Extensible Authentication Protocol (EAP) Test - Network Supplicant

  • Article

Note  This content applies to the Windows Logo Kit (WLK). For the latest information using the new Windows Hardware Certification Kit (HCK), see Windows HCK User's Guide on the Windows Hardware Dev Center.

Overview

The Extensible Authentication Protocol (EAP) Test is used by the EAP Certification Program (ECP).

Details

The EAP Test is comprised of testing methods:

  • Peer Method

  • Authenticator Method

  • Network Supplicant

This description applies to the Supplicant Method.

Requirements

Software Requirements

The test tool runs on the following Windows operating systems:

  • Windows Server 2008 Release 2

  • Windows 7

  • Windows Server 2008

  • Windows Vista

  • Software components included with the device that is being tested.

Hardware Requirements

  • Device to be tested

  • Computer that meets the minimum software requirements

  • Windows keyboard

  • Two-button pointing device

  • Color display monitor capable of at least 1024 by 768 resolution, 32-bits per pixel, 60 Hz

  • Hard drive with a minimum of 20 GB available on partition C:

  • Processor

Running Extensible Authentication Protocol (EAP) Test - Network Supplicant

144.5.1 - EAP Supplicant Submissions MAY include 32-bit X86 binaries

This test verifies submission of 32-bit X86 binary.

Overview

The test performs the following steps:

  • It checks whether submission has x86 binary to launch supplicant application or service.

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • The package path cannot be located.

144.5.2 - EAP Supplicant Submissions MUST include 64-bit X64 binaries

This test verifies submission of 64-bit X64 binary.

Overview

The test performs the following steps:

  • It checks whether submission has at least one X64 binary to launch supplicant application or service.

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • X64 is not present in the package.

144.5.3 - EAP Supplicants MUST NOT disable or impair the functionality of other system components during operation

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

145.5.1 - All ECP EAP Supplicant Submissions will be packaged in an INF.

This test verifies that the submission has packaged INF file.

Overview

The test performs the following steps:

  • Checks for the valid INF file in the package location.

  • Checks for various sections for valid installation of the INF file.

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • INF file is not present in the package location.

  • INF file does not contain the valid install section.

145.5.2 - ECP EAP Supplicant Submission INF installers MUST allow for installation and uninstall.

This test verifies that submitted INF installers should allow for installation and uninstall.

Overview

The test performs the following steps:

  • Checks that Install section is present in the INF file.

  • Checks that Uninstall section is present in the INF file.

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • INF file does not contain the install section.

  • INF file does not contain the uninstall section.

145.5.3 - EAP Supplicants MUST NOT disable or otherwise modify other installed components as part of installation.

This test verifies that installation of supplicant does not modify the registry or file system, other than its own space.

Overview

The test performs the following steps:

  • Uninstall the supplicant if it is already installed.

  • Install the supplicant.

  • Verifies that all the registry updates are done as part of installation under the following keys:

    HKLM\CurrentControlSet\Services\EAPHost\Supplicant\<Vendor IANA ID>\<Vendor Supplicant ID>

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • Installation process adds the entries to registry other than the location specified.

145.5.4 - ECP Supplicant Submissions MUST NOT require a reboot after installation to function properly

This test verifies that installation of supplicant does not require a reboot.

Overview

The test performs the following steps:

  • Uninstall the supplicant if it is already installed.

  • Install the supplicant.

  • Checks for certain registry locations which need to be updated if reboot is need for install.

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • Installation process adds the entries to certain registry location which are necessary for reboot.

145.5.6 - Removal of an EAP supplicant must be performed through device uninstalls using the device manager.

This test verifies that uninstall should be done with the help of device manager.

Overview

The test performs the following steps:

  • Uninstalls the package.

  • Check for the absence of registry entries.

  • Install the package.

  • Check for the presence of registry entries.

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • Uninstall/installation of the package is unsuccessful.

  • Registry entries are present after uninstall.

  • Registry entries are absent after install.

146.5.1 - EAP Supplicants will successfully complete 1000 end-to-end EAP authenticated connection without error or failure of any kind. There should not be any observable resource leaks.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.2 - EAP Supplicants must support scriptable control for connect, disconnect and authenticate functionalities

Overview

To validate this, user is asked to provide full path to this script. The script will be used to control, connect and disconnect

Results Interpretation

The test writes the pass/fail results to a log file.

Troubleshooting tips

Make sure you're able to connect and disconnect using this script before attempting to submit. Also make sure that you provide the full path to this script. If this script fails potentially many other supplicant cases will fail without being run

155.5.7 - EAP supplicants must support EapHostPeerFreeErrorMemory API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.8 - EAP supplicants must support EapHostPeerFreeMemory API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.9 - EAP supplicants must support EapHostPeerGetMethods API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.10 - EAP supplicants must support EapHostPeerInvokeConfigUI API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.11 - EAP supplicants must support EapHostPeerInvokeInteractiveUI API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.14 - EAP supplicants must support EapHostPeerBeginSession API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.15 - EAP supplicants must support EapHostPeerClearConnection API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.16 - EAP supplicants must support EapHostPeerEndSession API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.17 - EAP supplicants must support EapHostPeerFreeEapError API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.18 - EAP supplicants must support EapHostPeerGetAuthStatus API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.19 - EAP supplicants must support EapHostPeerGetResponseAttributes API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.20 - EAP supplicants must support EapHostPeerGetResult API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.21 - EAP supplicants must support EapHostPeerGetSendPacket API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.22 - EAP supplicants must support EapHostPeerGetUIContext API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.23 - EAP supplicants must support EapHostPeerInitialize API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.24 - EAP supplicants must support EapHostPeerProcessReceivedPacket API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.25 - EAP supplicants must support EapHostPeerSetResponseAttributes API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.26 - EAP supplicants must support EapHostPeerSetUIContext API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.27 - EAP supplicants must support EapHostPeerUninitialize API.

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.28 - NotificationHandler must be implemented and passed to EAPHost API through EapHostPeerBeginSession

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.30 - Supplicant MUST always perform legal call sequences to EAPHost

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.31 - EAP Supplicants MUST NOT load any DLLs or cause to be loaded any DLLs that are not provided with the submission or provided by Windows itself

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.32 - EAP Supplicants must not execute with higher privileges than network service

Overview

The test performs the following steps:

  1. Run the supplicant script

  2. Get the supplicant process's access token

  3. Get all the privileges with which the supplicant process is running.

  4. Verify that supplicant process will not run with higher privilege than network service.

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • Supplicant process has privileges higher than network service.

  • Supplicant process runs with local system or local service account.

155.5.33 - EAP Supplicants MUST support EAPHost-based Network Access Protection

Overview

Self explanatory

Results Interpretation

The test writes the pass/fail results to a log file.

155.5.34 - All Vendors who submit methods to the ECP will acquire a valid Enterprise-ID from IANA. For example, Microsoft's Enterprise-ID is 311

This test verifies that registry should have the enterprise id at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EAPHost\Supplicant\<Vendor IANA ID>

Overview

The test performs the following steps:

  • Validate if the enterprise-ID is in the acceptable range.

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • If there is enterprise id /vendor id is in inacceptable range.

155.5.35 - All EAP Supplicant configuration data will be entirely contained within the Windows Registry

This test verifies that installation of supplicant does not modify the registry, other than its allocated location.

Overview

The test performs the following steps:

  • Uninstall the supplicant if it is already installed.

  • Install the supplicant.

  • Verifies that all the registry updates are done as part of installation under the following keys:

    HKLM\CurrentControlSet\Services\EAPHost\Supplicant\<Vendor IANA ID>\<Vendor Supplicant ID>

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • Installation process adds the entries to registry other than the location specified.

155.5.36 - All EAP Supplicant configuration data will be located under a single registry sub key under HKLM. Per user configuration data may be stored under a single registry sub key for each user in HKCU.

This test verifies that registry should have the enterprise id at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EAPHost\Supplicant\<Vendor IANA ID>

Overview

The test performs the following steps:

  • Check if the name present at this registry location matches with the Vendor Name corresponding to the vendor's enterprise id.

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • If there is a mismatch in names.

Troubleshooting Tips

The enterprise name can be in "" or "Name" registry value, where if "" value is present than "Name" value is ignored.

""=Microsoft

Name=Microsoft

155.5.37 - All files that are added to the system by the installation package, INF are to be physically located under the Windows Program Files, directory in a private sub-directory.

This test verifies that files added by package should be only under Program files.

Overview

The test performs the following steps:

  • Check the install section of INF file. All the files added should be located one folder under Program files.

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • If install section tries to copy file at some other location.

156.5.1 - EAP Supplicants will produce a human-readable debug tracing log that enables administrators or other users to investigate and determine the cause of failures (Manual).

This test verifies that EAP supplicant produce human readable trace logs. This test case needs user interaction in DTM client side (Manual).

Overview

The test performs the following steps:

  • Checks the status of the trace file.

  • Runs the Authentication session with the supplicant.

  • Ensure that supplicant has written to trace logs.

  • Verify that the trace logs are human readable.

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • As part of authentication supplicant writes non human readable characters to the trace logs.

User Interactions

User has to do the following tasks.

  • In the DTM studio schedule the job which has the Test case id as 156.5.1, then at the DTM client the following interactions are needed.

  • Enable the supplicant specific trace (which will be written to C:\windows\tracing) and then press Ok.

  • An authentication session will be run as part of the test case.

  • Disable the supplicant trace and then press Ok.

  • The trace file will be displayed in notepad.

  • Verify whether trace file is human readable or not and then close the file.

  • Enter the appropriate choice (Yes/No) in the dialog box that follows.

  • End of the test case.

156.5.3 - EAP Supplicant must write events to the event log for use by the user oradministrator.

This test verifies that events are logged by supplicant.

Overview

The test performs the following steps:

  • Run an authentication session.

  • Check if any event is logged.

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • If there is no event logged during the authentication session.

157.5.1 - EAP Supplicant that consumes keys must consume then locally; and not provide them or derived keys outside the supplicant.

Overview

Self explanatory.

Results Interpretation

The test writes the pass/fail results to a log file.

 

 

Build date: 9/14/2012