Extensible Authentication Protocol (EAP) Test - Network Supplicant
Note This content applies to the Windows Logo Kit (WLK). For the latest information using the new Windows Hardware Certification Kit (HCK), see Windows HCK User's Guide on the Windows Hardware Dev Center.
Overview
The Extensible Authentication Protocol (EAP) Test is used by the EAP Certification Program (ECP).
Details
The EAP Test is comprised of testing methods:
Peer Method
Authenticator Method
Network Supplicant
This description applies to the Supplicant Method.
Requirements
Software Requirements
The test tool runs on the following Windows operating systems:
Windows Server 2008 Release 2
Windows 7
Windows Server 2008
Windows Vista
Software components included with the device that is being tested.
Hardware Requirements
Device to be tested
Computer that meets the minimum software requirements
Windows keyboard
Two-button pointing device
Color display monitor capable of at least 1024 by 768 resolution, 32-bits per pixel, 60 Hz
Hard drive with a minimum of 20 GB available on partition C:
Processor
Running Extensible Authentication Protocol (EAP) Test - Network Supplicant
144.5.1 - EAP Supplicant Submissions MAY include 32-bit X86 binaries
This test verifies submission of 32-bit X86 binary.
Overview
The test performs the following steps:
- It checks whether submission has x86 binary to launch supplicant application or service.
Results Interpretation
The test writes the pass/fail results to a log file.
The test fails if:
- The package path cannot be located.
144.5.2 - EAP Supplicant Submissions MUST include 64-bit X64 binaries
This test verifies submission of 64-bit X64 binary.
Overview
The test performs the following steps:
- It checks whether submission has at least one X64 binary to launch supplicant application or service.
Results Interpretation
The test writes the pass/fail results to a log file.
The test fails if:
- X64 is not present in the package.
144.5.3 - EAP Supplicants MUST NOT disable or impair the functionality of other system components during operation
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
145.5.1 - All ECP EAP Supplicant Submissions will be packaged in an INF.
This test verifies that the submission has packaged INF file.
Overview
The test performs the following steps:
Checks for the valid INF file in the package location.
Checks for various sections for valid installation of the INF file.
Results Interpretation
The test writes the pass/fail results to a log file.
The test fails if:
INF file is not present in the package location.
INF file does not contain the valid install section.
145.5.2 - ECP EAP Supplicant Submission INF installers MUST allow for installation and uninstall.
This test verifies that submitted INF installers should allow for installation and uninstall.
Overview
The test performs the following steps:
Checks that Install section is present in the INF file.
Checks that Uninstall section is present in the INF file.
Results Interpretation
The test writes the pass/fail results to a log file.
The test fails if:
INF file does not contain the install section.
INF file does not contain the uninstall section.
145.5.3 - EAP Supplicants MUST NOT disable or otherwise modify other installed components as part of installation.
This test verifies that installation of supplicant does not modify the registry or file system, other than its own space.
Overview
The test performs the following steps:
Uninstall the supplicant if it is already installed.
Install the supplicant.
Verifies that all the registry updates are done as part of installation under the following keys:
HKLM\CurrentControlSet\Services\EAPHost\Supplicant\<Vendor IANA ID>\<Vendor Supplicant ID>
Results Interpretation
The test writes the pass/fail results to a log file.
The test fails if:
- Installation process adds the entries to registry other than the location specified.
145.5.4 - ECP Supplicant Submissions MUST NOT require a reboot after installation to function properly
This test verifies that installation of supplicant does not require a reboot.
Overview
The test performs the following steps:
Uninstall the supplicant if it is already installed.
Install the supplicant.
Checks for certain registry locations which need to be updated if reboot is need for install.
Results Interpretation
The test writes the pass/fail results to a log file.
The test fails if:
- Installation process adds the entries to certain registry location which are necessary for reboot.
145.5.6 - Removal of an EAP supplicant must be performed through device uninstalls using the device manager.
This test verifies that uninstall should be done with the help of device manager.
Overview
The test performs the following steps:
Uninstalls the package.
Check for the absence of registry entries.
Install the package.
Check for the presence of registry entries.
Results Interpretation
The test writes the pass/fail results to a log file.
The test fails if:
Uninstall/installation of the package is unsuccessful.
Registry entries are present after uninstall.
Registry entries are absent after install.
146.5.1 - EAP Supplicants will successfully complete 1000 end-to-end EAP authenticated connection without error or failure of any kind. There should not be any observable resource leaks.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.2 - EAP Supplicants must support scriptable control for connect, disconnect and authenticate functionalities
Overview
To validate this, user is asked to provide full path to this script. The script will be used to control, connect and disconnect
Results Interpretation
The test writes the pass/fail results to a log file.
Troubleshooting tips
Make sure you're able to connect and disconnect using this script before attempting to submit. Also make sure that you provide the full path to this script. If this script fails potentially many other supplicant cases will fail without being run
155.5.7 - EAP supplicants must support EapHostPeerFreeErrorMemory API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.8 - EAP supplicants must support EapHostPeerFreeMemory API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.9 - EAP supplicants must support EapHostPeerGetMethods API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.10 - EAP supplicants must support EapHostPeerInvokeConfigUI API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.11 - EAP supplicants must support EapHostPeerInvokeInteractiveUI API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.14 - EAP supplicants must support EapHostPeerBeginSession API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.15 - EAP supplicants must support EapHostPeerClearConnection API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.16 - EAP supplicants must support EapHostPeerEndSession API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.17 - EAP supplicants must support EapHostPeerFreeEapError API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.18 - EAP supplicants must support EapHostPeerGetAuthStatus API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.19 - EAP supplicants must support EapHostPeerGetResponseAttributes API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.20 - EAP supplicants must support EapHostPeerGetResult API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.21 - EAP supplicants must support EapHostPeerGetSendPacket API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.22 - EAP supplicants must support EapHostPeerGetUIContext API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.23 - EAP supplicants must support EapHostPeerInitialize API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.24 - EAP supplicants must support EapHostPeerProcessReceivedPacket API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.25 - EAP supplicants must support EapHostPeerSetResponseAttributes API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.26 - EAP supplicants must support EapHostPeerSetUIContext API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.27 - EAP supplicants must support EapHostPeerUninitialize API.
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.28 - NotificationHandler must be implemented and passed to EAPHost API through EapHostPeerBeginSession
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.30 - Supplicant MUST always perform legal call sequences to EAPHost
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.31 - EAP Supplicants MUST NOT load any DLLs or cause to be loaded any DLLs that are not provided with the submission or provided by Windows itself
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.32 - EAP Supplicants must not execute with higher privileges than network service
Overview
The test performs the following steps:
Run the supplicant script
Get the supplicant process's access token
Get all the privileges with which the supplicant process is running.
Verify that supplicant process will not run with higher privilege than network service.
Results Interpretation
The test writes the pass/fail results to a log file.
The test fails if:
Supplicant process has privileges higher than network service.
Supplicant process runs with local system or local service account.
155.5.33 - EAP Supplicants MUST support EAPHost-based Network Access Protection
Overview
Self explanatory
Results Interpretation
The test writes the pass/fail results to a log file.
155.5.34 - All Vendors who submit methods to the ECP will acquire a valid Enterprise-ID from IANA. For example, Microsoft's Enterprise-ID is 311
This test verifies that registry should have the enterprise id at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EAPHost\Supplicant\<Vendor IANA ID>
Overview
The test performs the following steps:
- Validate if the enterprise-ID is in the acceptable range.
Results Interpretation
The test writes the pass/fail results to a log file.
The test fails if:
- If there is enterprise id /vendor id is in inacceptable range.
155.5.35 - All EAP Supplicant configuration data will be entirely contained within the Windows Registry
This test verifies that installation of supplicant does not modify the registry, other than its allocated location.
Overview
The test performs the following steps:
Uninstall the supplicant if it is already installed.
Install the supplicant.
Verifies that all the registry updates are done as part of installation under the following keys:
HKLM\CurrentControlSet\Services\EAPHost\Supplicant\<Vendor IANA ID>\<Vendor Supplicant ID>
Results Interpretation
The test writes the pass/fail results to a log file.
The test fails if:
- Installation process adds the entries to registry other than the location specified.
155.5.36 - All EAP Supplicant configuration data will be located under a single registry sub key under HKLM. Per user configuration data may be stored under a single registry sub key for each user in HKCU.
This test verifies that registry should have the enterprise id at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EAPHost\Supplicant\<Vendor IANA ID>
Overview
The test performs the following steps:
- Check if the name present at this registry location matches with the Vendor Name corresponding to the vendor's enterprise id.
Results Interpretation
The test writes the pass/fail results to a log file.
The test fails if:
- If there is a mismatch in names.
Troubleshooting Tips
The enterprise name can be in "" or "Name" registry value, where if "" value is present than "Name" value is ignored.
""=Microsoft
Name=Microsoft
155.5.37 - All files that are added to the system by the installation package, INF are to be physically located under the Windows Program Files, directory in a private sub-directory.
This test verifies that files added by package should be only under Program files.
Overview
The test performs the following steps:
- Check the install section of INF file. All the files added should be located one folder under Program files.
Results Interpretation
The test writes the pass/fail results to a log file.
The test fails if:
- If install section tries to copy file at some other location.
156.5.1 - EAP Supplicants will produce a human-readable debug tracing log that enables administrators or other users to investigate and determine the cause of failures (Manual).
This test verifies that EAP supplicant produce human readable trace logs. This test case needs user interaction in DTM client side (Manual).
Overview
The test performs the following steps:
Checks the status of the trace file.
Runs the Authentication session with the supplicant.
Ensure that supplicant has written to trace logs.
Verify that the trace logs are human readable.
Results Interpretation
The test writes the pass/fail results to a log file.
The test fails if:
- As part of authentication supplicant writes non human readable characters to the trace logs.
User Interactions
User has to do the following tasks.
In the DTM studio schedule the job which has the Test case id as 156.5.1, then at the DTM client the following interactions are needed.
Enable the supplicant specific trace (which will be written to C:\windows\tracing) and then press Ok.
An authentication session will be run as part of the test case.
Disable the supplicant trace and then press Ok.
The trace file will be displayed in notepad.
Verify whether trace file is human readable or not and then close the file.
Enter the appropriate choice (Yes/No) in the dialog box that follows.
End of the test case.
156.5.3 - EAP Supplicant must write events to the event log for use by the user oradministrator.
This test verifies that events are logged by supplicant.
Overview
The test performs the following steps:
Run an authentication session.
Check if any event is logged.
Results Interpretation
The test writes the pass/fail results to a log file.
The test fails if:
- If there is no event logged during the authentication session.
157.5.1 - EAP Supplicant that consumes keys must consume then locally; and not provide them or derived keys outside the supplicant.
Overview
Self explanatory.
Results Interpretation
The test writes the pass/fail results to a log file.
Build date: 9/14/2012