From 5e7d89349f2daf519b6ba1b35c6d2167624e317a Mon Sep 17 00:00:00 2001
From: Nick Porter <nick@portercomputing.co.uk>
Date: Thu, 14 Aug 2025 08:48:45 +0100
Subject: [PATCH] Add tests of rlm_dpsk auth

---
 src/tests/modules/all.mk           |  3 ++-
 src/tests/modules/dpsk/all.mk      |  3 +++
 src/tests/modules/dpsk/data.attrs  | 14 ++++++++++++++
 src/tests/modules/dpsk/data.unlang |  4 ++++
 src/tests/modules/dpsk/module.conf | 10 ++++++++++
 src/tests/modules/dpsk/pmk.attrs   | 11 +++++++++++
 src/tests/modules/dpsk/pmk.unlang  |  5 +++++
 src/tests/modules/dpsk/policy.conf | 16 ++++++++++++++++
 src/tests/modules/dpsk/psk.attrs   | 14 ++++++++++++++
 src/tests/modules/dpsk/psk.unlang  |  5 +++++
 src/tests/modules/dpsk/psks        |  4 ++++
 11 files changed, 88 insertions(+), 1 deletion(-)
 create mode 100644 src/tests/modules/dpsk/all.mk
 create mode 100644 src/tests/modules/dpsk/data.attrs
 create mode 100644 src/tests/modules/dpsk/data.unlang
 create mode 100644 src/tests/modules/dpsk/module.conf
 create mode 100644 src/tests/modules/dpsk/pmk.attrs
 create mode 100644 src/tests/modules/dpsk/pmk.unlang
 create mode 100644 src/tests/modules/dpsk/policy.conf
 create mode 100644 src/tests/modules/dpsk/psk.attrs
 create mode 100644 src/tests/modules/dpsk/psk.unlang
 create mode 100644 src/tests/modules/dpsk/psks

diff --git a/src/tests/modules/all.mk b/src/tests/modules/all.mk
index 7847528f57..bba4e982ef 100644
--- a/src/tests/modules/all.mk
+++ b/src/tests/modules/all.mk
@@ -37,10 +37,11 @@ ifneq "$(RUN_SLOW_TESTS)" "1"
 endif
 
 #
-#  Don't run crl tests if there's no SSL
+#  Don't run crl or dpsk tests if there's no SSL
 #
 ifeq "$(OPENSSL_LIBS)" ""
   FILES_SKIP += $(filter crl/%,$(FILES))
+  FILES_SKIP += $(filter dpsk/%,$(FILES))
 endif
 
 #
diff --git a/src/tests/modules/dpsk/all.mk b/src/tests/modules/dpsk/all.mk
new file mode 100644
index 0000000000..8bb0750536
--- /dev/null
+++ b/src/tests/modules/dpsk/all.mk
@@ -0,0 +1,3 @@
+#
+#  Test the "dpsk" module
+#
diff --git a/src/tests/modules/dpsk/data.attrs b/src/tests/modules/dpsk/data.attrs
new file mode 100644
index 0000000000..4012c86823
--- /dev/null
+++ b/src/tests/modules/dpsk/data.attrs
@@ -0,0 +1,14 @@
+Packet-Type = Access-Request
+User-Name = '8ab3a0ebd5e5'
+User-Password = '8ab3a0ebd5e5'
+NAS-IP-Address = 127.0.0.1
+Called-Station-Id = '34:ef:b6:af:48:9e:Andrena_39_Lincoln'
+Calling-Station-Id = '8a:b3:a0:eb:d5:e5'
+NAS-Identifier = '34efb6af489e'
+Extended-Attribute-5.Extended-Vendor-Specific-5.FreeRADIUS.802_1X-Anonce = 0x4df70a4285c5c61f177cdbfc29d7e3cac94167f6101f1bcab420dd50c4f8809d
+Extended-Attribute-5.Extended-Vendor-Specific-5.FreeRADIUS.802_1X-EAPoL-Key-Msg = 0x0203007502010a00100000000000000001c3bb319516614aacfb44e933bf1671131fb1856e5b2721952d414ce3f5aa312b000000000000000000000000000000000000000000000000000000000000000035cddcedad0dfb6a12a2eca55c17c323001630140100000fac040100000fac040100000fac028c00
+
+# and the response
+Packet-Type == Access-Accept
+PSK-Identity == 'test2'
+Pre-Shared-Key == 'Pancakes1124'
diff --git a/src/tests/modules/dpsk/data.unlang b/src/tests/modules/dpsk/data.unlang
new file mode 100644
index 0000000000..96952b1c1c
--- /dev/null
+++ b/src/tests/modules/dpsk/data.unlang
@@ -0,0 +1,4 @@
+# Test dpsk fetching the PSK from a data file
+rewrite_called_station_id
+dpsk_data.authenticate
+test_pass
diff --git a/src/tests/modules/dpsk/module.conf b/src/tests/modules/dpsk/module.conf
new file mode 100644
index 0000000000..c508c06c30
--- /dev/null
+++ b/src/tests/modules/dpsk/module.conf
@@ -0,0 +1,10 @@
+dpsk {
+	cache_size = 10
+	cache_lifetime = 5s
+}
+
+dpsk dpsk_data {
+	cache_size = 10
+	cache_lifetime = 5s
+	filename = "$ENV{MODULE_TEST_DIR}/psks"
+}
diff --git a/src/tests/modules/dpsk/pmk.attrs b/src/tests/modules/dpsk/pmk.attrs
new file mode 100644
index 0000000000..aa66a8e385
--- /dev/null
+++ b/src/tests/modules/dpsk/pmk.attrs
@@ -0,0 +1,11 @@
+Packet-Type = Access-Request
+User-Name = 'cae78dfa6504'
+User-Password = 'cae78dfa6504'
+Called-Station-Id = '5c:df:89:11:3b:3c:SSID'
+Calling-Station-Id = 'ca:e7:8d:fa:65:04'
+Extended-Attribute-5.Extended-Vendor-Specific-5.FreeRADIUS.802_1X-Anonce = 0x43426fd6469d4254eb0d5ba449eb9895360894f1948cece9196751336d4c5daf
+Extended-Attribute-5.Extended-Vendor-Specific-5.FreeRADIUS.802_1X-EAPoL-Key-Msg = 0x0103007502010a00000000000000000001b16a8514b84d7843e53754f5c9131cb203fbe8277dbf216d6e87fd6e30b0577a0000000000000000000000000000000000000000000000000000000000000000dc81aec5a05ee8aa21a52947041fd2fc001630140100000fac040100000fac040100000fac028000
+Class = 0xd6175aed517504c40b8831d7ce7b7d1fe24c65ce0f92c2816ca14ba7acb47b13
+
+# and the response
+Packet-Type == Access-Accept
diff --git a/src/tests/modules/dpsk/pmk.unlang b/src/tests/modules/dpsk/pmk.unlang
new file mode 100644
index 0000000000..7b778a3a73
--- /dev/null
+++ b/src/tests/modules/dpsk/pmk.unlang
@@ -0,0 +1,5 @@
+# Test dpsk using a know pairwise master key - provided in Class
+rewrite_called_station_id
+control.Pairwise-Master-Key := Class
+dpsk.authenticate
+test_pass
diff --git a/src/tests/modules/dpsk/policy.conf b/src/tests/modules/dpsk/policy.conf
new file mode 100644
index 0000000000..39e9634942
--- /dev/null
+++ b/src/tests/modules/dpsk/policy.conf
@@ -0,0 +1,16 @@
+mac-addr-regexp = '([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})'
+
+rewrite_called_station_id {
+	if (Called-Station-Id && (Called-Station-Id =~ /^${policy.mac-addr-regexp}([^0-9a-f](.+))?$/i)) {
+		request.Called-Station-Id := %str.upper("%{1}-%{2}-%{3}-%{4}-%{5}-%{6}")
+		request.Called-Station-MAC := %bin("%{1}%{2}%{3}%{4}%{5}%{6}")
+		if (%{8}) {
+			request.Called-Station-SSID := %{8}
+		}
+		updated
+	}
+	else {
+		noop
+	}
+}
+
diff --git a/src/tests/modules/dpsk/psk.attrs b/src/tests/modules/dpsk/psk.attrs
new file mode 100644
index 0000000000..3175c12ff5
--- /dev/null
+++ b/src/tests/modules/dpsk/psk.attrs
@@ -0,0 +1,14 @@
+Packet-Type = Access-Request
+User-Name = '8ab3a0ebd5e5'
+User-Password = '8ab3a0ebd5e5'
+NAS-IP-Address = 127.0.0.1
+Called-Station-Id = '34:ef:b6:af:48:9e:Andrena_39_Lincoln'
+Calling-Station-Id = '8a:b3:a0:eb:d5:e5'
+NAS-Identifier = '34efb6af489e'
+Extended-Attribute-5.Extended-Vendor-Specific-5.FreeRADIUS.802_1X-Anonce = 0x4df70a4285c5c61f177cdbfc29d7e3cac94167f6101f1bcab420dd50c4f8809d
+Extended-Attribute-5.Extended-Vendor-Specific-5.FreeRADIUS.802_1X-EAPoL-Key-Msg = 0x0203007502010a00100000000000000001c3bb319516614aacfb44e933bf1671131fb1856e5b2721952d414ce3f5aa312b000000000000000000000000000000000000000000000000000000000000000035cddcedad0dfb6a12a2eca55c17c323001630140100000fac040100000fac040100000fac028c00
+Filter-ID = 'Pancakes1124'
+
+# and the response
+Packet-Type == Access-Accept
+Pre-Shared-Key == 'Pancakes1124'
diff --git a/src/tests/modules/dpsk/psk.unlang b/src/tests/modules/dpsk/psk.unlang
new file mode 100644
index 0000000000..7fef1e6871
--- /dev/null
+++ b/src/tests/modules/dpsk/psk.unlang
@@ -0,0 +1,5 @@
+# Test dpks using a know pre shared key - provided in Filter-Id
+rewrite_called_station_id
+control.Pre-Shared-Key := Filter-Id
+dpsk.authenticate
+test_pass
diff --git a/src/tests/modules/dpsk/psks b/src/tests/modules/dpsk/psks
new file mode 100644
index 0000000000..a40a78733d
--- /dev/null
+++ b/src/tests/modules/dpsk/psks
@@ -0,0 +1,4 @@
+"test1","Hello there"
+test1.1,"Pancakes1124",aabbccddeeff
+"test2",Pancakes1124
+test3,other
-- 
2.47.3