tests: Add more EAP test cases

This increases EAP method coverage for WPA2-Enterprise to include
EAP-pwd, EAP-GPSK, EAP-SAKE, EAP-EKE, EAP-IKEv2, EAP-PAX, and EAP-PSK.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/tests/hwsim/auth_serv/eap_user.conf b/tests/hwsim/auth_serv/eap_user.conf
index 2baa278bce38d71561fc85abb535ed08280075fa..c24a996349fd33d56770c09ca5c44c67bed59260 100644 (file)
--- a/tests/hwsim/auth_serv/eap_user.conf
+++ b/tests/hwsim/auth_serv/eap_user.conf
@@ -1,3 +1,11 @@
+"pwd user"     PWD     "secret password"
+"gpsk user"    GPSK    "abcdefghijklmnop0123456789abcdef"
+"sake user"    SAKE    0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+"eke user"     EKE     "hello"
+"ikev2 user"   IKEV2   "ike password"
+"pax.user@example.com" PAX     0123456789abcdef0123456789abcdef
+"psk.user@example.com" PSK     0123456789abcdef0123456789abcdef
+
 "0"*           AKA
 "1"*           SIM
 "2"*           AKA

diff --git a/tests/hwsim/example-hostapd.config b/tests/hwsim/example-hostapd.config
index 224aec0d0cc03e4b366d8d9ebefa07071e47d2f7..89dc6a883118bf8d45217205694710ff4d7533be 100644 (file)
--- a/tests/hwsim/example-hostapd.config
+++ b/tests/hwsim/example-hostapd.config
@@ -33,6 +33,7 @@ CONFIG_EAP_UNAUTH_TLS=y
 ifeq ($(CONFIG_TLS), openssl)
 CONFIG_EAP_PWD=y
 endif
+CONFIG_EAP_EKE=y
 CONFIG_PKCS12=y
 CONFIG_RADIUS_SERVER=y
 CONFIG_IPV6=y

diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index d3c32d0591fef38e313f4e1778ab768b5b6a33f8..58a3abc44abf1de5f30e680b46155094fcea4a0c 100644 (file)
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -17,12 +17,12 @@ import hostapd
 
 def eap_connect(dev, method, identity, anonymous_identity=None, password=None,
                 phase1=None, phase2=None, ca_cert=None,
-                domain_suffix_match=None):
+                domain_suffix_match=None, password_hex=None):
     dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap=method,
                 identity=identity, anonymous_identity=anonymous_identity,
                 password=password, phase1=phase1, phase2=phase2,
                 ca_cert=ca_cert, domain_suffix_match=domain_suffix_match,
-                wait_connect=False, scan_freq="2412")
+                wait_connect=False, scan_freq="2412", password_hex=password_hex)
     ev = dev.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10)
     if ev is None:
         raise Exception("Association and EAP start timed out")
@@ -257,3 +257,49 @@ def test_ap_wpa2_eap_tls_neg_suffix_match(dev, apdev):
     ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
     if ev is None:
         raise Exception("Network block disabling not reported")
+
+def test_ap_wpa2_eap_pwd(dev, apdev):
+    """WPA2-Enterprise connection using EAP-pwd"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], "PWD", "pwd user", password="secret password")
+
+def test_ap_wpa2_eap_gpsk(dev, apdev):
+    """WPA2-Enterprise connection using EAP-GPSK"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], "GPSK", "gpsk user",
+                password="abcdefghijklmnop0123456789abcdef")
+
+def test_ap_wpa2_eap_sake(dev, apdev):
+    """WPA2-Enterprise connection using EAP-SAKE"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], "SAKE", "sake user",
+                password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")
+
+def test_ap_wpa2_eap_eke(dev, apdev):
+    """WPA2-Enterprise connection using EAP-EKE"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], "EKE", "eke user", password="hello")
+
+def test_ap_wpa2_eap_ikev2(dev, apdev):
+    """WPA2-Enterprise connection using EAP-IKEv2"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], "IKEV2", "ikev2 user", password="ike password")
+
+def test_ap_wpa2_eap_pax(dev, apdev):
+    """WPA2-Enterprise connection using EAP-PAX"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], "PAX", "pax.user@example.com",
+                password_hex="0123456789abcdef0123456789abcdef")
+
+def test_ap_wpa2_eap_psk(dev, apdev):
+    """WPA2-Enterprise connection using EAP-PSK"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], "PSK", "psk.user@example.com",
+                password_hex="0123456789abcdef0123456789abcdef")

diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py
index bb4e569a1298b8a042652eb5878fcccb80d84fbe..af38a15bbabb9854a56eaac093ac5ed0ceb15f5e 100644 (file)
--- a/tests/hwsim/wpasupplicant.py
+++ b/tests/hwsim/wpasupplicant.py
@@ -510,7 +510,7 @@ class WpaSupplicant:
                 ieee80211w=None, pairwise=None, group=None, scan_freq=None,
                 eap=None, identity=None, anonymous_identity=None,
                 password=None, phase1=None, phase2=None, ca_cert=None,
-                domain_suffix_match=None,
+                domain_suffix_match=None, password_hex=None,
                 wait_connect=True):
         logger.info("Connect STA " + self.ifname + " to AP")
         id = self.add_network()
@@ -540,6 +540,8 @@ class WpaSupplicant:
                                     anonymous_identity)
         if password:
             self.set_network_quoted(id, "password", password)
+        if password_hex:
+            self.set_network(id, "password", password_hex)
         if ca_cert:
             self.set_network_quoted(id, "ca_cert", ca_cert)
         if phase1: