From c44e49946307ed5e7737303f6a3db8958894061d Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 20 Dec 2015 11:55:18 +0200 Subject: [PATCH] tests: EAP-TTLS local error cases Signed-off-by: Jouni Malinen --- tests/hwsim/test_eap_proto.py | 106 ++++++++++++++++++++++++++++++++++ tests/hwsim/utils.py | 4 +- 2 files changed, 108 insertions(+), 2 deletions(-) diff --git a/tests/hwsim/test_eap_proto.py b/tests/hwsim/test_eap_proto.py index 50020b1e0..47a40ef94 100644 --- a/tests/hwsim/test_eap_proto.py +++ b/tests/hwsim/test_eap_proto.py @@ -6082,3 +6082,109 @@ def test_eap_proto_peap_errors(dev, apdev): wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() + +def test_eap_proto_ttls_errors(dev, apdev): + """EAP-TTLS local error cases""" + check_eap_capa(dev[0], "TTLS") + check_eap_capa(dev[0], "MSCHAPV2") + params = hostapd.wpa2_eap_params(ssid="eap-test") + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + + for i in range(1, 5): + with alloc_fail(dev[0], i, "eap_ttls_init"): + dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412", + eap="TTLS", anonymous_identity="ttls", + identity="user", password="password", + ca_cert="auth_serv/ca.pem", + phase2="autheap=MSCHAPV2", + wait_connect=False) + ev = dev[0].wait_event(["EAP: Failed to initialize EAP method"], + timeout=5) + if ev is None: + raise Exception("Timeout on EAP start") + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected() + + tests = [ (1, "eap_peer_tls_derive_key;eap_ttls_v0_derive_key", + "DOMAIN\mschapv2 user", "auth=MSCHAPV2"), + (1, "eap_peer_tls_derive_session_id;eap_ttls_v0_derive_key", + "DOMAIN\mschapv2 user", "auth=MSCHAPV2"), + (1, "wpabuf_alloc;eap_ttls_phase2_request_mschapv2", + "DOMAIN\mschapv2 user", "auth=MSCHAPV2"), + (1, "eap_peer_tls_derive_key;eap_ttls_phase2_request_mschapv2", + "DOMAIN\mschapv2 user", "auth=MSCHAPV2"), + (1, "eap_peer_tls_encrypt;eap_ttls_encrypt_response;eap_ttls_implicit_identity_request", + "DOMAIN\mschapv2 user", "auth=MSCHAPV2"), + (1, "eap_peer_tls_decrypt;eap_ttls_decrypt", + "DOMAIN\mschapv2 user", "auth=MSCHAPV2"), + (1, "eap_ttls_getKey", + "DOMAIN\mschapv2 user", "auth=MSCHAPV2"), + (1, "eap_ttls_get_session_id", + "DOMAIN\mschapv2 user", "auth=MSCHAPV2"), + (1, "eap_ttls_get_emsk", + "DOMAIN\mschapv2 user", "auth=MSCHAPV2"), + (1, "wpabuf_alloc;eap_ttls_phase2_request_mschap", + "mschap user", "auth=MSCHAP"), + (1, "eap_peer_tls_derive_key;eap_ttls_phase2_request_mschap", + "mschap user", "auth=MSCHAP"), + (1, "wpabuf_alloc;eap_ttls_phase2_request_chap", + "chap user", "auth=CHAP"), + (1, "eap_peer_tls_derive_key;eap_ttls_phase2_request_chap", + "chap user", "auth=CHAP"), + (1, "wpabuf_alloc;eap_ttls_phase2_request_pap", + "pap user", "auth=PAP"), + (1, "wpabuf_alloc;eap_ttls_avp_encapsulate", + "user", "autheap=MSCHAPV2"), + (1, "eap_mschapv2_init;eap_ttls_phase2_request_eap_method", + "user", "autheap=MSCHAPV2"), + (1, "eap_sm_buildIdentity;eap_ttls_phase2_request_eap", + "user", "autheap=MSCHAPV2"), + (1, "eap_ttls_avp_encapsulate;eap_ttls_phase2_request_eap", + "user", "autheap=MSCHAPV2"), + (1, "eap_ttls_parse_attr_eap", + "user", "autheap=MSCHAPV2"), + (1, "eap_peer_tls_encrypt;eap_ttls_encrypt_response;eap_ttls_process_decrypted", + "user", "autheap=MSCHAPV2"), + (1, "eap_ttls_fake_identity_request", + "user", "autheap=MSCHAPV2"), + (1, "eap_msg_alloc;eap_tls_process_output", + "user", "autheap=MSCHAPV2"), + (1, "eap_msg_alloc;eap_peer_tls_build_ack", + "user", "autheap=MSCHAPV2"), + (1, "tls_connection_decrypt;eap_peer_tls_decrypt", + "user", "autheap=MSCHAPV2"), + (1, "eap_peer_tls_phase2_nak;eap_ttls_phase2_request_eap_method", + "cert user", "autheap=MSCHAPV2") ] + for count, func, identity, phase2 in tests: + with alloc_fail(dev[0], count, func): + dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412", + eap="TTLS", anonymous_identity="ttls", + identity=identity, password="password", + ca_cert="auth_serv/ca.pem", phase2=phase2, + erp="1", wait_connect=False) + ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], + timeout=15) + if ev is None: + raise Exception("Timeout on EAP start") + wait_fail_trigger(dev[0], "GET_ALLOC_FAIL", + note="Allocation failure not triggered for: %d:%s" % (count, func)) + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected() + + tests = [ (1, "os_get_random;eap_ttls_phase2_request_mschapv2"), + (1, "mschapv2_derive_response;eap_ttls_phase2_request_mschapv2") ] + for count, func in tests: + with fail_test(dev[0], count, func): + dev[0].connect("eap-test", key_mgmt="WPA-EAP", scan_freq="2412", + eap="TTLS", anonymous_identity="ttls", + identity="DOMAIN\mschapv2 user", password="password", + ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2", + erp="1", wait_connect=False) + ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], + timeout=15) + if ev is None: + raise Exception("Timeout on EAP start") + wait_fail_trigger(dev[0], "GET_FAIL", + note="Test failure not triggered for: %d:%s" % (count, func)) + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected() diff --git a/tests/hwsim/utils.py b/tests/hwsim/utils.py index 9cdd4bca6..1661b202f 100644 --- a/tests/hwsim/utils.py +++ b/tests/hwsim/utils.py @@ -51,12 +51,12 @@ class fail_test(object): if self._dev.request("GET_FAIL") != "0:%s" % self._funcs: raise Exception("Test failure did not trigger") -def wait_fail_trigger(dev, cmd): +def wait_fail_trigger(dev, cmd, note="Failure not triggered"): for i in range(0, 40): if dev.request(cmd).startswith("0:"): break if i == 39: - raise Exception("Failure not triggered") + raise Exception(note) time.sleep(0.05) def require_under_vm(): -- 2.47.2