tests: Incorrect/missing password with TTLS non-EAP methods
Incorrect password was already tested with TTLS/MSCHAPv2, but the other non-EAP inner methods in TTLS use their own implementation of password validation, so check each and also verify the case of no matching EAP user entry for the specific method. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
dbd1e184e3
commit
82a8f5b533
1 changed files with 51 additions and 2 deletions
|
@ -445,6 +445,19 @@ def test_ap_wpa2_eap_ttls_pap(dev, apdev):
|
||||||
check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-1"),
|
check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-1"),
|
||||||
("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-1") ])
|
("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-1") ])
|
||||||
|
|
||||||
|
def test_ap_wpa2_eap_ttls_pap_incorrect_password(dev, apdev):
|
||||||
|
"""WPA2-Enterprise connection using EAP-TTLS/PAP - incorrect password"""
|
||||||
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
||||||
|
eap_connect(dev[0], apdev[0], "TTLS", "pap user",
|
||||||
|
anonymous_identity="ttls", password="wrong",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
|
||||||
|
expect_failure=True)
|
||||||
|
eap_connect(dev[1], apdev[0], "TTLS", "user",
|
||||||
|
anonymous_identity="ttls", password="password",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
|
||||||
|
expect_failure=True)
|
||||||
|
|
||||||
def test_ap_wpa2_eap_ttls_chap(dev, apdev):
|
def test_ap_wpa2_eap_ttls_chap(dev, apdev):
|
||||||
"""WPA2-Enterprise connection using EAP-TTLS/CHAP"""
|
"""WPA2-Enterprise connection using EAP-TTLS/CHAP"""
|
||||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
@ -456,6 +469,19 @@ def test_ap_wpa2_eap_ttls_chap(dev, apdev):
|
||||||
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
|
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
|
||||||
eap_reauth(dev[0], "TTLS")
|
eap_reauth(dev[0], "TTLS")
|
||||||
|
|
||||||
|
def test_ap_wpa2_eap_ttls_chap_incorrect_password(dev, apdev):
|
||||||
|
"""WPA2-Enterprise connection using EAP-TTLS/CHAP - incorrect password"""
|
||||||
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
||||||
|
eap_connect(dev[0], apdev[0], "TTLS", "chap user",
|
||||||
|
anonymous_identity="ttls", password="wrong",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="auth=CHAP",
|
||||||
|
expect_failure=True)
|
||||||
|
eap_connect(dev[1], apdev[0], "TTLS", "user",
|
||||||
|
anonymous_identity="ttls", password="password",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="auth=CHAP",
|
||||||
|
expect_failure=True)
|
||||||
|
|
||||||
def test_ap_wpa2_eap_ttls_mschap(dev, apdev):
|
def test_ap_wpa2_eap_ttls_mschap(dev, apdev):
|
||||||
"""WPA2-Enterprise connection using EAP-TTLS/MSCHAP"""
|
"""WPA2-Enterprise connection using EAP-TTLS/MSCHAP"""
|
||||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
@ -472,6 +498,23 @@ def test_ap_wpa2_eap_ttls_mschap(dev, apdev):
|
||||||
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
|
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
|
||||||
fragment_size="200")
|
fragment_size="200")
|
||||||
|
|
||||||
|
def test_ap_wpa2_eap_ttls_mschap_incorrect_password(dev, apdev):
|
||||||
|
"""WPA2-Enterprise connection using EAP-TTLS/CHAP - incorrect password"""
|
||||||
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
||||||
|
eap_connect(dev[0], apdev[0], "TTLS", "mschap user",
|
||||||
|
anonymous_identity="ttls", password="wrong",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
|
||||||
|
expect_failure=True)
|
||||||
|
eap_connect(dev[1], apdev[0], "TTLS", "user",
|
||||||
|
anonymous_identity="ttls", password="password",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
|
||||||
|
expect_failure=True)
|
||||||
|
eap_connect(dev[2], apdev[0], "TTLS", "no such user",
|
||||||
|
anonymous_identity="ttls", password="password",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
|
||||||
|
expect_failure=True)
|
||||||
|
|
||||||
def test_ap_wpa2_eap_ttls_mschapv2(dev, apdev):
|
def test_ap_wpa2_eap_ttls_mschapv2(dev, apdev):
|
||||||
"""WPA2-Enterprise connection using EAP-TTLS/MSCHAPv2"""
|
"""WPA2-Enterprise connection using EAP-TTLS/MSCHAPv2"""
|
||||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
@ -501,12 +544,18 @@ def test_ap_wpa2_eap_ttls_mschapv2(dev, apdev):
|
||||||
password_hex="hash:8846f7eaee8fb117ad06bdd830b7586c",
|
password_hex="hash:8846f7eaee8fb117ad06bdd830b7586c",
|
||||||
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
|
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
|
||||||
|
|
||||||
logger.info("Negative test with incorrect password")
|
def test_ap_wpa2_eap_ttls_mschapv2_incorrect_password(dev, apdev):
|
||||||
dev[0].request("REMOVE_NETWORK all")
|
"""WPA2-Enterprise connection using EAP-TTLS/MSCHAPv2 - incorrect password"""
|
||||||
|
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||||
|
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
||||||
eap_connect(dev[0], apdev[0], "TTLS", "DOMAIN\mschapv2 user",
|
eap_connect(dev[0], apdev[0], "TTLS", "DOMAIN\mschapv2 user",
|
||||||
anonymous_identity="ttls", password="password1",
|
anonymous_identity="ttls", password="password1",
|
||||||
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
|
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
|
||||||
expect_failure=True)
|
expect_failure=True)
|
||||||
|
eap_connect(dev[1], apdev[0], "TTLS", "user",
|
||||||
|
anonymous_identity="ttls", password="password",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
|
||||||
|
expect_failure=True)
|
||||||
|
|
||||||
def test_ap_wpa2_eap_ttls_mschapv2_utf8(dev, apdev):
|
def test_ap_wpa2_eap_ttls_mschapv2_utf8(dev, apdev):
|
||||||
"""WPA2-Enterprise connection using EAP-TTLS/MSCHAPv2 and UTF-8 password"""
|
"""WPA2-Enterprise connection using EAP-TTLS/MSCHAPv2 and UTF-8 password"""
|
||||||
|
|
Loading…
Reference in a new issue