auto-t: Test PEAPv0 cryptobinding

autotests/misc/secrets/eap-user-peap-v0-mschapv2.text

@@ -0,0 +1,4 @@
+# Phase 1 users
+* PEAP [ver=0]
+# Phase 2
+"secure@identity.com" MSCHAPV2 "testpasswd" [2]

autotests/testEAP-PEAPv0-CryptoBinding/ISK_test.py

@@ -0,0 +1,63 @@
+#!/usr/bin/python3
+
+import unittest
+import sys
+import time
+
+sys.path.append('../util')
+import iwd
+from iwd import IWD
+from iwd import NetworkType
+import testutil
+
+from hostapd import HostapdCLI
+from hostapd import hostapd_map
+
+class Test(unittest.TestCase):
+
+    def validate_connection(self, wd):
+        devices = wd.list_devices(1)
+        self.assertIsNotNone(devices)
+        device = devices[0]
+
+        condition = 'not obj.scanning'
+        wd.wait_for_object_condition(device, condition)
+
+        device.scan()
+
+        condition = 'not obj.scanning'
+        wd.wait_for_object_condition(device, condition)
+
+        ordered_network = device.get_ordered_network('ssidEAP-PEAPv0-ISK')
+
+        self.assertEqual(ordered_network.type, NetworkType.eap)
+
+        condition = 'not obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+        ordered_network.network_object.connect()
+
+        condition = 'obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+        device.disconnect()
+
+        condition = 'not obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+
+    def test_connection_success(self):
+        wd = IWD(True)
+
+        self.validate_connection(wd)
+
+    @classmethod
+    def setUpClass(cls):
+        IWD.copy_to_storage('ssidEAP-PEAPv0-ISK.8021x')
+
+    @classmethod
+    def tearDownClass(cls):
+        IWD.clear_storage()
+
+if __name__ == '__main__':
+    unittest.main(exit=True)

autotests/testEAP-PEAPv0-CryptoBinding/NoISK_test.py

@@ -0,0 +1,83 @@
+#!/usr/bin/python3
+
+import unittest
+import sys
+import time
+
+sys.path.append('../util')
+import iwd
+from iwd import IWD
+from iwd import NetworkType
+import testutil
+
+from hostapd import HostapdCLI
+from hostapd import hostapd_map
+
+class Test(unittest.TestCase):
+
+    def validate_connection(self, wd):
+        hostapd = None
+
+        for hostapd_if in list(hostapd_map.values()):
+            hpd = HostapdCLI(hostapd_if)
+            if hpd.get_config_value('ssid') == 'ssidEAP-PEAPv0-NoISK':
+                hostapd = hpd
+                break
+
+        self.assertIsNotNone(hostapd)
+
+        devices = wd.list_devices(1)
+        self.assertIsNotNone(devices)
+        device = devices[0]
+
+        condition = 'not obj.scanning'
+        wd.wait_for_object_condition(device, condition)
+
+        device.scan()
+
+        condition = 'not obj.scanning'
+        wd.wait_for_object_condition(device, condition)
+
+        ordered_network = device.get_ordered_network('ssidEAP-PEAPv0-NoISK')
+
+        self.assertEqual(ordered_network.type, NetworkType.eap)
+
+        condition = 'not obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+        ordered_network.network_object.connect()
+
+        condition = 'obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+        hostapd.eapol_reauth(device.address)
+
+        wd.wait(10)
+
+        condition = 'obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+        testutil.test_iface_operstate()
+        testutil.test_ifaces_connected()
+
+        device.disconnect()
+
+        condition = 'not obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+
+    def test_connection_success(self):
+        wd = IWD(True)
+
+        self.validate_connection(wd)
+
+    @classmethod
+    def setUpClass(cls):
+        IWD.copy_to_storage('ssidEAP-PEAPv0-NoISK.8021x')
+
+    @classmethod
+    def tearDownClass(cls):
+        IWD.clear_storage()
+
+if __name__ == '__main__':
+    unittest.main(exit=True)

autotests/testEAP-PEAPv0-CryptoBinding/hw.conf

@@ -0,0 +1,9 @@
+[SETUP]
+num_radios=3
+start_iwd=0
+max_test_exec_interval_sec=60
+tmpfs_extra_stuff=../misc/certs:../misc/secrets:main.conf
+
+[HOSTAPD]
+rad0=ssidEAP-PEAPv0-NoISK.conf
+rad1=ssidEAP-PEAPv0-ISK.conf

autotests/testEAP-PEAPv0-CryptoBinding/main.conf

@@ -0,0 +1,2 @@
+[General]
+UseDefaultInterface=true

autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.8021x

@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=open@identity.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MSCHAPV2
+EAP-PEAP-Phase2-Identity=secure@identity.com
+EAP-PEAP-Phase2-Password=testpasswd
+
+[Settings]
+AutoConnect=false

autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-ISK.conf

@@ -0,0 +1,12 @@
+hw_mode=g
+channel=1
+ssid=ssidEAP-PEAPv0-ISK
+
+wpa=3
+wpa_key_mgmt=WPA-EAP
+ieee8021x=1
+eap_server=1
+eap_user_file=/tmp/secrets/eap-user-peap-v0-mschapv2.text
+ca_cert=/tmp/certs/cert-ca.pem
+server_cert=/tmp/certs/cert-server.pem
+private_key=/tmp/certs/cert-server-key.pem

autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.8021x

@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=open@identity.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MD5
+EAP-PEAP-Phase2-Identity=secure@identity.com
+EAP-PEAP-Phase2-Password=testpasswd
+
+[Settings]
+AutoConnect=false

autotests/testEAP-PEAPv0-CryptoBinding/ssidEAP-PEAPv0-NoISK.conf

@@ -0,0 +1,12 @@
+hw_mode=g
+channel=1
+ssid=ssidEAP-PEAPv0-NoISK
+
+wpa=3
+wpa_key_mgmt=WPA-EAP
+ieee8021x=1
+eap_server=1
+eap_user_file=/tmp/secrets/eap-user-peap-v0.text
+ca_cert=/tmp/certs/cert-ca.pem
+server_cert=/tmp/certs/cert-server.pem
+private_key=/tmp/certs/cert-server-key.pem