auto-t: Test PEAPv0 cryptobinding

author: Tim Kourt <tim.a.kourt@linux.intel.com> 2020-01-31 14:25:16 -0800
committer: Denis Kenzior <denkenz@gmail.com> 2020-02-03 11:34:29 -0600
commit: 40ad8be1136355d7ced9f79a59d81e9ad12de92c (patch)
tree: 5b32f761c7869ca183027e05b6591cda81971271
parent: dc4b7e327e91b86596a045e9271498d65fa8741a (diff)
download: iwd-40ad8be1136355d7ced9f79a59d81e9ad12de92c.tar.gz
9 files changed, 209 insertions, 0 deletions
diff --git a/autotests/misc/secrets/eap-user-peap-v0-mschapv2.text b/autotests/misc/secrets/eap-user-peap-v0-mschapv2.text
new file mode 100644
index 000000000..c91693c4e
--- /dev/null
+++ b/autotests/misc/secrets/eap-user-peap-v0-mschapv2.text
@@ -0,0 +1,4 @@
+# Phase 1 users
+* PEAP [ver=0]
+# Phase 2
+"secure@identity.com" MSCHAPV2 "testpasswd" [2]
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/ISK_test.py b/autotests/testEAP-PEAPv0-CryptoBinding/ISK_test.py
new file mode 100644
index 000000000..7ba493849
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/ISK_test.py
@@ -0,0 +1,63 @@
+#!/usr/bin/python3
+
+import unittest
+import sys
+import time
+
+sys.path.append('../util')
+import iwd
+from iwd import IWD
+from iwd import NetworkType
+import testutil
+
+from hostapd import HostapdCLI
+from hostapd import hostapd_map
+
+class Test(unittest.TestCase):
+
+    def validate_connection(self, wd):
+        devices = wd.list_devices(1)
+        self.assertIsNotNone(devices)
+        device = devices[0]
+
+        condition = 'not obj.scanning'
+        wd.wait_for_object_condition(device, condition)
+
+        device.scan()
+
+        condition = 'not obj.scanning'
+        wd.wait_for_object_condition(device, condition)
+
+        ordered_network = device.get_ordered_network('ssidEAP-PEAPv0-ISK')
+
+        self.assertEqual(ordered_network.type, NetworkType.eap)
+
+        condition = 'not obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+        ordered_network.network_object.connect()
+
+        condition = 'obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+        device.disconnect()
+
+        condition = 'not obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+
+    def test_connection_success(self):
+        wd = IWD(True)
+
+        self.validate_connection(wd)
+
+    @classmethod
+    def setUpClass(cls):
+        IWD.copy_to_storage('ssidEAP-PEAPv0-ISK.8021x')
+
+    @classmethod
+    def tearDownClass(cls):
+        IWD.clear_storage()
+
+if __name__ == '__main__':
+    unittest.main(exit=True)
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/NoISK_test.py b/autotests/testEAP-PEAPv0-CryptoBinding/NoISK_test.py
new file mode 100644
index 000000000..fde8bfc27
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/NoISK_test.py
@@ -0,0 +1,83 @@
+#!/usr/bin/python3
+
+import unittest
+import sys
+import time
+
+sys.path.append('../util')
+import iwd
+from iwd import IWD
+from iwd import NetworkType
+import testutil
+
+from hostapd import HostapdCLI
+from hostapd import hostapd_map
+
+class Test(unittest.TestCase):
+
+    def validate_connection(self, wd):
+        hostapd = None
+
+        for hostapd_if in list(hostapd_map.values()):
+            hpd = HostapdCLI(hostapd_if)
+            if hpd.get_config_value('ssid') == 'ssidEAP-PEAPv0-NoISK':
+                hostapd = hpd
+                break
+
+        self.assertIsNotNone(hostapd)
+
+        devices = wd.list_devices(1)
+        self.assertIsNotNone(devices)
+        device = devices[0]
+
+        condition = 'not obj.scanning'
+        wd.wait_for_object_condition(device, condition)
+
+        device.scan()
+
+        condition = 'not obj.scanning'
+        wd.wait_for_object_condition(device, condition)
+
+        ordered_network = device.get_ordered_network('ssidEAP-PEAPv0-NoISK')
+
+        self.assertEqual(ordered_network.type, NetworkType.eap)
+
+        condition = 'not obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+        ordered_network.network_object.connect()
+
+        condition = 'obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+        hostapd.eapol_reauth(device.address)
+
+        wd.wait(10)
+
+        condition = 'obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+        testutil.test_iface_operstate()
+        testutil.test_ifaces_connected()
+
+        device.disconnect()
+
+        condition = 'not obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+
+    def test_connection_success(self):
+        wd = IWD(True)
+
+        self.validate_connection(wd)
+
+    @classmethod
+    def setUpClass(cls):
+        IWD.copy_to_storage('ssidEAP-PEAPv0-NoISK.8021x')
+
+    @classmethod
+    def tearDownClass(cls):
+        IWD.clear_storage()
+
+if __name__ == '__main__':
+    unittest.main(exit=True)
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/hw.conf b/autotests/testEAP-PEAPv0-CryptoBinding/hw.conf
new file mode 100644
index 000000000..cceb79fba
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/hw.conf
@@ -0,0 +1,9 @@
+[SETUP]
+num_radios=3
+start_iwd=0
+max_test_exec_interval_sec=60
+tmpfs_extra_stuff=../misc/certs:../misc/secrets:main.conf
+
+[HOSTAPD]
+rad0=ssidEAP-PEAPv0-NoISK.conf
+rad1=ssidEAP-PEAPv0-ISK.conf
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/main.conf b/autotests/testEAP-PEAPv0-CryptoBinding/main.conf
new file mode 100644
index 000000000..55a5543eb
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/main.conf
@@ -0,0 +1,2 @@
+[General]
+UseDefaultInterface=true
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.8021x b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.8021x
new file mode 100644
index 000000000..56eed0876
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=open@identity.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MSCHAPV2
+EAP-PEAP-Phase2-Identity=secure@identity.com
+EAP-PEAP-Phase2-Password=testpasswd
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.conf b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.conf
new file mode 100644
index 000000000..c9980bd9e
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.conf
@@ -0,0 +1,12 @@
+hw_mode=g
+channel=1
+ssid=ssidEAP-PEAPv0-ISK
+
+wpa=3
+wpa_key_mgmt=WPA-EAP
+ieee8021x=1
+eap_server=1
+eap_user_file=/tmp/secrets/eap-user-peap-v0-mschapv2.text
+ca_cert=/tmp/certs/cert-ca.pem
+server_cert=/tmp/certs/cert-server.pem
+private_key=/tmp/certs/cert-server-key.pem
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.8021x b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.8021x
new file mode 100644
index 000000000..382f86d0d
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=open@identity.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MD5
+EAP-PEAP-Phase2-Identity=secure@identity.com
+EAP-PEAP-Phase2-Password=testpasswd
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.conf b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.conf
new file mode 100644
index 000000000..b92bb1ae4
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.conf
@@ -0,0 +1,12 @@
+hw_mode=g
+channel=1
+ssid=ssidEAP-PEAPv0-NoISK
+
+wpa=3
+wpa_key_mgmt=WPA-EAP
+ieee8021x=1
+eap_server=1
+eap_user_file=/tmp/secrets/eap-user-peap-v0.text
+ca_cert=/tmp/certs/cert-ca.pem
+server_cert=/tmp/certs/cert-server.pem
+private_key=/tmp/certs/cert-server-key.pem
author	Tim Kourt <tim.a.kourt@linux.intel.com>	2020-01-31 14:25:16 -0800
committer	Denis Kenzior <denkenz@gmail.com>	2020-02-03 11:34:29 -0600
commit	40ad8be1136355d7ced9f79a59d81e9ad12de92c (patch)
tree	5b32f761c7869ca183027e05b6591cda81971271
parent	dc4b7e327e91b86596a045e9271498d65fa8741a (diff)
download	iwd-40ad8be1136355d7ced9f79a59d81e9ad12de92c.tar.gz