1# -*- coding: utf-8 -*- 2# TNC tests 3# Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi> 4# 5# This software may be distributed under the terms of the BSD license. 6# See README for more details. 7 8import os.path 9 10import hostapd 11from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger 12from test_ap_eap import int_eap_server_params, check_eap_capa 13 14def test_tnc_peap_soh(dev, apdev): 15 """TNC PEAP-SoH""" 16 params = int_eap_server_params() 17 params["tnc"] = "1" 18 hostapd.add_ap(apdev[0], params) 19 20 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", 21 eap="PEAP", identity="user", password="password", 22 ca_cert="auth_serv/ca.pem", 23 phase1="peapver=0 tnc=soh cryptobinding=0", 24 phase2="auth=MSCHAPV2", 25 scan_freq="2412", wait_connect=False) 26 dev[0].wait_connected(timeout=10) 27 28 dev[1].connect("test-wpa2-eap", key_mgmt="WPA-EAP", 29 eap="PEAP", identity="user", password="password", 30 ca_cert="auth_serv/ca.pem", 31 phase1="peapver=0 tnc=soh1 cryptobinding=1", 32 phase2="auth=MSCHAPV2", 33 scan_freq="2412", wait_connect=False) 34 dev[1].wait_connected(timeout=10) 35 36 dev[2].connect("test-wpa2-eap", key_mgmt="WPA-EAP", 37 eap="PEAP", identity="user", password="password", 38 ca_cert="auth_serv/ca.pem", 39 phase1="peapver=0 tnc=soh2 cryptobinding=2", 40 phase2="auth=MSCHAPV2", 41 scan_freq="2412", wait_connect=False) 42 dev[2].wait_connected(timeout=10) 43 44def test_tnc_peap_soh_errors(dev, apdev): 45 """TNC PEAP-SoH local error cases""" 46 params = int_eap_server_params() 47 params["tnc"] = "1" 48 hostapd.add_ap(apdev[0], params) 49 50 tests = [(1, "tncc_build_soh"), 51 (1, "eap_msg_alloc;=eap_peap_phase2_request")] 52 for count, func in tests: 53 with alloc_fail(dev[0], count, func): 54 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", 55 eap="PEAP", identity="user", password="password", 56 ca_cert="auth_serv/ca.pem", 57 phase1="peapver=0 tnc=soh cryptobinding=0", 58 phase2="auth=MSCHAPV2", 59 scan_freq="2412", wait_connect=False) 60 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") 61 dev[0].request("REMOVE_NETWORK all") 62 dev[0].wait_disconnected() 63 64 with fail_test(dev[0], 1, "os_get_random;tncc_build_soh"): 65 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", 66 eap="PEAP", identity="user", password="password", 67 ca_cert="auth_serv/ca.pem", 68 phase1="peapver=0 tnc=soh cryptobinding=0", 69 phase2="auth=MSCHAPV2", 70 scan_freq="2412", wait_connect=False) 71 wait_fail_trigger(dev[0], "GET_FAIL") 72 dev[0].request("REMOVE_NETWORK all") 73 dev[0].wait_disconnected() 74 75def test_tnc_ttls(dev, apdev): 76 """TNC TTLS""" 77 check_eap_capa(dev[0], "MSCHAPV2") 78 params = int_eap_server_params() 79 params["tnc"] = "1" 80 hostapd.add_ap(apdev[0], params) 81 82 if not os.path.exists("tnc/libhostap_imc.so"): 83 raise HwsimSkip("No IMC installed") 84 85 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", 86 eap="TTLS", identity="DOMAIN\\mschapv2 user", 87 anonymous_identity="ttls", password="password", 88 phase2="auth=MSCHAPV2", 89 ca_cert="auth_serv/ca.pem", 90 scan_freq="2412", wait_connect=False) 91 dev[0].wait_connected(timeout=10) 92 93def test_tnc_ttls_fragmentation(dev, apdev): 94 """TNC TTLS with fragmentation""" 95 check_eap_capa(dev[0], "MSCHAPV2") 96 params = int_eap_server_params() 97 params["tnc"] = "1" 98 params["fragment_size"] = "150" 99 hostapd.add_ap(apdev[0], params) 100 101 if not os.path.exists("tnc/libhostap_imc.so"): 102 raise HwsimSkip("No IMC installed") 103 104 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", 105 eap="TTLS", identity="DOMAIN\\mschapv2 user", 106 anonymous_identity="ttls", password="password", 107 phase2="auth=MSCHAPV2", 108 ca_cert="auth_serv/ca.pem", 109 fragment_size="150", 110 scan_freq="2412", wait_connect=False) 111 dev[0].wait_connected(timeout=10) 112 113def test_tnc_ttls_errors(dev, apdev): 114 """TNC TTLS local error cases""" 115 if not os.path.exists("tnc/libhostap_imc.so"): 116 raise HwsimSkip("No IMC installed") 117 check_eap_capa(dev[0], "MSCHAPV2") 118 119 params = int_eap_server_params() 120 params["tnc"] = "1" 121 params["fragment_size"] = "150" 122 hostapd.add_ap(apdev[0], params) 123 124 tests = [(1, "eap_ttls_process_phase2_eap;eap_ttls_process_tnc_start", 125 "DOMAIN\\mschapv2 user", "auth=MSCHAPV2"), 126 (1, "eap_ttls_process_phase2_eap;eap_ttls_process_tnc_start", 127 "mschap user", "auth=MSCHAP"), 128 (1, "=eap_tnc_init", "chap user", "auth=CHAP"), 129 (1, "tncc_init;eap_tnc_init", "pap user", "auth=PAP"), 130 (1, "eap_msg_alloc;eap_tnc_build_frag_ack", 131 "pap user", "auth=PAP"), 132 (1, "eap_msg_alloc;eap_tnc_build_msg", 133 "pap user", "auth=PAP"), 134 (1, "wpabuf_alloc;=eap_tnc_process_fragment", 135 "pap user", "auth=PAP"), 136 (1, "eap_msg_alloc;=eap_tnc_process", "pap user", "auth=PAP"), 137 (1, "wpabuf_alloc;=eap_tnc_process", "pap user", "auth=PAP"), 138 (1, "dup_binstr;tncc_process_if_tnccs", "pap user", "auth=PAP"), 139 (1, "tncc_get_base64;tncc_process_if_tnccs", 140 "pap user", "auth=PAP"), 141 (1, "tncc_if_tnccs_start", "pap user", "auth=PAP"), 142 (1, "tncc_if_tnccs_end", "pap user", "auth=PAP"), 143 (1, "tncc_parse_imc", "pap user", "auth=PAP"), 144 (2, "tncc_parse_imc", "pap user", "auth=PAP"), 145 (3, "tncc_parse_imc", "pap user", "auth=PAP"), 146 (1, "os_readfile;tncc_read_config", "pap user", "auth=PAP"), 147 (1, "tncc_init", "pap user", "auth=PAP"), 148 (1, "TNC_TNCC_ReportMessageTypes", "pap user", "auth=PAP"), 149 (1, "base64_gen_encode;?base64_encode;TNC_TNCC_SendMessage", 150 "pap user", "auth=PAP"), 151 (1, "=TNC_TNCC_SendMessage", "pap user", "auth=PAP"), 152 (1, "tncc_get_base64;tncc_process_if_tnccs", 153 "pap user", "auth=PAP")] 154 for count, func, identity, phase2 in tests: 155 with alloc_fail(dev[0], count, func): 156 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", 157 scan_freq="2412", 158 eap="TTLS", anonymous_identity="ttls", 159 identity=identity, password="password", 160 ca_cert="auth_serv/ca.pem", phase2=phase2, 161 fragment_size="150", wait_connect=False) 162 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], 163 timeout=15) 164 if ev is None: 165 raise Exception("Timeout on EAP start") 166 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL", 167 note="Allocation failure not triggered for: %d:%s" % (count, func)) 168 dev[0].request("REMOVE_NETWORK all") 169 dev[0].wait_disconnected() 170 dev[0].dump_monitor() 171 172def test_tnc_fast(dev, apdev): 173 """TNC FAST""" 174 check_eap_capa(dev[0], "FAST") 175 params = int_eap_server_params() 176 params["tnc"] = "1" 177 params["pac_opaque_encr_key"] = "000102030405060708090a0b0c0d0e00" 178 params["eap_fast_a_id"] = "101112131415161718191a1b1c1d1e00" 179 params["eap_fast_a_id_info"] = "test server2" 180 181 hostapd.add_ap(apdev[0], params) 182 183 if not os.path.exists("tnc/libhostap_imc.so"): 184 raise HwsimSkip("No IMC installed") 185 186 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", 187 eap="FAST", identity="user", 188 anonymous_identity="FAST", password="password", 189 phase2="auth=GTC", 190 phase1="fast_provisioning=2", 191 pac_file="blob://fast_pac_auth_tnc", 192 ca_cert="auth_serv/ca.pem", 193 scan_freq="2412", wait_connect=False) 194 dev[0].wait_connected(timeout=10) 195