ -501,12 +544,18 @@ def test_ap_wpa2_eap_ttls_mschapv2(dev, apdev): password_hex="hash:8846f7eaee8fb117ad06bdd830b7586c", ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2") - logger.info("Negative test with incorrect password") - dev[0].request("REMOVE_NETWORK all") +def test_ap_wpa2_eap_ttls_mschapv2_incorrect_password(dev, apdev): + """WPA2-Enterprise connection using EAP-TTLS/MSCHAPv2 - incorrect password""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hapd = hostapd.add_ap(apdev[0]['ifname'], params) eap_connect(dev[0], apdev[0], "TTLS", "DOMAIN\mschapv2 user", anonymous_identity="ttls", password="password1", ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2", expect_failure=True) + eap_connect(dev[1], apdev[0], "TTLS", "user", + anonymous_identity="ttls", password="password", + ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2", + expect_failure=True) def test_ap_wpa2_eap_ttls_mschapv2_utf8(dev, apdev): """WPA2-Enterprise connection using EAP-TTLS/MSCHAPv2 and UTF-8 password"""