From: Tim Kourt <tim.a.kourt@linux.intel.com>
To: iwd@lists.01.org
Subject: [PATCH 3/4] auto-t: Test PEAPv0 cryptobinding
Date: Fri, 31 Jan 2020 14:25:16 -0800 [thread overview]
Message-ID: <20200131222517.8182-3-tim.a.kourt@linux.intel.com> (raw)
In-Reply-To: <20200131222517.8182-1-tim.a.kourt@linux.intel.com>
[-- Attachment #1: Type: text/plain, Size: 9378 bytes --]
---
.../misc/secrets/eap-user-peap-v0-mschapv2.text | 4 ++
autotests/testEAP-PEAPv0-CryptoBinding/ISK_test.py | 63 ++++++++++++++++
.../testEAP-PEAPv0-CryptoBinding/NoISK_test.py | 83 ++++++++++++++++++++++
autotests/testEAP-PEAPv0-CryptoBinding/hw.conf | 9 +++
autotests/testEAP-PEAPv0-CryptoBinding/main.conf | 2 +
.../ssidEAP-PEAPv0-ISK.8021x | 12 ++++
.../ssidEAP-PEAPv0-ISK.conf | 12 ++++
.../ssidEAP-PEAPv0-NoISK.8021x | 12 ++++
.../ssidEAP-PEAPv0-NoISK.conf | 12 ++++
9 files changed, 209 insertions(+)
create mode 100644 autotests/misc/secrets/eap-user-peap-v0-mschapv2.text
create mode 100644 autotests/testEAP-PEAPv0-CryptoBinding/ISK_test.py
create mode 100644 autotests/testEAP-PEAPv0-CryptoBinding/NoISK_test.py
create mode 100644 autotests/testEAP-PEAPv0-CryptoBinding/hw.conf
create mode 100644 autotests/testEAP-PEAPv0-CryptoBinding/main.conf
create mode 100644 autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.8021x
create mode 100644 autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.conf
create mode 100644 autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.8021x
create mode 100644 autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.conf
diff --git a/autotests/misc/secrets/eap-user-peap-v0-mschapv2.text b/autotests/misc/secrets/eap-user-peap-v0-mschapv2.text
new file mode 100644
index 00000000..c91693c4
--- /dev/null
+++ b/autotests/misc/secrets/eap-user-peap-v0-mschapv2.text
@@ -0,0 +1,4 @@
+# Phase 1 users
+* PEAP [ver=0]
+# Phase 2
+"secure(a)identity.com" MSCHAPV2 "testpasswd" [2]
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/ISK_test.py b/autotests/testEAP-PEAPv0-CryptoBinding/ISK_test.py
new file mode 100644
index 00000000..7ba49384
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/ISK_test.py
@@ -0,0 +1,63 @@
+#!/usr/bin/python3
+
+import unittest
+import sys
+import time
+
+sys.path.append('../util')
+import iwd
+from iwd import IWD
+from iwd import NetworkType
+import testutil
+
+from hostapd import HostapdCLI
+from hostapd import hostapd_map
+
+class Test(unittest.TestCase):
+
+ def validate_connection(self, wd):
+ devices = wd.list_devices(1)
+ self.assertIsNotNone(devices)
+ device = devices[0]
+
+ condition = 'not obj.scanning'
+ wd.wait_for_object_condition(device, condition)
+
+ device.scan()
+
+ condition = 'not obj.scanning'
+ wd.wait_for_object_condition(device, condition)
+
+ ordered_network = device.get_ordered_network('ssidEAP-PEAPv0-ISK')
+
+ self.assertEqual(ordered_network.type, NetworkType.eap)
+
+ condition = 'not obj.connected'
+ wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+ ordered_network.network_object.connect()
+
+ condition = 'obj.connected'
+ wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+ device.disconnect()
+
+ condition = 'not obj.connected'
+ wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+
+ def test_connection_success(self):
+ wd = IWD(True)
+
+ self.validate_connection(wd)
+
+ @classmethod
+ def setUpClass(cls):
+ IWD.copy_to_storage('ssidEAP-PEAPv0-ISK.8021x')
+
+ @classmethod
+ def tearDownClass(cls):
+ IWD.clear_storage()
+
+if __name__ == '__main__':
+ unittest.main(exit=True)
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/NoISK_test.py b/autotests/testEAP-PEAPv0-CryptoBinding/NoISK_test.py
new file mode 100644
index 00000000..fde8bfc2
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/NoISK_test.py
@@ -0,0 +1,83 @@
+#!/usr/bin/python3
+
+import unittest
+import sys
+import time
+
+sys.path.append('../util')
+import iwd
+from iwd import IWD
+from iwd import NetworkType
+import testutil
+
+from hostapd import HostapdCLI
+from hostapd import hostapd_map
+
+class Test(unittest.TestCase):
+
+ def validate_connection(self, wd):
+ hostapd = None
+
+ for hostapd_if in list(hostapd_map.values()):
+ hpd = HostapdCLI(hostapd_if)
+ if hpd.get_config_value('ssid') == 'ssidEAP-PEAPv0-NoISK':
+ hostapd = hpd
+ break
+
+ self.assertIsNotNone(hostapd)
+
+ devices = wd.list_devices(1)
+ self.assertIsNotNone(devices)
+ device = devices[0]
+
+ condition = 'not obj.scanning'
+ wd.wait_for_object_condition(device, condition)
+
+ device.scan()
+
+ condition = 'not obj.scanning'
+ wd.wait_for_object_condition(device, condition)
+
+ ordered_network = device.get_ordered_network('ssidEAP-PEAPv0-NoISK')
+
+ self.assertEqual(ordered_network.type, NetworkType.eap)
+
+ condition = 'not obj.connected'
+ wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+ ordered_network.network_object.connect()
+
+ condition = 'obj.connected'
+ wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+ hostapd.eapol_reauth(device.address)
+
+ wd.wait(10)
+
+ condition = 'obj.connected'
+ wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+ testutil.test_iface_operstate()
+ testutil.test_ifaces_connected()
+
+ device.disconnect()
+
+ condition = 'not obj.connected'
+ wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+
+ def test_connection_success(self):
+ wd = IWD(True)
+
+ self.validate_connection(wd)
+
+ @classmethod
+ def setUpClass(cls):
+ IWD.copy_to_storage('ssidEAP-PEAPv0-NoISK.8021x')
+
+ @classmethod
+ def tearDownClass(cls):
+ IWD.clear_storage()
+
+if __name__ == '__main__':
+ unittest.main(exit=True)
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/hw.conf b/autotests/testEAP-PEAPv0-CryptoBinding/hw.conf
new file mode 100644
index 00000000..cceb79fb
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/hw.conf
@@ -0,0 +1,9 @@
+[SETUP]
+num_radios=3
+start_iwd=0
+max_test_exec_interval_sec=60
+tmpfs_extra_stuff=../misc/certs:../misc/secrets:main.conf
+
+[HOSTAPD]
+rad0=ssidEAP-PEAPv0-NoISK.conf
+rad1=ssidEAP-PEAPv0-ISK.conf
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/main.conf b/autotests/testEAP-PEAPv0-CryptoBinding/main.conf
new file mode 100644
index 00000000..55a5543e
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/main.conf
@@ -0,0 +1,2 @@
+[General]
+UseDefaultInterface=true
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.8021x b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.8021x
new file mode 100644
index 00000000..56eed087
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=open(a)identity.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MSCHAPV2
+EAP-PEAP-Phase2-Identity=secure(a)identity.com
+EAP-PEAP-Phase2-Password=testpasswd
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.conf b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.conf
new file mode 100644
index 00000000..c9980bd9
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.conf
@@ -0,0 +1,12 @@
+hw_mode=g
+channel=1
+ssid=ssidEAP-PEAPv0-ISK
+
+wpa=3
+wpa_key_mgmt=WPA-EAP
+ieee8021x=1
+eap_server=1
+eap_user_file=/tmp/secrets/eap-user-peap-v0-mschapv2.text
+ca_cert=/tmp/certs/cert-ca.pem
+server_cert=/tmp/certs/cert-server.pem
+private_key=/tmp/certs/cert-server-key.pem
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.8021x b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.8021x
new file mode 100644
index 00000000..382f86d0
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=open(a)identity.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MD5
+EAP-PEAP-Phase2-Identity=secure(a)identity.com
+EAP-PEAP-Phase2-Password=testpasswd
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.conf b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.conf
new file mode 100644
index 00000000..b92bb1ae
--- /dev/null
+++ b/autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.conf
@@ -0,0 +1,12 @@
+hw_mode=g
+channel=1
+ssid=ssidEAP-PEAPv0-NoISK
+
+wpa=3
+wpa_key_mgmt=WPA-EAP
+ieee8021x=1
+eap_server=1
+eap_user_file=/tmp/secrets/eap-user-peap-v0.text
+ca_cert=/tmp/certs/cert-ca.pem
+server_cert=/tmp/certs/cert-server.pem
+private_key=/tmp/certs/cert-server-key.pem
--
2.13.6
next prev parent reply other threads:[~2020-01-31 22:25 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-31 22:25 [PATCH 1/4] eap-tls-common: Address PEAPv0 interoperability with Windows Tim Kourt
2020-01-31 22:25 ` [PATCH 2/4] peap: Add inner EAP key material into imsk calculation Tim Kourt
2020-01-31 22:25 ` Tim Kourt [this message]
2020-01-31 22:25 ` [PATCH 4/4] peap: Fail auth. if invalid compound MAC is received Tim Kourt
2020-02-06 21:18 ` Denis Kenzior
2020-02-03 17:35 ` [PATCH 1/4] eap-tls-common: Address PEAPv0 interoperability with Windows Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200131222517.8182-3-tim.a.kourt@linux.intel.com \
--to=tim.a.kourt@linux.intel.com \
--cc=iwd@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox