From f22bc11846ed2ffd419527022919d30e93ef3aca Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Fri, 10 Feb 2017 16:05:33 +0200
Subject: [PATCH] tests: EAP-SIM tunneled within EAP-TTLS/PEAP/FAST

This verifies both the internal and external GSM authentication
operation when EAP-SIM is tunneled within EAP-TTLS/PEAP/FAST.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
 tests/hwsim/auth_serv/eap_user.conf |   3 +
 tests/hwsim/test_ap_eap.py          | 125 ++++++++++++++++++++++++++++
 2 files changed, 128 insertions(+)

diff --git a/tests/hwsim/auth_serv/eap_user.conf b/tests/hwsim/auth_serv/eap_user.conf
index aebcd2556..495e95668 100644
--- a/tests/hwsim/auth_serv/eap_user.conf
+++ b/tests/hwsim/auth_serv/eap_user.conf
@@ -77,6 +77,9 @@ radius_accept_attr=56:x:32000011
 "0232010000000000@ttls"	TTLS,AKA
 "0232010000000000@peap"	PEAP,AKA
 "0232010000000000@fast"	FAST,AKA
+"1232010000000000@ttls"	TTLS,SIM
+"1232010000000000@peap"	PEAP,SIM
+"1232010000000000@fast"	FAST,SIM
 "6555444333222111@both" AKA',AKA
 "peap-ver0"	PEAP	[ver=0]
 "peap-ver1"	PEAP	[ver=1]
diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index 4ac55a107..7d9330d14 100644
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -1632,6 +1632,131 @@ def test_ap_wpa2_eap_ttls_eap_mschapv2_server_oom(dev, apdev):
                 break
         dev[0].request("REMOVE_NETWORK all")
 
+def test_ap_wpa2_eap_ttls_eap_sim(dev, apdev):
+    """WPA2-Enterprise connection using EAP-TTLS/EAP-SIM"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hapd = hostapd.add_ap(apdev[0], params)
+    eap_connect(dev[0], hapd, "TTLS", "1232010000000000",
+                anonymous_identity="1232010000000000@ttls",
+                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
+                ca_cert="auth_serv/ca.pem", phase2="autheap=SIM")
+    eap_reauth(dev[0], "TTLS")
+
+def run_ext_sim_auth(dev):
+    ev = dev.wait_event(["CTRL-REQ-SIM"], timeout=15)
+    if ev is None:
+        raise Exception("Wait for external SIM processing request timed out")
+    p = ev.split(':', 2)
+    if p[1] != "GSM-AUTH":
+        raise Exception("Unexpected CTRL-REQ-SIM type")
+    rid = p[0].split('-')[3]
+    rand = p[2].split(' ')[0]
+
+    res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
+                                   "-m",
+                                   "auth_serv/hlr_auc_gw.milenage_db",
+                                   "GSM-AUTH-REQ 232010000000000 " + rand])
+    if "GSM-AUTH-RESP" not in res:
+        raise Exception("Unexpected hlr_auc_gw response")
+    resp = res.split(' ')[2].rstrip()
+
+    dev.request("CTRL-RSP-SIM-" + rid + ":GSM-AUTH:" + resp)
+    dev.wait_connected(timeout=15)
+
+    dev.dump_monitor()
+    dev.request("REAUTHENTICATE")
+    ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5)
+    if ev is None:
+        raise Exception("EAP reauthentication did not succeed")
+    ev = dev.wait_event(["WPA: Key negotiation completed"], timeout=5)
+    if ev is None:
+        raise Exception("Key negotiation did not complete")
+    dev.dump_monitor()
+
+def test_ap_wpa2_eap_ttls_eap_sim_ext(dev, apdev):
+    """WPA2-Enterprise connection using EAP-TTLS/EAP-SIM and external GSM auth"""
+    check_hlr_auc_gw_support()
+    try:
+        run_ap_wpa2_eap_ttls_eap_sim_ext(dev, apdev)
+    finally:
+        dev[0].request("SET external_sim 0")
+
+def run_ap_wpa2_eap_ttls_eap_sim_ext(dev, apdev):
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hapd = hostapd.add_ap(apdev[0], params)
+    dev[0].request("SET external_sim 1")
+    dev[0].connect("test-wpa2-eap", eap="TTLS", key_mgmt="WPA-EAP",
+                   identity="1232010000000000",
+                   anonymous_identity="1232010000000000@ttls",
+                   password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
+                   ca_cert="auth_serv/ca.pem", phase2="autheap=SIM",
+                   wait_connect=False, scan_freq="2412")
+    run_ext_sim_auth(dev[0])
+
+def test_ap_wpa2_eap_peap_eap_sim(dev, apdev):
+    """WPA2-Enterprise connection using EAP-PEAP/EAP-SIM"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hapd = hostapd.add_ap(apdev[0], params)
+    eap_connect(dev[0], hapd, "PEAP", "1232010000000000",
+                anonymous_identity="1232010000000000@peap",
+                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
+                ca_cert="auth_serv/ca.pem", phase2="auth=SIM")
+    eap_reauth(dev[0], "PEAP")
+
+def test_ap_wpa2_eap_peap_eap_sim_ext(dev, apdev):
+    """WPA2-Enterprise connection using EAP-PEAP/EAP-SIM and external GSM auth"""
+    check_hlr_auc_gw_support()
+    try:
+        run_ap_wpa2_eap_peap_eap_sim_ext(dev, apdev)
+    finally:
+        dev[0].request("SET external_sim 0")
+
+def run_ap_wpa2_eap_peap_eap_sim_ext(dev, apdev):
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hapd = hostapd.add_ap(apdev[0], params)
+    dev[0].request("SET external_sim 1")
+    dev[0].connect("test-wpa2-eap", eap="PEAP", key_mgmt="WPA-EAP",
+                   identity="1232010000000000",
+                   anonymous_identity="1232010000000000@peap",
+                   password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
+                   ca_cert="auth_serv/ca.pem", phase2="auth=SIM",
+                   wait_connect=False, scan_freq="2412")
+    run_ext_sim_auth(dev[0])
+
+def test_ap_wpa2_eap_fast_eap_sim(dev, apdev):
+    """WPA2-Enterprise connection using EAP-FAST/EAP-SIM"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hapd = hostapd.add_ap(apdev[0], params)
+    eap_connect(dev[0], hapd, "FAST", "1232010000000000",
+                anonymous_identity="1232010000000000@fast",
+                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
+                phase1="fast_provisioning=2",
+                pac_file="blob://fast_pac_auth_sim",
+                ca_cert="auth_serv/ca.pem", phase2="auth=SIM")
+    eap_reauth(dev[0], "FAST")
+
+def test_ap_wpa2_eap_fast_eap_sim_ext(dev, apdev):
+    """WPA2-Enterprise connection using EAP-FAST/EAP-SIM and external GSM auth"""
+    check_hlr_auc_gw_support()
+    try:
+        run_ap_wpa2_eap_fast_eap_sim_ext(dev, apdev)
+    finally:
+        dev[0].request("SET external_sim 0")
+
+def run_ap_wpa2_eap_fast_eap_sim_ext(dev, apdev):
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hapd = hostapd.add_ap(apdev[0], params)
+    dev[0].request("SET external_sim 1")
+    dev[0].connect("test-wpa2-eap", eap="PEAP", key_mgmt="WPA-EAP",
+                   identity="1232010000000000",
+                   anonymous_identity="1232010000000000@peap",
+                   password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
+                   phase1="fast_provisioning=2",
+                   pac_file="blob://fast_pac_auth_sim",
+                   ca_cert="auth_serv/ca.pem", phase2="auth=SIM",
+                   wait_connect=False, scan_freq="2412")
+    run_ext_sim_auth(dev[0])
+
 def test_ap_wpa2_eap_ttls_eap_aka(dev, apdev):
     """WPA2-Enterprise connection using EAP-TTLS/EAP-AKA"""
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")