]> git.ipfire.org Git - thirdparty/hostap.git/blame - tests/hwsim/test_ap_eap.py
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
EAP-pwd peer: Allow fragmentation limit to be configured
[thirdparty/hostap.git] / tests / hwsim / test_ap_eap.py
CommitLineData
9626962d
JM		 1#!/usr/bin/python
2#
3# WPA2-Enterprise tests
bce774ad 4# Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
9626962d
JM		 5#
6# This software may be distributed under the terms of the BSD license.
7# See README for more details.
8
9import time
10import subprocess
11import logging
c9aa4308 12logger = logging.getLogger()
0d4c5494 13import os.path
9626962d
JM		 14
15import hwsim_utils
16import hostapd
17
cb33ee14
JM		 18def eap_connect(dev, ap, method, identity, anonymous_identity=None,
19 password=None,
72c052d5 20 phase1=None, phase2=None, ca_cert=None,
e114c49c 21 domain_suffix_match=None, password_hex=None,
2b005194 22 client_cert=None, private_key=None, sha256=False):
cb33ee14 23 hapd = hostapd.Hostapd(ap['ifname'])
2bb9e283
JM		 24 id = dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
25 eap=method, identity=identity,
26 anonymous_identity=anonymous_identity,
27 password=password, phase1=phase1, phase2=phase2,
28 ca_cert=ca_cert, domain_suffix_match=domain_suffix_match,
29 wait_connect=False, scan_freq="2412",
30 password_hex=password_hex,
31 client_cert=client_cert, private_key=private_key,
32 ieee80211w="1")
2b005194 33 eap_check_auth(dev, method, True, sha256=sha256)
cb33ee14
JM		 34 ev = hapd.wait_event([ "AP-STA-CONNECTED" ], timeout=5)
35 if ev is None:
36 raise Exception("No connection event received from hostapd")
2bb9e283 37 return id
75b2b9cf 38
2b005194 39def eap_check_auth(dev, method, initial, rsn=True, sha256=False):
9626962d
JM		 40 ev = dev.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10)
41 if ev is None:
42 raise Exception("Association and EAP start timed out")
43 ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=10)
44 if ev is None:
45 raise Exception("EAP method selection timed out")
46 if method not in ev:
47 raise Exception("Unexpected EAP method")
48 ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
49 if ev is None:
50 raise Exception("EAP success timed out")
9626962d 51
75b2b9cf
JM		 52 if initial:
53 ev = dev.wait_event(["CTRL-EVENT-CONNECTED"], timeout=10)
75b2b9cf 54 else:
bce774ad
JM		 55 ev = dev.wait_event(["WPA: Key negotiation completed"], timeout=10)
56 if ev is None:
57 raise Exception("Association with the AP timed out")
58 status = dev.get_status()
59 if status["wpa_state"] != "COMPLETED":
60 raise Exception("Connection not completed")
75b2b9cf 61
9626962d
JM		 62 if status["suppPortStatus"] != "Authorized":
63 raise Exception("Port not authorized")
64 if method not in status["selectedMethod"]:
65 raise Exception("Incorrect EAP method status")
2b005194
JM		 66 if sha256:
67 e = "WPA2-EAP-SHA256"
68 elif rsn:
71390dc8
JM		 69 e = "WPA2/IEEE 802.1X/EAP"
70 else:
71 e = "WPA/IEEE 802.1X/EAP"
72 if status["key_mgmt"] != e:
73 raise Exception("Unexpected key_mgmt status: " + status["key_mgmt"])
9626962d 74
2b005194 75def eap_reauth(dev, method, rsn=True, sha256=False):
75b2b9cf 76 dev.request("REAUTHENTICATE")
2b005194 77 eap_check_auth(dev, method, False, rsn=rsn, sha256=sha256)
75b2b9cf 78
9626962d
JM		 79def test_ap_wpa2_eap_sim(dev, apdev):
80 """WPA2-Enterprise connection using EAP-SIM"""
0d4c5494
JM		 81 if not os.path.exists("/tmp/hlr_auc_gw.sock"):
82 logger.info("No hlr_auc_gw available");
83 return "skip"
9626962d
JM		 84 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
85 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 86 eap_connect(dev[0], apdev[0], "SIM", "1232010000000000",
9626962d
JM		 87 password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
88 hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
75b2b9cf 89 eap_reauth(dev[0], "SIM")
9626962d
JM		 90
91def test_ap_wpa2_eap_aka(dev, apdev):
92 """WPA2-Enterprise connection using EAP-AKA"""
0d4c5494
JM		 93 if not os.path.exists("/tmp/hlr_auc_gw.sock"):
94 logger.info("No hlr_auc_gw available");
95 return "skip"
9626962d
JM		 96 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
97 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 98 eap_connect(dev[0], apdev[0], "AKA", "0232010000000000",
9626962d
JM		 99 password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
100 hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
75b2b9cf 101 eap_reauth(dev[0], "AKA")
9626962d
JM		 102
103def test_ap_wpa2_eap_aka_prime(dev, apdev):
104 """WPA2-Enterprise connection using EAP-AKA'"""
0d4c5494
JM		 105 if not os.path.exists("/tmp/hlr_auc_gw.sock"):
106 logger.info("No hlr_auc_gw available");
107 return "skip"
9626962d
JM		 108 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
109 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 110 eap_connect(dev[0], apdev[0], "AKA'", "6555444333222111",
9626962d
JM		 111 password="5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123")
112 hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
75b2b9cf 113 eap_reauth(dev[0], "AKA'")
9626962d
JM		 114
115def test_ap_wpa2_eap_ttls_pap(dev, apdev):
116 """WPA2-Enterprise connection using EAP-TTLS/PAP"""
117 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
118 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 119 eap_connect(dev[0], apdev[0], "TTLS", "pap user",
9626962d
JM		 120 anonymous_identity="ttls", password="password",
121 ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
122 hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
75b2b9cf 123 eap_reauth(dev[0], "TTLS")
9626962d
JM		 124
125def test_ap_wpa2_eap_ttls_chap(dev, apdev):
126 """WPA2-Enterprise connection using EAP-TTLS/CHAP"""
127 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
128 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 129 eap_connect(dev[0], apdev[0], "TTLS", "chap user",
9626962d
JM		 130 anonymous_identity="ttls", password="password",
131 ca_cert="auth_serv/ca.pem", phase2="auth=CHAP")
132 hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
75b2b9cf 133 eap_reauth(dev[0], "TTLS")
9626962d
JM		 134
135def test_ap_wpa2_eap_ttls_mschap(dev, apdev):
136 """WPA2-Enterprise connection using EAP-TTLS/MSCHAP"""
137 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
138 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 139 eap_connect(dev[0], apdev[0], "TTLS", "mschap user",
9626962d 140 anonymous_identity="ttls", password="password",
72c052d5
JM		 141 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
142 domain_suffix_match="server.w1.fi")
9626962d 143 hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
75b2b9cf 144 eap_reauth(dev[0], "TTLS")
9626962d
JM		 145
146def test_ap_wpa2_eap_ttls_mschapv2(dev, apdev):
147 """WPA2-Enterprise connection using EAP-TTLS/MSCHAPv2"""
148 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
149 hostapd.add_ap(apdev[0]['ifname'], params)
5dec879d 150 hapd = hostapd.Hostapd(apdev[0]['ifname'])
cb33ee14 151 eap_connect(dev[0], apdev[0], "TTLS", "DOMAIN\mschapv2 user",
9626962d 152 anonymous_identity="ttls", password="password",
72c052d5
JM		 153 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
154 domain_suffix_match="w1.fi")
9626962d 155 hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
5dec879d
JM		 156 sta1 = hapd.get_sta(dev[0].p2p_interface_addr())
157 eapol1 = hapd.get_sta(dev[0].p2p_interface_addr(), info="eapol")
75b2b9cf 158 eap_reauth(dev[0], "TTLS")
5dec879d
JM		 159 sta2 = hapd.get_sta(dev[0].p2p_interface_addr())
160 eapol2 = hapd.get_sta(dev[0].p2p_interface_addr(), info="eapol")
161 if int(sta2['dot1xAuthEapolFramesRx']) <= int(sta1['dot1xAuthEapolFramesRx']):
162 raise Exception("dot1xAuthEapolFramesRx did not increase")
163 if int(eapol2['authAuthEapStartsWhileAuthenticated']) < 1:
164 raise Exception("authAuthEapStartsWhileAuthenticated did not increase")
165 if int(eapol2['backendAuthSuccesses']) <= int(eapol1['backendAuthSuccesses']):
166 raise Exception("backendAuthSuccesses did not increase")
9626962d
JM		 167
168def test_ap_wpa2_eap_ttls_eap_gtc(dev, apdev):
169 """WPA2-Enterprise connection using EAP-TTLS/EAP-GTC"""
170 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
171 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 172 eap_connect(dev[0], apdev[0], "TTLS", "user",
9626962d
JM		 173 anonymous_identity="ttls", password="password",
174 ca_cert="auth_serv/ca.pem", phase2="autheap=GTC")
175 hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
75b2b9cf 176 eap_reauth(dev[0], "TTLS")
9626962d
JM		 177
178def test_ap_wpa2_eap_ttls_eap_md5(dev, apdev):
179 """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5"""
180 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
181 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 182 eap_connect(dev[0], apdev[0], "TTLS", "user",
9626962d
JM		 183 anonymous_identity="ttls", password="password",
184 ca_cert="auth_serv/ca.pem", phase2="autheap=MD5")
185 hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
75b2b9cf 186 eap_reauth(dev[0], "TTLS")
9626962d
JM		 187
188def test_ap_wpa2_eap_ttls_eap_mschapv2(dev, apdev):
189 """WPA2-Enterprise connection using EAP-TTLS/EAP-MSCHAPv2"""
190 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
191 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 192 eap_connect(dev[0], apdev[0], "TTLS", "user",
9626962d
JM		 193 anonymous_identity="ttls", password="password",
194 ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2")
195 hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
75b2b9cf 196 eap_reauth(dev[0], "TTLS")
9626962d
JM		 197
198def test_ap_wpa2_eap_peap_eap_mschapv2(dev, apdev):
199 """WPA2-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2"""
200 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
201 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 202 eap_connect(dev[0], apdev[0], "PEAP", "user",
698f8324 203 anonymous_identity="peap", password="password",
9626962d
JM		 204 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
205 hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
75b2b9cf 206 eap_reauth(dev[0], "PEAP")
c7afc078 207
698f8324
JM		 208def test_ap_wpa2_eap_peap_crypto_binding(dev, apdev):
209 """WPA2-Enterprise connection using EAP-PEAPv0/EAP-MSCHAPv2 and crypto binding"""
210 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
211 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 212 eap_connect(dev[0], apdev[0], "PEAP", "user", password="password",
698f8324
JM		 213 ca_cert="auth_serv/ca.pem",
214 phase1="peapver=0 crypto_binding=2",
215 phase2="auth=MSCHAPV2")
216 hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
75b2b9cf 217 eap_reauth(dev[0], "PEAP")
698f8324 218
e114c49c
JM		 219def test_ap_wpa2_eap_tls(dev, apdev):
220 """WPA2-Enterprise connection using EAP-TLS"""
221 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
222 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 223 eap_connect(dev[0], apdev[0], "TLS", "tls user", ca_cert="auth_serv/ca.pem",
e114c49c
JM		 224 client_cert="auth_serv/user.pem",
225 private_key="auth_serv/user.key")
75b2b9cf 226 eap_reauth(dev[0], "TLS")
e114c49c 227
c7afc078
JM		 228def test_ap_wpa2_eap_tls_neg_incorrect_trust_root(dev, apdev):
229 """WPA2-Enterprise negative test - incorrect trust root"""
230 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
231 hostapd.add_ap(apdev[0]['ifname'], params)
232 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
233 identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
234 password="password", phase2="auth=MSCHAPV2",
235 ca_cert="auth_serv/ca-incorrect.pem",
c65f23ab 236 wait_connect=False, scan_freq="2412")
c7afc078
JM		 237
238 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10)
239 if ev is None:
240 raise Exception("Association and EAP start timed out")
241
242 ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=10)
243 if ev is None:
244 raise Exception("EAP method selection timed out")
245 if "TTLS" not in ev:
246 raise Exception("Unexpected EAP method")
247
248 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR",
249 "CTRL-EVENT-EAP-SUCCESS",
250 "CTRL-EVENT-EAP-FAILURE",
251 "CTRL-EVENT-CONNECTED",
252 "CTRL-EVENT-DISCONNECTED"], timeout=10)
253 if ev is None:
254 raise Exception("EAP result timed out")
255 if "CTRL-EVENT-EAP-TLS-CERT-ERROR" not in ev:
256 raise Exception("TLS certificate error not reported")
257
258 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS",
259 "CTRL-EVENT-EAP-FAILURE",
260 "CTRL-EVENT-CONNECTED",
261 "CTRL-EVENT-DISCONNECTED"], timeout=10)
262 if ev is None:
263 raise Exception("EAP result(2) timed out")
264 if "CTRL-EVENT-EAP-FAILURE" not in ev:
265 raise Exception("EAP failure not reported")
266
267 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
268 "CTRL-EVENT-DISCONNECTED"], timeout=10)
269 if ev is None:
270 raise Exception("EAP result(3) timed out")
271 if "CTRL-EVENT-DISCONNECTED" not in ev:
272 raise Exception("Disconnection not reported")
273
274 ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
275 if ev is None:
276 raise Exception("Network block disabling not reported")
72c052d5
JM		 277
278def test_ap_wpa2_eap_tls_neg_suffix_match(dev, apdev):
279 """WPA2-Enterprise negative test - domain suffix mismatch"""
280 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
281 hostapd.add_ap(apdev[0]['ifname'], params)
282 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
283 identity="DOMAIN\mschapv2 user", anonymous_identity="ttls",
284 password="password", phase2="auth=MSCHAPV2",
285 ca_cert="auth_serv/ca.pem",
286 domain_suffix_match="incorrect.example.com",
c65f23ab 287 wait_connect=False, scan_freq="2412")
72c052d5
JM		 288
289 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10)
290 if ev is None:
291 raise Exception("Association and EAP start timed out")
292
293 ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=10)
294 if ev is None:
295 raise Exception("EAP method selection timed out")
296 if "TTLS" not in ev:
297 raise Exception("Unexpected EAP method")
298
299 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR",
300 "CTRL-EVENT-EAP-SUCCESS",
301 "CTRL-EVENT-EAP-FAILURE",
302 "CTRL-EVENT-CONNECTED",
303 "CTRL-EVENT-DISCONNECTED"], timeout=10)
304 if ev is None:
305 raise Exception("EAP result timed out")
306 if "CTRL-EVENT-EAP-TLS-CERT-ERROR" not in ev:
307 raise Exception("TLS certificate error not reported")
308 if "Domain suffix mismatch" not in ev:
309 raise Exception("Domain suffix mismatch not reported")
310
311 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS",
312 "CTRL-EVENT-EAP-FAILURE",
313 "CTRL-EVENT-CONNECTED",
314 "CTRL-EVENT-DISCONNECTED"], timeout=10)
315 if ev is None:
316 raise Exception("EAP result(2) timed out")
317 if "CTRL-EVENT-EAP-FAILURE" not in ev:
318 raise Exception("EAP failure not reported")
319
320 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
321 "CTRL-EVENT-DISCONNECTED"], timeout=10)
322 if ev is None:
323 raise Exception("EAP result(3) timed out")
324 if "CTRL-EVENT-DISCONNECTED" not in ev:
325 raise Exception("Disconnection not reported")
326
327 ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
328 if ev is None:
329 raise Exception("Network block disabling not reported")
22b99086
JM		 330
331def test_ap_wpa2_eap_pwd(dev, apdev):
332 """WPA2-Enterprise connection using EAP-pwd"""
333 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
334 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 335 eap_connect(dev[0], apdev[0], "PWD", "pwd user", password="secret password")
75b2b9cf 336 eap_reauth(dev[0], "PWD")
22b99086
JM		 337
338def test_ap_wpa2_eap_gpsk(dev, apdev):
339 """WPA2-Enterprise connection using EAP-GPSK"""
340 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
341 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 342 id = eap_connect(dev[0], apdev[0], "GPSK", "gpsk user",
369f9c20 343 password="abcdefghijklmnop0123456789abcdef")
75b2b9cf 344 eap_reauth(dev[0], "GPSK")
22b99086 345
369f9c20
JM		 346 logger.info("Test forced algorithm selection")
347 for phase1 in [ "cipher=1", "cipher=2" ]:
348 dev[0].set_network_quoted(id, "phase1", phase1)
349 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
350 if ev is None:
351 raise Exception("EAP success timed out")
352 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=10)
353 if ev is None:
354 raise Exception("Association with the AP timed out")
355
356 logger.info("Test failed algorithm negotiation")
357 dev[0].set_network_quoted(id, "phase1", "cipher=9")
358 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
359 if ev is None:
360 raise Exception("EAP failure timed out")
361
22b99086
JM		 362def test_ap_wpa2_eap_sake(dev, apdev):
363 """WPA2-Enterprise connection using EAP-SAKE"""
364 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
365 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 366 eap_connect(dev[0], apdev[0], "SAKE", "sake user",
22b99086 367 password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")
75b2b9cf 368 eap_reauth(dev[0], "SAKE")
22b99086
JM		 369
370def test_ap_wpa2_eap_eke(dev, apdev):
371 """WPA2-Enterprise connection using EAP-EKE"""
372 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
373 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 374 id = eap_connect(dev[0], apdev[0], "EKE", "eke user", password="hello")
75b2b9cf 375 eap_reauth(dev[0], "EKE")
22b99086 376
2bb9e283
JM		 377 logger.info("Test forced algorithm selection")
378 for phase1 in [ "dhgroup=5 encr=1 prf=2 mac=2",
379 "dhgroup=4 encr=1 prf=2 mac=2",
380 "dhgroup=3 encr=1 prf=2 mac=2",
381 "dhgroup=3 encr=1 prf=1 mac=1" ]:
382 dev[0].set_network_quoted(id, "phase1", phase1)
383 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
384 if ev is None:
385 raise Exception("EAP success timed out")
386 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=10)
387 if ev is None:
388 raise Exception("Association with the AP timed out")
389
390 logger.info("Test failed algorithm negotiation")
391 dev[0].set_network_quoted(id, "phase1", "dhgroup=9 encr=9 prf=9 mac=9")
392 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
393 if ev is None:
394 raise Exception("EAP failure timed out")
395
22b99086
JM		 396def test_ap_wpa2_eap_ikev2(dev, apdev):
397 """WPA2-Enterprise connection using EAP-IKEv2"""
398 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
399 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14
JM		 400 eap_connect(dev[0], apdev[0], "IKEV2", "ikev2 user",
401 password="ike password")
75b2b9cf 402 eap_reauth(dev[0], "IKEV2")
22b99086
JM		 403
404def test_ap_wpa2_eap_pax(dev, apdev):
405 """WPA2-Enterprise connection using EAP-PAX"""
406 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
407 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 408 eap_connect(dev[0], apdev[0], "PAX", "pax.user@example.com",
22b99086 409 password_hex="0123456789abcdef0123456789abcdef")
75b2b9cf 410 eap_reauth(dev[0], "PAX")
22b99086
JM		 411
412def test_ap_wpa2_eap_psk(dev, apdev):
413 """WPA2-Enterprise connection using EAP-PSK"""
414 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
2b005194
JM		 415 params["wpa_key_mgmt"] = "WPA-EAP-SHA256"
416 params["ieee80211w"] = "2"
22b99086 417 hostapd.add_ap(apdev[0]['ifname'], params)
cb33ee14 418 eap_connect(dev[0], apdev[0], "PSK", "psk.user@example.com",
2b005194
JM		 419 password_hex="0123456789abcdef0123456789abcdef", sha256=True)
420 eap_reauth(dev[0], "PSK", sha256=True)
71390dc8
JM		 421
422def test_ap_wpa_eap_peap_eap_mschapv2(dev, apdev):
423 """WPA-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2"""
424 params = hostapd.wpa_eap_params(ssid="test-wpa-eap")
425 hostapd.add_ap(apdev[0]['ifname'], params)
426 dev[0].connect("test-wpa-eap", key_mgmt="WPA-EAP", eap="PEAP",
427 identity="user", password="password", phase2="auth=MSCHAPV2",
428 ca_cert="auth_serv/ca.pem", wait_connect=False,
429 scan_freq="2412")
430 eap_check_auth(dev[0], "PEAP", True, rsn=False)
431 hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
432 eap_reauth(dev[0], "PEAP", rsn=False)
40759604
JM		 433
434def test_ap_wpa2_eap_interactive(dev, apdev):
435 """WPA2-Enterprise connection using interactive identity/password entry"""
436 params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
437 hostapd.add_ap(apdev[0]['ifname'], params)
438 hapd = hostapd.Hostapd(apdev[0]['ifname'])
439
440 tests = [ ("Connection with dynamic TTLS/MSCHAPv2 password entry",
441 "TTLS", "ttls", "DOMAIN\mschapv2 user", "auth=MSCHAPV2",
442 None, "password"),
443 ("Connection with dynamic TTLS/MSCHAPv2 identity and password entry",
444 "TTLS", "ttls", None, "auth=MSCHAPV2",
445 "DOMAIN\mschapv2 user", "password"),
446 ("Connection with dynamic TTLS/EAP-MSCHAPv2 password entry",
447 "TTLS", "ttls", "user", "autheap=MSCHAPV2", None, "password"),
448 ("Connection with dynamic TTLS/EAP-MD5 password entry",
449 "TTLS", "ttls", "user", "autheap=MD5", None, "password"),
450 ("Connection with dynamic PEAP/EAP-MSCHAPv2 password entry",
451 "PEAP", None, "user", "auth=MSCHAPV2", None, "password"),
452 ("Connection with dynamic PEAP/EAP-GTC password entry",
453 "PEAP", None, "user", "auth=GTC", None, "password") ]
454 for [desc,eap,anon,identity,phase2,req_id,req_pw] in tests:
455 logger.info(desc)
456 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap=eap,
457 anonymous_identity=anon, identity=identity,
458 ca_cert="auth_serv/ca.pem", phase2=phase2,
459 wait_connect=False, scan_freq="2412")
460 if req_id:
461 ev = dev[0].wait_event(["CTRL-REQ-IDENTITY"])
462 if ev is None:
463 raise Exception("Request for identity timed out")
464 id = ev.split(':')[0].split('-')[-1]
465 dev[0].request("CTRL-RSP-IDENTITY-" + id + ":" + req_id)
466 ev = dev[0].wait_event(["CTRL-REQ-PASSWORD","CTRL-REQ-OTP"])
467 if ev is None:
468 raise Exception("Request for password timed out")
469 id = ev.split(':')[0].split('-')[-1]
470 type = "OTP" if "CTRL-REQ-OTP" in ev else "PASSWORD"
471 dev[0].request("CTRL-RSP-" + type + "-" + id + ":" + req_pw)
472 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=10)
473 if ev is None:
474 raise Exception("Connection timed out")
475 dev[0].request("REMOVE_NETWORK all")
Unnamed repository; edit this file 'description' to name the repository.