tests: EAP-GTC server error cases

In addition, no-password-configured coverage extended to EAP-MD5 and
EAP-MSCHAPv2 as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests/hwsim/auth_serv/eap_user.conf

@@ -84,6 +84,8 @@ radius_accept_attr=27:d:3
 "utf8-user-hash"	TTLS-MSCHAPV2	hash:bd5844fad2489992da7fe8c5a01559cf	[2]
 
 "user"	MSCHAPV2,MD5,GTC	"password"	[2]
+"user2"	MSCHAPV2,MD5,GTC	"password"	[2]
+"user-no-passwd"	MSCHAPV2,MD5,GTC	[2]
 "cert user"	TLS	[2]
 
 "hs20-deauth-test"	TTLS-MSCHAPV2	"password"	[2]

tests/hwsim/test_ap_eap.py

@@ -906,6 +906,48 @@ def test_ap_wpa2_eap_ttls_eap_gtc(dev, apdev):
     hwsim_utils.test_connectivity(dev[0], hapd)
     eap_reauth(dev[0], "TTLS")
 
+def test_ap_wpa2_eap_ttls_eap_gtc_incorrect_password(dev, apdev):
+    """WPA2-Enterprise connection using EAP-TTLS/EAP-GTC - incorrect password"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], apdev[0], "TTLS", "user",
+                anonymous_identity="ttls", password="wrong",
+                ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
+                expect_failure=True)
+
+def test_ap_wpa2_eap_ttls_eap_gtc_no_password(dev, apdev):
+    """WPA2-Enterprise connection using EAP-TTLS/EAP-GTC - no password"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], apdev[0], "TTLS", "user-no-passwd",
+                anonymous_identity="ttls", password="password",
+                ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
+                expect_failure=True)
+
+def test_ap_wpa2_eap_ttls_eap_gtc_server_oom(dev, apdev):
+    """WPA2-Enterprise connection using EAP-TTLS/EAP-GTC - server OOM"""
+    params = int_eap_server_params()
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+    with alloc_fail(hapd, 1, "eap_gtc_init"):
+        eap_connect(dev[0], apdev[0], "TTLS", "user",
+                    anonymous_identity="ttls", password="password",
+                    ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
+                    expect_failure=True)
+        dev[0].request("REMOVE_NETWORK all")
+
+    with alloc_fail(hapd, 1, "eap_gtc_buildReq"):
+        dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
+                       eap="TTLS", identity="user",
+                       anonymous_identity="ttls", password="password",
+                       ca_cert="auth_serv/ca.pem", phase2="autheap=GTC",
+                       wait_connect=False, scan_freq="2412")
+        # This would eventually time out, but we can stop after having reached
+        # the allocation failure.
+        for i in range(20):
+            time.sleep(0.1)
+            if hapd.request("GET_ALLOC_FAIL").startswith('0'):
+                break
+
 def test_ap_wpa2_eap_ttls_eap_md5(dev, apdev):
     """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5"""
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
@@ -925,6 +967,15 @@ def test_ap_wpa2_eap_ttls_eap_md5_incorrect_password(dev, apdev):
                 ca_cert="auth_serv/ca.pem", phase2="autheap=MD5",
                 expect_failure=True)
 
+def test_ap_wpa2_eap_ttls_eap_md5_no_password(dev, apdev):
+    """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5 - no password"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], apdev[0], "TTLS", "user-no-passwd",
+                anonymous_identity="ttls", password="password",
+                ca_cert="auth_serv/ca.pem", phase2="autheap=MD5",
+                expect_failure=True)
+
 def test_ap_wpa2_eap_ttls_eap_md5_server_oom(dev, apdev):
     """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5 - server OOM"""
     params = int_eap_server_params()
@@ -966,6 +1017,15 @@ def test_ap_wpa2_eap_ttls_eap_mschapv2(dev, apdev):
                 ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2",
                 expect_failure=True)
 
+def test_ap_wpa2_eap_ttls_eap_mschapv2_no_password(dev, apdev):
+    """WPA2-Enterprise connection using EAP-TTLS/EAP-MSCHAPv2 - no password"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], apdev[0], "TTLS", "user-no-passwd",
+                anonymous_identity="ttls", password="password",
+                ca_cert="auth_serv/ca.pem", phase2="autheap=MSCHAPV2",
+                expect_failure=True)
+
 def test_ap_wpa2_eap_ttls_eap_aka(dev, apdev):
     """WPA2-Enterprise connection using EAP-TTLS/EAP-AKA"""
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
@@ -1981,6 +2041,26 @@ def test_ap_wpa2_eap_fast_gtc_auth_prov(dev, apdev):
     if res['tls_session_reused'] != '1':
         raise Exception("EAP-FAST could not use PAC session ticket")
 
+def test_ap_wpa2_eap_fast_gtc_identity_change(dev, apdev):
+    """WPA2-Enterprise connection using EAP-FAST/GTC and identity changing"""
+    check_eap_capa(dev[0], "FAST")
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+    id = eap_connect(dev[0], apdev[0], "FAST", "user",
+                     anonymous_identity="FAST", password="password",
+                     ca_cert="auth_serv/ca.pem", phase2="auth=GTC",
+                     phase1="fast_provisioning=2",
+                     pac_file="blob://fast_pac_auth")
+    dev[0].set_network_quoted(id, "identity", "user2")
+    dev[0].wait_disconnected()
+    ev = dev[0].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
+    if ev is None:
+        raise Exception("EAP-FAST not started")
+    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
+    if ev is None:
+        raise Exception("EAP failure not reported")
+    dev[0].wait_disconnected()
+
 def test_ap_wpa2_eap_tls_ocsp(dev, apdev):
     """WPA2-Enterprise connection using EAP-TLS and verifying OCSP"""
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")