aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2016-02-01 22:24:50 (GMT)
committerJouni Malinen <j@w1.fi>2016-02-01 22:39:39 (GMT)
commita89faedc2255b2e0d1eae5093cd6e859bb39e1a2 (patch)
tree363753bfc8ec3d03f85f5598957328110d835057
parentd4af4d275af5506956ac77dc8ae26a8141289172 (diff)
downloadhostap-a89faedc2255b2e0d1eae5093cd6e859bb39e1a2.zip
hostap-a89faedc2255b2e0d1eae5093cd6e859bb39e1a2.tar.gz
hostap-a89faedc2255b2e0d1eae5093cd6e859bb39e1a2.tar.bz2
tests: EAP-TLS error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--tests/hwsim/test_ap_eap.py91
-rw-r--r--tests/hwsim/wpasupplicant.py3
2 files changed, 93 insertions, 1 deletions
diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index ca05ba8..bfd101b 100644
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -5406,3 +5406,94 @@ def run_ext_cert_check(dev, apdev, net_id):
raise Exception("EAP-Failure not reported")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected()
+
+def test_eap_tls_errors(dev, apdev):
+ """EAP-TLS error cases"""
+ params = int_eap_server_params()
+ params['fragment_size'] = '100'
+ hostapd.add_ap(apdev[0]['ifname'], params)
+ with alloc_fail(dev[0], 1,
+ "eap_peer_tls_reassemble_fragment"):
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
+ identity="tls user", ca_cert="auth_serv/ca.pem",
+ client_cert="auth_serv/user.pem",
+ private_key="auth_serv/user.key",
+ wait_connect=False, scan_freq="2412")
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+
+ with alloc_fail(dev[0], 1, "eap_tls_init"):
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
+ identity="tls user", ca_cert="auth_serv/ca.pem",
+ client_cert="auth_serv/user.pem",
+ private_key="auth_serv/user.key",
+ wait_connect=False, scan_freq="2412")
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+
+ with alloc_fail(dev[0], 1, "eap_peer_tls_ssl_init"):
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
+ identity="tls user", ca_cert="auth_serv/ca.pem",
+ client_cert="auth_serv/user.pem",
+ private_key="auth_serv/user.key",
+ engine="1",
+ wait_connect=False, scan_freq="2412")
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ ev = dev[0].wait_event(["CTRL-REQ-PIN"], timeout=5)
+ if ev is None:
+ raise Exception("No CTRL-REQ-PIN seen")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+
+ tests = [ "eap_peer_tls_derive_key;eap_tls_success",
+ "eap_peer_tls_derive_session_id;eap_tls_success",
+ "eap_tls_getKey",
+ "eap_tls_get_emsk",
+ "eap_tls_get_session_id" ]
+ for func in tests:
+ with alloc_fail(dev[0], 1, func):
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
+ identity="tls user", ca_cert="auth_serv/ca.pem",
+ client_cert="auth_serv/user.pem",
+ private_key="auth_serv/user.key",
+ erp="1",
+ wait_connect=False, scan_freq="2412")
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+
+ with alloc_fail(dev[0], 1, "eap_unauth_tls_init"):
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="UNAUTH-TLS",
+ identity="unauth-tls", ca_cert="auth_serv/ca.pem",
+ wait_connect=False, scan_freq="2412")
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+
+ with alloc_fail(dev[0], 1, "eap_peer_tls_ssl_init;eap_unauth_tls_init"):
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="UNAUTH-TLS",
+ identity="unauth-tls", ca_cert="auth_serv/ca.pem",
+ wait_connect=False, scan_freq="2412")
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+
+ with alloc_fail(dev[0], 1, "eap_wfa_unauth_tls_init"):
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
+ eap="WFA-UNAUTH-TLS",
+ identity="osen@example.com", ca_cert="auth_serv/ca.pem",
+ wait_connect=False, scan_freq="2412")
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+
+ with alloc_fail(dev[0], 1, "eap_peer_tls_ssl_init;eap_wfa_unauth_tls_init"):
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
+ eap="WFA-UNAUTH-TLS",
+ identity="osen@example.com", ca_cert="auth_serv/ca.pem",
+ wait_connect=False, scan_freq="2412")
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py
index da90ffd..13a93ec 100644
--- a/tests/hwsim/wpasupplicant.py
+++ b/tests/hwsim/wpasupplicant.py
@@ -900,7 +900,8 @@ class WpaSupplicant:
"disable_ht40", "disable_sgi", "disable_ldpc",
"ht40_intolerant", "update_identifier", "mac_addr",
"erp", "bg_scan_period", "bssid_blacklist",
- "bssid_whitelist", "mem_only_psk", "eap_workaround" ]
+ "bssid_whitelist", "mem_only_psk", "eap_workaround",
+ "engine" ]
for field in not_quoted:
if field in kwargs and kwargs[field]:
self.set_network(id, field, kwargs[field])