Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

tests: Verify WPA-Enterprise functionality

All the previous EAP test cases were using WPA2-Enterprise.

Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen 11 years ago
parent
910d2ca7c1
commit
71390dc87e
2 changed files with 31 additions and 5 deletions
Split View Show Diff Stats
  1. 10 0
      tests/hwsim/hostapd.py
  2. 21 5
      tests/hwsim/test_ap_eap.py

+ 10 - 0
tests/hwsim/hostapd.py
View File 

@@ -282,6 +282,16 @@ def radius_params():
 
                "nas_identifier": "nas.w1.fi" }
 
     return params
 
 
+def wpa_eap_params(ssid=None):
 
+    params = radius_params()
 
+    params["wpa"] = "1"
 
+    params["wpa_key_mgmt"] = "WPA-EAP"
 
+    params["wpa_pairwise"] = "TKIP"
 
+    params["ieee8021x"] = "1"
 
+    if ssid:
 
+        params["ssid"] = ssid
 
+    return params
 
+
 
 def wpa2_eap_params(ssid=None):
 
     params = radius_params()
 
     params["wpa"] = "2"

+ 21 - 5
tests/hwsim/test_ap_eap.py
View File 

@@ -27,7 +27,7 @@ def eap_connect(dev, method, identity, anonymous_identity=None, password=None,
 
                 client_cert=client_cert, private_key=private_key)
 
     eap_check_auth(dev, method, True)
 
 
-def eap_check_auth(dev, method, initial):
 
+def eap_check_auth(dev, method, initial, rsn=True):
 
     ev = dev.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10)
 
     if ev is None:
 
         raise Exception("Association and EAP start timed out")
 
@@ -61,12 +61,16 @@ def eap_check_auth(dev, method, initial):
 
         raise Exception("Port not authorized")
 
     if method not in status["selectedMethod"]:
 
         raise Exception("Incorrect EAP method status")
 
-    if status["key_mgmt"] != "WPA2/IEEE 802.1X/EAP":
 
-        raise Exception("Unexpected key_mgmt status")
 
+    if rsn:
 
+        e = "WPA2/IEEE 802.1X/EAP"
 
+    else:
 
+        e = "WPA/IEEE 802.1X/EAP"
 
+    if status["key_mgmt"] != e:
 
+        raise Exception("Unexpected key_mgmt status: " + status["key_mgmt"])
 
 
-def eap_reauth(dev, method):
 
+def eap_reauth(dev, method, rsn=True):
 
     dev.request("REAUTHENTICATE")
 
-    eap_check_auth(dev, method, False)
 
+    eap_check_auth(dev, method, False, rsn=rsn)
 
 
 def test_ap_wpa2_eap_sim(dev, apdev):
 
     """WPA2-Enterprise connection using EAP-SIM"""
 
@@ -361,3 +365,15 @@ def test_ap_wpa2_eap_psk(dev, apdev):
 
     eap_connect(dev[0], "PSK", "psk.user@example.com",
 
                 password_hex="0123456789abcdef0123456789abcdef")
 
     eap_reauth(dev[0], "PSK")
 
+
 
+def test_ap_wpa_eap_peap_eap_mschapv2(dev, apdev):
 
+    """WPA-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2"""
 
+    params = hostapd.wpa_eap_params(ssid="test-wpa-eap")
 
+    hostapd.add_ap(apdev[0]['ifname'], params)
 
+    dev[0].connect("test-wpa-eap", key_mgmt="WPA-EAP", eap="PEAP",
 
+                   identity="user", password="password", phase2="auth=MSCHAPV2",
 
+                   ca_cert="auth_serv/ca.pem", wait_connect=False,
 
+                   scan_freq="2412")
 
+    eap_check_auth(dev[0], "PEAP", True, rsn=False)
 
+    hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
 
+    eap_reauth(dev[0], "PEAP", rsn=False)