mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 02:44:03 -05:00
tests: Skip EAP-pwd and EAP-FAST test cases if not supported
Check wpa_supplicant EAP capability and skip EAP-pwd and EAP-FAST test cases if the build did not include support for these. This is cleaner than reporting failures for such test cases when the selected TLS library does not support the EAP method. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
1068bdb90c
commit
3b51cc6359
@ -1,6 +1,6 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# WPA2-Enterprise tests
|
||||
# Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
|
||||
# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
|
||||
#
|
||||
# This software may be distributed under the terms of the BSD license.
|
||||
# See README for more details.
|
||||
@ -22,6 +22,11 @@ def check_hlr_auc_gw_support():
|
||||
if not os.path.exists("/tmp/hlr_auc_gw.sock"):
|
||||
raise HwsimSkip("No hlr_auc_gw available")
|
||||
|
||||
def check_eap_capa(dev, method):
|
||||
res = dev.get_capability("eap")
|
||||
if method not in res:
|
||||
raise HwsimSkip("EAP method %s not supported in the build" % method)
|
||||
|
||||
def read_pem(fname):
|
||||
with open(fname, "r") as f:
|
||||
lines = f.readlines()
|
||||
@ -951,6 +956,7 @@ def test_ap_wpa2_eap_peap_eap_aka(dev, apdev):
|
||||
|
||||
def test_ap_wpa2_eap_fast_eap_aka(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-FAST/EAP-AKA"""
|
||||
check_eap_capa(dev[0], "FAST")
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], apdev[0], "FAST", "0232010000000000",
|
||||
@ -1497,6 +1503,7 @@ def test_ap_wpa2_eap_ttls_server_cert_hash_invalid(dev, apdev):
|
||||
|
||||
def test_ap_wpa2_eap_pwd(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-pwd"""
|
||||
check_eap_capa(dev[0], "PWD")
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], apdev[0], "PWD", "pwd user", password="secret password")
|
||||
@ -1519,6 +1526,7 @@ def test_ap_wpa2_eap_pwd(dev, apdev):
|
||||
|
||||
def test_ap_wpa2_eap_pwd_groups(dev, apdev):
|
||||
"""WPA2-Enterprise connection using various EAP-pwd groups"""
|
||||
check_eap_capa(dev[0], "PWD")
|
||||
params = { "ssid": "test-wpa2-eap", "wpa": "2", "wpa_key_mgmt": "WPA-EAP",
|
||||
"rsn_pairwise": "CCMP", "ieee8021x": "1",
|
||||
"eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf" }
|
||||
@ -1530,6 +1538,7 @@ def test_ap_wpa2_eap_pwd_groups(dev, apdev):
|
||||
|
||||
def test_ap_wpa2_eap_pwd_invalid_group(dev, apdev):
|
||||
"""WPA2-Enterprise connection using invalid EAP-pwd group"""
|
||||
check_eap_capa(dev[0], "PWD")
|
||||
params = { "ssid": "test-wpa2-eap", "wpa": "2", "wpa_key_mgmt": "WPA-EAP",
|
||||
"rsn_pairwise": "CCMP", "ieee8021x": "1",
|
||||
"eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf" }
|
||||
@ -1544,6 +1553,7 @@ def test_ap_wpa2_eap_pwd_invalid_group(dev, apdev):
|
||||
|
||||
def test_ap_wpa2_eap_pwd_as_frag(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-pwd with server fragmentation"""
|
||||
check_eap_capa(dev[0], "PWD")
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
params = { "ssid": "test-wpa2-eap", "wpa": "2", "wpa_key_mgmt": "WPA-EAP",
|
||||
"rsn_pairwise": "CCMP", "ieee8021x": "1",
|
||||
@ -1753,6 +1763,7 @@ def test_ap_wpa2_eap_vendor_test(dev, apdev):
|
||||
|
||||
def test_ap_wpa2_eap_fast_mschapv2_unauth_prov(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-FAST/MSCHAPv2 and unauthenticated provisioning"""
|
||||
check_eap_capa(dev[0], "FAST")
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], apdev[0], "FAST", "user",
|
||||
@ -1766,6 +1777,7 @@ def test_ap_wpa2_eap_fast_mschapv2_unauth_prov(dev, apdev):
|
||||
|
||||
def test_ap_wpa2_eap_fast_pac_file(dev, apdev, params):
|
||||
"""WPA2-Enterprise connection using EAP-FAST/MSCHAPv2 and PAC file"""
|
||||
check_eap_capa(dev[0], "FAST")
|
||||
pac_file = os.path.join(params['logdir'], "fast.pac")
|
||||
pac_file2 = os.path.join(params['logdir'], "fast-bin.pac")
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
@ -1805,6 +1817,7 @@ def test_ap_wpa2_eap_fast_pac_file(dev, apdev, params):
|
||||
|
||||
def test_ap_wpa2_eap_fast_binary_pac(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-FAST and binary PAC format"""
|
||||
check_eap_capa(dev[0], "FAST")
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], apdev[0], "FAST", "user",
|
||||
@ -1818,6 +1831,7 @@ def test_ap_wpa2_eap_fast_binary_pac(dev, apdev):
|
||||
|
||||
def test_ap_wpa2_eap_fast_missing_pac_config(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-FAST and missing PAC config"""
|
||||
check_eap_capa(dev[0], "FAST")
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
|
||||
@ -1843,6 +1857,7 @@ def test_ap_wpa2_eap_fast_missing_pac_config(dev, apdev):
|
||||
|
||||
def test_ap_wpa2_eap_fast_gtc_auth_prov(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-FAST/GTC and authenticated provisioning"""
|
||||
check_eap_capa(dev[0], "FAST")
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], apdev[0], "FAST", "user",
|
||||
|
@ -1,5 +1,5 @@
|
||||
# Hotspot 2.0 tests
|
||||
# Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
|
||||
# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
|
||||
#
|
||||
# This software may be distributed under the terms of the BSD license.
|
||||
# See README for more details.
|
||||
@ -20,6 +20,7 @@ from utils import HwsimSkip
|
||||
import hwsim_utils
|
||||
from wlantest import Wlantest
|
||||
from wpasupplicant import WpaSupplicant
|
||||
from test_ap_eap import check_eap_capa
|
||||
|
||||
def hs20_ap_params(ssid="test-hs20"):
|
||||
params = hostapd.wpa2_params(ssid=ssid)
|
||||
@ -662,10 +663,12 @@ def test_ap_hs20_eap_ttls_unknown(dev, apdev):
|
||||
|
||||
def test_ap_hs20_eap_fast_mschapv2(dev, apdev):
|
||||
"""Hotspot 2.0 connection with FAST/EAP-MSCHAPV2"""
|
||||
check_eap_capa(dev[0], "FAST")
|
||||
eap_test(dev[0], apdev[0], "43[3:26]", "FAST", "user")
|
||||
|
||||
def test_ap_hs20_eap_fast_gtc(dev, apdev):
|
||||
"""Hotspot 2.0 connection with FAST/EAP-GTC"""
|
||||
check_eap_capa(dev[0], "FAST")
|
||||
eap_test(dev[0], apdev[0], "43[3:6]", "FAST", "user")
|
||||
|
||||
def test_ap_hs20_eap_tls(dev, apdev):
|
||||
|
@ -1,5 +1,5 @@
|
||||
# EAP Re-authentication Protocol (ERP) tests
|
||||
# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
|
||||
# Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
|
||||
#
|
||||
# This software may be distributed under the terms of the BSD license.
|
||||
# See README for more details.
|
||||
@ -191,9 +191,12 @@ def test_erp_radius_eap_methods(dev, apdev):
|
||||
# TODO: EKE getSession
|
||||
#erp_test(dev[0], hapd, eap="EKE", identity="erp-eke@example.com",
|
||||
# password="hello")
|
||||
erp_test(dev[0], hapd, eap="FAST", identity="erp-fast@example.com",
|
||||
password="password", ca_cert="auth_serv/ca.pem", phase2="auth=GTC",
|
||||
phase1="fast_provisioning=2", pac_file="blob://fast_pac_auth_erp")
|
||||
if "FAST" in dev[0].get_capability("eap"):
|
||||
erp_test(dev[0], hapd, eap="FAST", identity="erp-fast@example.com",
|
||||
password="password", ca_cert="auth_serv/ca.pem",
|
||||
phase2="auth=GTC",
|
||||
phase1="fast_provisioning=2",
|
||||
pac_file="blob://fast_pac_auth_erp")
|
||||
erp_test(dev[0], hapd, eap="GPSK", identity="erp-gpsk@example.com",
|
||||
password="abcdefghijklmnop0123456789abcdef")
|
||||
erp_test(dev[0], hapd, eap="IKEV2", identity="erp-ikev2@example.com",
|
||||
@ -206,8 +209,9 @@ def test_erp_radius_eap_methods(dev, apdev):
|
||||
# phase2="auth=MSCHAPV2")
|
||||
erp_test(dev[0], hapd, eap="PSK", identity="erp-psk@example.com",
|
||||
password_hex="0123456789abcdef0123456789abcdef")
|
||||
erp_test(dev[0], hapd, eap="PWD", identity="erp-pwd@example.com",
|
||||
password="secret password")
|
||||
if "PWD" in dev[0].get_capability("eap"):
|
||||
erp_test(dev[0], hapd, eap="PWD", identity="erp-pwd@example.com",
|
||||
password="secret password")
|
||||
erp_test(dev[0], hapd, eap="SAKE", identity="erp-sake@example.com",
|
||||
password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")
|
||||
erp_test(dev[0], hapd, eap="SIM", identity="1232010000000000@example.com",
|
||||
|
@ -9,7 +9,7 @@ import os.path
|
||||
|
||||
import hostapd
|
||||
from utils import HwsimSkip
|
||||
from test_ap_eap import int_eap_server_params
|
||||
from test_ap_eap import int_eap_server_params, check_eap_capa
|
||||
|
||||
def test_tnc_peap_soh(dev, apdev):
|
||||
"""TNC PEAP-SoH"""
|
||||
@ -60,6 +60,7 @@ def test_tnc_ttls(dev, apdev):
|
||||
|
||||
def test_tnc_fast(dev, apdev):
|
||||
"""TNC FAST"""
|
||||
check_eap_capa(dev[0], "FAST")
|
||||
params = int_eap_server_params()
|
||||
params["tnc"] = "1"
|
||||
params["pac_opaque_encr_key"] ="000102030405060708090a0b0c0d0e00"
|
||||
|
Loading…
Reference in New Issue
Block a user