Index: server/site_tests/network_WiFiSecMat/073CheckWPA_1x_TTLS |
diff --git a/server/site_tests/network_WiFiSecMat/073CheckWPA_1x_TTLS b/server/site_tests/network_WiFiSecMat/073CheckWPA_1x_TTLS |
new file mode 100644 |
index 0000000000000000000000000000000000000000..8938cef729a389e5a1e4b35268628150ebfebd3c |
--- /dev/null |
+++ b/server/site_tests/network_WiFiSecMat/073CheckWPA_1x_TTLS |
@@ -0,0 +1,82 @@ |
+# Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
+# Use of this source code is governed by a BSD-style license that can be |
+# found in the LICENSE file. |
+ |
+# Try 802.1x authentication. The supplicant must be restarted between |
+# trials because it is "sticky" with regards to various parameters |
+# related to certificate authentication. A thread is currently afoot |
+# in the hostap mailing list about this, but for the time being we will |
+# do supplicant restarts to test. |
+ |
+{ "name":"Check1x_TTLS", |
+ "steps":[ # Channel [any] |
+ [ "create", { "type":"hostap" } ], |
+ [ "install_files", { "system" : "router", |
+ "files" : |
+ { "/tmp/hostapd_ca_cert" : |
+ site_eap_certs.ca_cert_1, |
+ "/tmp/hostapd_server_cert" : |
+ site_eap_certs.server_cert_1, |
+ "/tmp/hostapd_private_key" : |
+ site_eap_certs.server_private_key_1, |
+ "/tmp/hostapd_eap_user_file" : |
+ """* TTLS |
+"testuser-chapv2" MSCHAPV2 "password" [2] |
+"testuser-md5" MD5 "password" [2]""" } } ], |
+ [ "config", { "channel":"2412", "mode":"11g", |
+ "wpa":"1", "wpa_key_mgmt":"WPA-EAP", |
+ "eap_server" : "1", |
+ "wpa_pairwise":"CCMP", "ieee8021x":"1", |
+ "ca_cert" : "/tmp/hostapd_ca_cert", |
+ "server_cert" : "/tmp/hostapd_server_cert", |
+ "private_key" : "/tmp/hostapd_private_key", |
+ "eap_user_file" : "/tmp/hostapd_eap_user_file"} ], |
+ [ "install_files", { "system" : "client", |
+ "files" : |
+ { "/tmp/ca-cert.pem" : |
+ site_eap_certs.ca_cert_1, |
+ "/tmp/ca-cert-other.pem" : |
+ site_eap_certs.ca_cert_2} } ], |
+ [ "connect", { "security":"802_1x", |
+ "psk" : "EAP-TTLS:testuser-chapv2:password"} ], |
+ [ "client_ping", { "count":"10" } ], |
+ |
+ [ "disconnect" ], |
+ |
+ # Try with (correct) CA for server |
+ [ "restart_supplicant" ], |
+ [ "config", { "ssid_suffix":"t1" } ], |
+ [ "connect", { "security":"802_1x", |
+ "psk" : "EAP-TTLS:testuser-chapv2:password:" |
+ "/tmp/ca-cert.pem"} ], |
+ [ "client_ping", { "count":"10" } ], |
+ |
+ [ "disconnect" ], |
+ |
+ # Try MD5 inner auth |
+ [ "restart_supplicant" ], |
+ [ "config", { "ssid_suffix":"t2" } ], |
+ [ "connect", { "security":"802_1x", |
+ "psk" : "EAP-TTLS:testuser-md5:password"} ], |
+ [ "client_ping", { "count":"10" } ], |
+ |
+ [ "disconnect" ], |
+ |
+ # |
+ # Try authenticating using the wrong client password |
+ [ "restart_supplicant" ], |
+ [ "config", { "ssid_suffix":"t3" } ], |
+ [ "!connect", { "security":"802_1x", |
+ "psk" : "EAP-TTLS:testuser-chapv2:wrongpassword"} ], |
+ # |
+ # Try authenticating with the right client password but wrong CA |
+ [ "restart_supplicant" ], |
+ [ "config", { "ssid_suffix":"t4" } ], |
+ [ "!connect", { "security":"802_1x", |
+ "psk" : "EAP-TTLS:testuser-chapv2:password:" |
+ "/tmp/ca-cert-other.pem"} ], |
+ |
+ |
+ [ "destroy" ], |
+ ], |
+} |