summaryrefslogtreecommitdiffstats
path: root/src/tests
diff options
context:
space:
mode:
Diffstat (limited to 'src/tests')
-rw-r--r--src/tests/Makefile23
-rw-r--r--src/tests/all.mk10
-rw-r--r--src/tests/eap-teap-mschapv2.conf21
-rw-r--r--src/tests/eap-ttls-eap-gtc.conf17
-rw-r--r--src/tests/keywords/all.mk39
-rw-r--r--src/tests/keywords/randstr16
-rw-r--r--src/tests/modules/date/all.mk3
-rw-r--r--src/tests/modules/date/date_xlat.attrs13
-rw-r--r--src/tests/modules/date/date_xlat.unlang243
-rw-r--r--src/tests/modules/date/module.conf3
-rw-r--r--src/tests/modules/dpsk/pmk.txt7
-rw-r--r--src/tests/modules/dpsk/psk.txt9
-rw-r--r--src/tests/modules/dpsk/radiusd.conf15
-rw-r--r--src/tests/modules/files/authorize10
-rw-r--r--src/tests/modules/files/empty_default.attrs11
-rw-r--r--src/tests/modules/files/empty_default.unlang9
-rw-r--r--src/tests/modules/yubikey/all.mk3
-rw-r--r--src/tests/modules/yubikey/module.conf11
-rw-r--r--src/tests/modules/yubikey/yubikey_auth.attrs11
-rw-r--r--src/tests/modules/yubikey/yubikey_auth.unlang56
-rw-r--r--src/tests/modules/yubikey/yubikey_xlat.attrs11
-rw-r--r--src/tests/modules/yubikey/yubikey_xlat.unlang42
-rw-r--r--src/tests/peap-gtc.conf13
-rw-r--r--src/tests/unit/vendor.txt6
24 files changed, 580 insertions, 22 deletions
diff --git a/src/tests/Makefile b/src/tests/Makefile
index 2dab5b1..3fba18c 100644
--- a/src/tests/Makefile
+++ b/src/tests/Makefile
@@ -170,6 +170,7 @@ config/eap-test: $(RADDB_PATH)mods-available/eap config/eap-test-inner-tunnel
-e 's/= inner-tunnel/= eap-test-inner-tunnel/;s/use_tunneled_reply = no/use_tunneled_reply = yes/' \
-e 's/enable = no/enable = yes/' \
-e 's/^\(.*\)persist_dir =/ persist_dir =/' \
+ -e 's/#.*softfail =.*/softfail = yes/' \
-e 's/tls_min_version = "1.2"/tls_min_version = "1.0"/' \
-e '$(if $(TLS1_3),s/tls_max_version = "1.2"/tls_max_version = "1.3"/)' \
-e 's/cipher_list = "DEFAULT"/cipher_list = "DEFAULT${SECLEVEL}"/' \
@@ -185,6 +186,7 @@ radiusd.pid: test.conf
tail -n 20 "$(TEST_PATH)/radius.log"; \
fi
${Q}echo "ok"
+ ${Q}echo "radiusd logging to $(TEST_PATH)/radius.log"
# We can't make this depend on radiusd.pid, because then make will create
# radiusd.pid when we make radiusd.kill, which we don't want.
@@ -214,7 +216,23 @@ radiusd.kill:
#
ifneq "$(EAPOL_TEST)" ""
EAP_FILES = eap-md5.conf
-EAP_TLS_FILES = eap-ttls-pap.conf eap-ttls-mschapv2.conf peap-mschapv2.conf
+EAP_FILES += eap-mschapv2.conf
+
+EAP_TLS_FILES = eap-tls.conf
+EAP_TLS_FILES += eap-ttls-eap-gtc.conf
+EAP_TLS_FILES += eap-ttls-eap-mschapv2.conf
+EAP_TLS_FILES += eap-ttls-eap-tls.conf
+EAP_TLS_FILES += eap-ttls-mschapv2.conf
+EAP_TLS_FILES += eap-ttls-pap.conf
+EAP_TLS_FILES += peap-client-mschapv2.conf
+EAP_TLS_FILES += peap-eap-tls.conf
+EAP_TLS_FILES += peap-gtc.conf
+EAP_TLS_FILES += peap-mschapv2.conf
+
+#EAP_TLS_FILES += eap-fast.conf # disabled in default config
+#EAP_TLS_FILES += eap-pwd.conf # disabled in default config
+#EAP_TLS_FILES += eap-teap-mschapv2.conf # not configured in eapol_test
+
EAP_TLS_VERSIONS = 1.1 1.2
EAP_TLS_DISABLE_STRING = tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1
@@ -313,7 +331,7 @@ EAPOL_OK_FILES := $(sort $(addprefix $(BUILD_PATH)/tests/eap/,$(patsubst %.conf,
tests.eap: $(EAPOL_OK_FILES) | radiusd.kill radiusd.pid
else
tests.eap:
- ${Q}echo "EAPOL Tests is disabled"
+ ${Q}echo "EAP tests are disabled"
endif # we have eapol_test built
# kill the server (if it's running)
@@ -326,3 +344,4 @@ tests.runtests: test.conf | radiusd.kill radiusd.pid
${Q}BIN_PATH="$(BIN_PATH)" PORT="$(PORT)" ./runtests.sh $(TESTS)
tests: tests.runtests tests.eap
+ $(MAKE) radiusd.kill
diff --git a/src/tests/all.mk b/src/tests/all.mk
index 142772b..678ce59 100644
--- a/src/tests/all.mk
+++ b/src/tests/all.mk
@@ -4,15 +4,15 @@ SECRET := testing123
DICT_PATH := $(top_srcdir)/share
#
-# Include all of the autoconf definitions into the Make variable space
+# Pull all of the autoconf stuff into here.
#
--include $(BUILD_DIR)/tests/keywords/autoconf.h.mk
+$(BUILD_DIR)/tests/autoconf.h.mk: src/include/autoconf.h
+ @grep '^#define' $^ | sed 's/#define /AC_/;s/ / := /' > $@
#
-# Pull all of the autoconf stuff into here.
+# Include all of the autoconf definitions into the Make variable space
#
-$(BUILD_DIR)/tests/keywords/autoconf.h.mk: src/include/autoconf.h
- @grep '^#define' $^ | sed 's/#define /AC_/;s/ / := /' > $@
+-include $(BUILD_DIR)/tests/autoconf.h.mk
######################################################################
#
diff --git a/src/tests/eap-teap-mschapv2.conf b/src/tests/eap-teap-mschapv2.conf
new file mode 100644
index 0000000..4b19bef
--- /dev/null
+++ b/src/tests/eap-teap-mschapv2.conf
@@ -0,0 +1,21 @@
+#
+# eapol_test -c eap-teap-mschapv2.conf -s testing123
+#
+network={
+ key_mgmt=IEEE8021X
+ eap=TEAP
+ anonymous_identity="anonymous"
+ identity="bob"
+ password="bob"
+
+# openssl_ciphers="DEFAULT@SECLEVEL=1"
+# phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0"
+ phase2="autheap=MSCHAPV2"
+
+# phase1="tls_disable_session_ticket=0 fast_provisioning=2"
+# phase1="fast_provisioning=0"
+ pac_file="blob://eap-fast-pac"
+
+ ca_cert="../../raddb/certs/ca.pem"
+# ca_cert="/etc/freeradius/certs/ca.pem"
+}
diff --git a/src/tests/eap-ttls-eap-gtc.conf b/src/tests/eap-ttls-eap-gtc.conf
new file mode 100644
index 0000000..2796a99
--- /dev/null
+++ b/src/tests/eap-ttls-eap-gtc.conf
@@ -0,0 +1,17 @@
+#
+# eapol_test -c eap-ttls-eap-gtc.conf -s testing123
+#
+network={
+ key_mgmt=IEEE8021X
+ eap=TTLS
+
+ anonymous_identity="anonymous"
+
+ identity="bob"
+ password="bob"
+
+ phase1=""
+ phase2="autheap=GTC"
+
+ ca_cert="../../raddb/certs/ca.pem"
+}
diff --git a/src/tests/keywords/all.mk b/src/tests/keywords/all.mk
index 739b738..6535d35 100644
--- a/src/tests/keywords/all.mk
+++ b/src/tests/keywords/all.mk
@@ -21,15 +21,6 @@ $(BUILD_DIR)/tests/keywords:
@mkdir -p $@
#
-# Find which input files are needed by the tests
-# strip out the ones which exist
-# move the filenames to the build directory.
-#
-BOOTSTRAP_EXISTS := $(addprefix $(DIR)/,$(addsuffix .attrs,$(KEYWORD_FILES)))
-BOOTSTRAP_NEEDS := $(filter-out $(wildcard $(BOOTSTRAP_EXISTS)),$(BOOTSTRAP_EXISTS))
-BOOTSTRAP := $(subst $(DIR),$(BUILD_DIR)/tests/keywords,$(BOOTSTRAP_NEEDS))
-
-#
# For each file, look for precursor test.
# Ensure that each test depends on its precursors.
#
@@ -49,16 +40,34 @@ $(BUILD_DIR)/tests/keywords/depends.mk: $(addprefix $(DIR)/,$(KEYWORD_FILES)) |
done
#
-# These ones get copied over from the default input
+# For sheer laziness, allow "make test.keywords.foo"
#
-$(BOOTSTRAP): $(DIR)/default-input.attrs | $(BUILD_DIR)/tests/keywords
- @cp $< $@
+define KEYWORD_TEST
+tests.keywords.${1}: $(addprefix $(OUTPUT)/,${1})
+
+tests.keywords.help: TEST_KEYWORDS_HELP += tests.keywords.${1}
+
+OUTPUT := $(BUILD_DIR)/tests/keywords
#
-# These ones get copied over from their original files
+# Create the input attrs, either from the test-specific input,
+# or from the default input.
#
-$(BUILD_DIR)/tests/keywords/%.attrs: $(DIR)/%.attrs | $(BUILD_DIR)/tests/keywords
- @cp $< $@
+$(OUTPUT)/${1}: $(OUTPUT)/${1}.attrs | $(dir $(OUTPUT)/${1})
+$(OUTPUT)/${1}.attrs: | $(dir $(OUTPUT)/${1})
+
+ifneq "$(wildcard src/tests/keywords/${1}.attrs)" ""
+$(OUTPUT)/${1}.attrs: src/tests/keywords/${1}.attrs
+else
+$(OUTPUT)/${1}.attrs: src/tests/keywords/default-input.attrs
+endif
+ @cp $$< $$@
+ifeq "${1}" "mschap"
+$(OUTPUT)/${1}: rlm_mschap.la
+endif
+
+endef
+$(foreach x,$(KEYWORD_FILES),$(eval $(call KEYWORD_TEST,$x)))
#
# Don't auto-remove the files copied by the rule just above.
diff --git a/src/tests/keywords/randstr b/src/tests/keywords/randstr
new file mode 100644
index 0000000..6884cb0
--- /dev/null
+++ b/src/tests/keywords/randstr
@@ -0,0 +1,16 @@
+update request {
+ &Tmp-Octets-0 := "0x%{randstr:16h}"
+ &Tmp-String-0 := "%{randstr:16h}"
+}
+
+if ("%{length:Tmp-Octets-0}" == 16) {
+ update reply {
+ Filter-Id := "filter"
+ }
+}
+
+if ("%{length:Tmp-String-0}" == 32) {
+ update reply {
+ Filter-Id := "filter"
+ }
+}
diff --git a/src/tests/modules/date/all.mk b/src/tests/modules/date/all.mk
new file mode 100644
index 0000000..90966df
--- /dev/null
+++ b/src/tests/modules/date/all.mk
@@ -0,0 +1,3 @@
+#
+# Test the "date" module
+#
diff --git a/src/tests/modules/date/date_xlat.attrs b/src/tests/modules/date/date_xlat.attrs
new file mode 100644
index 0000000..ba430d2
--- /dev/null
+++ b/src/tests/modules/date/date_xlat.attrs
@@ -0,0 +1,13 @@
+#
+# Input packet
+#
+Packet-Type = Access-Request
+User-Name = 'Bob'
+User-Password = 'Alice'
+Tmp-Integer-6 = 0
+
+#
+# Expected answer
+#
+Response-Packet-Type == Access-Accept
+
diff --git a/src/tests/modules/date/date_xlat.unlang b/src/tests/modules/date/date_xlat.unlang
new file mode 100644
index 0000000..c5501dd
--- /dev/null
+++ b/src/tests/modules/date/date_xlat.unlang
@@ -0,0 +1,243 @@
+#
+# Selection of tests for the %{time_since:} xlat
+#
+# Somewhat limited in what we can do here, as it bases its
+# responses off the current system time. So we need to do some
+# comparisons rather than actual value checks.
+#
+
+#
+# %{time_since:...} should never return 0
+#
+update {
+ &Tmp-Integer64-0 := "%{time_since:s}"
+ &Tmp-Integer64-1 := "%{time_since:ms}"
+ &Tmp-Integer64-2 := "%{time_since:us}"
+}
+
+if (&Tmp-Integer64-0 == 0 || &Tmp-Integer64-1 == 0 || &Tmp-Integer64-2 == 0) {
+ test_fail
+}
+
+#
+# and they should all be different
+#
+if (&Tmp-Integer64-0 == &Tmp-Integer64-1 || \
+ &Tmp-Integer64-1 == &Tmp-Integer64-2 || \
+ &Tmp-Integer64-2 == &Tmp-Integer64-0) {
+ test_fail
+}
+
+#
+# %c and %{time_since:s:0} should match
+#
+update {
+ &Tmp-Integer-9 := 0
+}
+
+update {
+ &Tmp-Integer-0 := "%c"
+ &Tmp-Integer-1 := "%{time_since:s 0}"
+ &Tmp-Integer-2 := "%{time_since:s &Tmp-Integer-9}"
+}
+
+if (&Tmp-Integer-0 != &Tmp-Integer-1) {
+ if (&Tmp-Integer-0 != "%{expr:&Tmp-Integer-1 - 1}") {
+ # at a push, %{time_since:s 0} might be one second later,
+ # depending on when the test ran
+ test_fail
+ }
+}
+
+if (&Tmp-Integer-1 != &Tmp-Integer-2) {
+ if (&Tmp-Integer-1 != "%{expr:&Tmp-Integer-2 - 1}") {
+ test_fail
+ }
+}
+
+#
+# If we run time_since 3 times, they should be the same or increasing
+#
+update {
+ &Tmp-Integer64-0 := "%{time_since:s 0}"
+}
+
+update {
+ &Tmp-Integer64-1 := "%{time_since:s }"
+}
+
+update {
+ &Tmp-Integer64-2 := "%{time_since:s}"
+}
+
+if (&Tmp-Integer64-0 > &Tmp-Integer64-1 || \
+ &Tmp-Integer64-1 > &Tmp-Integer64-2 || \
+ &Tmp-Integer64-0 > &Tmp-Integer64-2) {
+ test_fail
+}
+
+#
+# It's way past the year 2020, so this should only fail if the
+# computer's clock is very wrong...
+#
+if (&Tmp-Integer64-0 < 1600000000) {
+ test_fail
+}
+
+
+#
+# Similar for milliseconds
+#
+update {
+ &Tmp-Integer64-3 := "%{time_since:ms &request:Tmp-Integer-6}"
+}
+
+update {
+ &Tmp-Integer64-4 := "%{time_since:ms}"
+}
+
+update {
+ &Tmp-Integer64-5 := "%{time_since:ms &Tmp-Integer-9}"
+}
+
+if (&Tmp-Integer64-3 > &Tmp-Integer64-4 || \
+ &Tmp-Integer64-4 > &Tmp-Integer64-5 || \
+ &Tmp-Integer64-3 > &Tmp-Integer64-5) {
+ test_fail
+}
+
+
+#
+# ...and microseconds
+#
+update session-state {
+ &Tmp-Integer-7 := 0
+}
+
+update {
+ &Tmp-Integer64-6 := "%{time_since:us &session-state:Tmp-Integer-7 }"
+}
+
+update {
+ &Tmp-Integer64-7 := "%{time_since:us }"
+}
+
+update {
+ &Tmp-Integer64-8 := "%{time_since:us}"
+}
+
+if (&Tmp-Integer64-6 > &Tmp-Integer64-7 || \
+ &Tmp-Integer64-7 > &Tmp-Integer64-8 || \
+ &Tmp-Integer64-6 > &Tmp-Integer64-8) {
+ test_fail
+}
+
+if ("%{expr:&Tmp-Integer64-7 - &Tmp-Integer64-6}" > 250) {
+ # you have a really slow computer if the time between
+ # getting these took more than 250us
+ test_fail
+}
+
+
+#
+# Seconds component * 1000 must always be same or less than
+# milliseconds, and microseconds.
+#
+if ("%{expr:%{time_since:s 0} * 1000}" > "%{time_since:ms 0}") {
+ test_fail
+}
+
+if ("%{expr:%{time_since:ms 0} * 1000}" > "%{time_since:us 0}") {
+ test_fail
+}
+
+if ("%{expr:%{time_since:s 0} * 1000000}" > "%{time_since:us 0}") {
+ test_fail
+}
+
+
+#
+# Test for some errors
+#
+
+# missing time base
+update {
+ &Tmp-Integer-0 := "%{time_since:}"
+}
+
+if (!(&Module-Failure-Message[*] == 'Time base (ms, us, s) missing in time_since xlat')) {
+ test_fail
+}
+
+update {
+ &Module-Failure-Message !* ANY
+}
+
+
+# invalid time base
+update {
+ &Tmp-Integer-0 := "%{time_since:bob}"
+}
+
+if (!(&Module-Failure-Message[*] == 'Time base (ms, us, s) missing in time_since xlat')) {
+ test_fail
+}
+
+update {
+ &Module-Failure-Message !* ANY
+}
+
+
+# negative values
+update {
+ &Tmp-Integer-0 := "%{time_since:ms -1234}"
+}
+
+if (!(&Module-Failure-Message[*] == 'time_since xlat only accepts positive integers')) {
+ test_fail
+}
+
+update {
+ &Module-Failure-Message !* ANY
+}
+
+
+# invalid attribute
+update {
+ &Tmp-Integer-0 := "%{time_since:us &Test-Non-Existant-Attr}"
+}
+
+if (!(&Module-Failure-Message[*] == 'Unable to parse attribute in time_since xlat')) {
+ test_fail
+}
+
+update {
+ &Module-Failure-Message !* ANY
+}
+
+
+# silly text
+update {
+ &Tmp-Integer-0 := "%{time_since:us test random text}"
+}
+
+if (!(&Module-Failure-Message[*] == 'Failed parsing "test random text" as integer')) {
+ test_fail
+}
+
+update {
+ &Module-Failure-Message !* ANY
+}
+
+
+# attribute not in list (warning, so check output)
+update {
+ &Tmp-Integer-0 := "%{time_since:us &reply:Tmp-Integer-4}"
+}
+
+if (&Tmp-Integer-0 != 0) {
+ test_fail
+}
+
+
+test_pass
diff --git a/src/tests/modules/date/module.conf b/src/tests/modules/date/module.conf
new file mode 100644
index 0000000..cb7ef07
--- /dev/null
+++ b/src/tests/modules/date/module.conf
@@ -0,0 +1,3 @@
+#date unit test config
+date {
+}
diff --git a/src/tests/modules/dpsk/pmk.txt b/src/tests/modules/dpsk/pmk.txt
new file mode 100644
index 0000000..db3b6bd
--- /dev/null
+++ b/src/tests/modules/dpsk/pmk.txt
@@ -0,0 +1,7 @@
+User-Name = "cae78dfa6504"
+User-Password = "cae78dfa6504"
+Called-Station-Id = "5c:df:89:11L3bL3c:SSID"
+Calling-Station-Id = "ca:e7:8d:fa:65:04"
+FreeRADIUS-802.1X-Anonce = 0x43426fd6469d4254eb0d5ba449eb9895360894f1948cece9196751336d4c5daf
+FreeRADIUS-802.1X-EAPoL-Key-Msg = 0x0103007502010a00000000000000000001b16a8514b84d7843e53754f5c9131cb203fbe8277dbf216d6e87fd6e30b0577a0000000000000000000000000000000000000000000000000000000000000000dc81aec5a05ee8aa21a52947041fd2fc001630140100000fac040100000fac040100000fac028000
+Class = 0xd6175aed517504c40b8831d7ce7b7d1fe24c65ce0f92c2816ca14ba7acb47b13
diff --git a/src/tests/modules/dpsk/psk.txt b/src/tests/modules/dpsk/psk.txt
new file mode 100644
index 0000000..f4e584f
--- /dev/null
+++ b/src/tests/modules/dpsk/psk.txt
@@ -0,0 +1,9 @@
+User-Name = "8ab3a0ebd5e5"
+User-Password = "8ab3a0ebd5e5"
+NAS-IP-Address = 127.0.0.1
+Called-Station-Id = "34:ef:b6:af:48:9e:Andrena_39_Lincoln"
+Calling-Station-Id = "8a:b3:a0:eb:d5:e5"
+NAS-Identifier = "34efb6af489e"
+FreeRADIUS-802.1X-Anonce = 0x4df70a4285c5c61f177cdbfc29d7e3cac94167f6101f1bcab420dd50c4f8809d
+FreeRADIUS-802.1X-EAPoL-Key-Msg = 0x0203007502010a00100000000000000001c3bb319516614aacfb44e933bf1671131fb1856e5b2721952d414ce3f5aa312b000000000000000000000000000000000000000000000000000000000000000035cddcedad0dfb6a12a2eca55c17c323001630140100000fac040100000fac040100000fac028c00
+Filter-ID = "Pancakes1124"
diff --git a/src/tests/modules/dpsk/radiusd.conf b/src/tests/modules/dpsk/radiusd.conf
new file mode 100644
index 0000000..c4d1782
--- /dev/null
+++ b/src/tests/modules/dpsk/radiusd.conf
@@ -0,0 +1,15 @@
+ rewrite_called_station_id
+ dpsk
+ if (ok) {
+ if (&Class) {
+ update control {
+ &Pairwise-Master-Key := &Class
+ }
+ }
+ elsif (&Filter-ID) {
+ update control {
+ &Pre-Shared-Key := &Filter-ID
+ }
+ }
+ }
+
diff --git a/src/tests/modules/files/authorize b/src/tests/modules/files/authorize
index b85f6a2..6ef314e 100644
--- a/src/tests/modules/files/authorize
+++ b/src/tests/modules/files/authorize
@@ -90,3 +90,13 @@ addcontrol Cleartext-Password := "testing123", Reply-Message := "success1"
Fall-Through = yes
addcontrol Reply-Message += "success2"
+
+
+#
+# Doesn't match
+#
+DEFAULT Framed-IP-Address == 192.0.2.1
+ Reply-Message += "unexpected match in DEFAULT"
+
+DEFAULT
+ Reply-Message = "empty DEFAULT"
diff --git a/src/tests/modules/files/empty_default.attrs b/src/tests/modules/files/empty_default.attrs
new file mode 100644
index 0000000..428fa1e
--- /dev/null
+++ b/src/tests/modules/files/empty_default.attrs
@@ -0,0 +1,11 @@
+#
+# Input packet
+#
+User-Name = "empty_default"
+User-Password = "testing123"
+
+#
+# Expected answer
+#
+Response-Packet-Type == Access-Accept
+Reply-Message == "empty DEFAULT"
diff --git a/src/tests/modules/files/empty_default.unlang b/src/tests/modules/files/empty_default.unlang
new file mode 100644
index 0000000..ac4aa4d
--- /dev/null
+++ b/src/tests/modules/files/empty_default.unlang
@@ -0,0 +1,9 @@
+#
+# Run the "files" module
+#
+files
+
+update control {
+ Auth-Type := Accept
+}
+
diff --git a/src/tests/modules/yubikey/all.mk b/src/tests/modules/yubikey/all.mk
new file mode 100644
index 0000000..b62dbc2
--- /dev/null
+++ b/src/tests/modules/yubikey/all.mk
@@ -0,0 +1,3 @@
+#
+# Test the "yubikey" module xlat
+#
diff --git a/src/tests/modules/yubikey/module.conf b/src/tests/modules/yubikey/module.conf
new file mode 100644
index 0000000..a9549f3
--- /dev/null
+++ b/src/tests/modules/yubikey/module.conf
@@ -0,0 +1,11 @@
+yubikey {
+
+ id_length = 12
+
+ split = yes
+
+ decrypt = yes
+
+ validate = no
+
+}
diff --git a/src/tests/modules/yubikey/yubikey_auth.attrs b/src/tests/modules/yubikey/yubikey_auth.attrs
new file mode 100644
index 0000000..d1fa1de
--- /dev/null
+++ b/src/tests/modules/yubikey/yubikey_auth.attrs
@@ -0,0 +1,11 @@
+#
+# Input packet
+#
+Packet-Type = Access-Request
+User-Name = "bob"
+User-Password = "helloddddgciilcjkjhlifidginuirlhgidcvbfnutjnibldi"
+
+#
+# Expected answer
+#
+Response-Packet-Type == Access-Accept
diff --git a/src/tests/modules/yubikey/yubikey_auth.unlang b/src/tests/modules/yubikey/yubikey_auth.unlang
new file mode 100644
index 0000000..ae9f534
--- /dev/null
+++ b/src/tests/modules/yubikey/yubikey_auth.unlang
@@ -0,0 +1,56 @@
+# Call yubikey module to split OTP from password
+yubikey
+
+if !(&User-Password == 'hello') {
+ test_fail
+}
+if !(&Yubikey-OTP) {
+ test_fail
+}
+if !(&Yubikey-Public-Id == 'ddddgciilcjk') {
+ test_fail
+}
+
+update control {
+ &Yubikey-Counter := 1
+ &Yubikey-Key := 0xb8c56af07ff79b2230e04ab8891784ce
+}
+
+# Call module in authenticate mode to decrypt OTP
+yubikey.authenticate
+
+# Check all the attributes have been created
+if !(&Yubikey-Private-Id == 0x1dfc67f97828) {
+ test_fail
+}
+if !(&Yubikey-Timestamp) {
+ test_fail
+}
+if !(&Yubikey-Counter == 258) {
+ test_fail
+}
+if !(&Yubikey-Random) {
+ test_fail
+}
+
+
+# Increase the known "counter" value to detect a replay attack
+update {
+ &control:Yubikey-Counter := &Yubikey-Counter
+}
+
+yubikey.authenticate {
+ reject = 1
+}
+
+# Replay attack should result in a reject and a suitable module failure
+if !(reject) {
+ test_fail
+}
+debug_all
+
+if !(&Module-Failure-Message == 'yubikey: Replay attack detected! Counter value 258, is lt or eq to last known counter value 258') {
+ test_fail
+}
+
+test_pass
diff --git a/src/tests/modules/yubikey/yubikey_xlat.attrs b/src/tests/modules/yubikey/yubikey_xlat.attrs
new file mode 100644
index 0000000..1cce1c5
--- /dev/null
+++ b/src/tests/modules/yubikey/yubikey_xlat.attrs
@@ -0,0 +1,11 @@
+#
+# Input packet
+#
+Packet-Type = Access-Request
+User-Name = "bob"
+User-Password = "hello"
+
+#
+# Expected answer
+#
+Response-Packet-Type == Access-Accept
diff --git a/src/tests/modules/yubikey/yubikey_xlat.unlang b/src/tests/modules/yubikey/yubikey_xlat.unlang
new file mode 100644
index 0000000..bc17642
--- /dev/null
+++ b/src/tests/modules/yubikey/yubikey_xlat.unlang
@@ -0,0 +1,42 @@
+update {
+ &Tmp-String-0 := 'vvrbuctetdhc'
+ &Tmp-String-1 := "%{modhextohex:%{Tmp-String-0}}"
+}
+
+if (&Tmp-String-1 != 'ffc1e0d3d260') {
+ test_fail
+}
+
+# Invalid modhex string - not even length
+update {
+ &Tmp-String-0 := 'vvrbuctetdh'
+ &Tmp-String-1 := "%{modhextohex:%{Tmp-String-0}}"
+}
+
+if (ok) {
+ test_fail
+}
+
+if (&Tmp-String-1 != "") {
+ test_fail
+}
+
+if (&Module-Failure-Message != "Modhex string invalid") {
+ test_fail
+}
+
+# Invalid modhex string - invalid characters
+update {
+ &Tmp-String-0 := 'vxrbmctetdhc'
+ &Tmp-String-1 := "%{modhextohex:%{Tmp-String-0}}"
+}
+
+if (ok) {
+ test_fail
+}
+
+if (&Tmp-String-1 != "") {
+ test_fail
+}
+
+test_pass
diff --git a/src/tests/peap-gtc.conf b/src/tests/peap-gtc.conf
new file mode 100644
index 0000000..bc8c74b
--- /dev/null
+++ b/src/tests/peap-gtc.conf
@@ -0,0 +1,13 @@
+#
+# ./eapol_test -c peap-gtc.conf -s testing123
+#
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=PEAP
+ identity="bob"
+ anonymous_identity="anonymous"
+ password="bob"
+ phase1=""
+ phase2="auth=GTC"
+}
diff --git a/src/tests/unit/vendor.txt b/src/tests/unit/vendor.txt
index 1325f49..088bd1b 100644
--- a/src/tests/unit/vendor.txt
+++ b/src/tests/unit/vendor.txt
@@ -46,3 +46,9 @@ original null
encode ERX-LI-Action = off
decode -
data ERX-LI-Action = off
+
+encode Aruba-MPSK-Lookup-Info = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+data 1a c8 00 00 39 e7 42 c2 c5 6f 16 e5 de 2d 2a 2d d3 0e ac 92 12 c5 97 af 8e 08 f0 92 b4 45 4d 24 5d 73 16 a8 5a cd 78 0a f2 5e 7f e5 e1 fe 95 79 ee 2e 5b 0e ac bf fd 8c 15 da 9c 59 1d 53 5b 76 49 e9 71 4d d7 00 1c 04 65 51 cb 35 66 81 36 0d 25 ab 23 3b 67 5a 30 f8 0d 66 2b bf 97 f5 18 03 34 79 7a 22 11 c1 02 78 94 b0 26 62 13 4a c1 9c 77 6f b8 7c 29 ee 8b 61 14 de 90 b6 94 3f d0 01 00 57 6d 48 2a 59 f3 d4 57 d2 04 af 4e 64 0b 11 31 9e 63 49 f3 fa 61 4d c9 38 88 d1 89 3f 2a 10 d3 8f a0 5d 46 5f 0a b1 2f 9a 70 fa 35 79 c7 a6 68 69 28 98 49 d5 7a 29 9d dc 3d 2f 43 52 f5 12 b3 bf 61 80 2e 7a 3a 0c
+
+decode -
+data Aruba-MPSK-Lookup-Info = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"