Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
MSDN Library

Extensible Authentication Protocol (EAP) Test - Authenticator Method

Overview

The Extensible Authentication Protocol (EAP) Test is used by the EAP Certification Program (ECP).

Details

The EAP Test is comprised of testing methods:

  • Peer Method
  • Peer Tunnel Method
  • Authenticator Method
  • Network Supplicant
  • This description applies to the Authenticator Method.

Requirements

Software Requirements

The test tool requires the following software:

  • Windows Server 2008 Release 2
  • Windows 7
  • Windows Server 2008
  • Windows Vista
  • Software components included with the device that is being tested.

Hardware Requirements

  • Device to be tested
  • Computer that meets the minimum software requirements
  • Windows keyboard
  • Two-button pointing device
  • Color display monitor capable of at least 1024 by 768 resolution, 32-bits per pixel, 60 Hz
  • Hard drive with a minimum of 20 GB available on partition C:
  • Processor

 

Running Extensible Authentication Protocol (EAP) Test - Authenticator Method

For Authenticator Method:

 

144.3.1 - EAP Method Submissions MUST include 32-bit X86 binaries

This test verifies submission of 32-bit X86 binary.

 

Overview

The test performs the following steps:

  • It checks whether submission has at least one X86 binary.

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • X86 binary is not present in the package.

 

144.3.2 - EAP Method Submissions MUST include 64-bit X64 binaries

This test verifies submission of 64-bit X64 binary.

 

Overview

The test performs the following steps:

  • It checks whether submission has at least one X64 binary.

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • X64 binary is not present in the package.

 

144.3.3 - EAP Methods MUST NOT disable or impair the functionality of other system components during their operation.

 

Overview

Self explanatory

 

Results interpretation 

The test writes the pass/fail results to a log file.

 

145.3.1 - All ECP EAP Method Submissions will be packaged in an INF.

This test verifies that the submission has packaged INF file.

 

Overview

The test performs the following steps:

  • Checks for the valid INF file in the package location.
  • Checks for various sections for valid installation of the INF file.

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • INF file is not present in the package location.
  • INF file does not contain the valid install section.

 

145.3.2 - ECP EAP Method Submission INF installers MUST allow for installation and uninstall.

This test verifies that submitted INF installers should allow for installation and uninstallation.

 

Overview

The test performs the following steps:

  • Checks that Install section is present in the INF file.
  • Checks that Uninstall section is present in the INF file.

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • INF file does not contain the install section.
  • INF file does not contain the uninstall section.

 

145.3.3 - ECP Method Submissions MUST NOT require reboot after installation to function properly

This test verifies that installation of method does not require a reboot.

 

Overview

The test performs the following steps:

  • Uninstall the method if it is already installed.
  • Install the method.
  • Checks for certain registry locations which need to be updated if reboot is need for install.

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • Installation process adds the entries to certain registry location which are necessary for reboot.

 

145.3.4 - EAP Methods MUST NOT disable or otherwise modify other installed components as part of installation.

This test verifies that installation of method does not modify the registry or file system, other than its own space.

 

Overview

The test performs the following steps:

  • Uninstall the method if it is already installed.
  • Install the method.
  • Verifies that all the registry updates are done as part of installation under the following key:

    HKLM\System\CurrentControlSet\Services\EapHost\Methods\AuthId\TypeId

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • Installation process adds the entries to registry location other than the one specified.

    reboot.

 

145.3.5 - EAP Methods MUST remove all configuration data and files on removal/uninstall.

This test verifies that uninstall should remove all the configuration data.

 

Overview

The test performs the following steps:

  • Get the list of all the files copied during installation
  • Check if all these files have been removed.

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • If there is a mismatch between the files copied during installation and files removed during uninstall.

 

145.3.6 - Removal of an EAP method must be performed through device uninstall using the device manager.

This test verifies that uninstall should be done with the help of device manager.

 

Overview

The test performs the following steps:

  • Uninstalls the package.
  • Check for the absence of registry entries.
  • Install the package.
  • Check for the presence of registry entries.

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • Uninstall/installation of the package is unsuccessful.
  • Registry entries are present after uninstall.
  • Registry entries are absent after install.

 

146.3.1 - EAP Authenticator Methods will successfully complete six hours of end-to-end authentications across 50 concurrent separate authentication sessions. There should not be any observable resource leaks.

 

Overview

Self explanatory

 

Results Interpretation

The test writes the pass/fail results to a log file.

 

Troubleshooting tips

No additional Troubleshooting tips available

 

146.3.2 - EAP Authenticator Methods will successfully survive 1,000,000 cycles of loading and unloading the method DLL without error. There should not be any observable resource leaks.

 

Overview

Self explanatory

 

Results Interpretation

The test writes the pass/fail results to a log file.

 

146.3.3 - All implemented EAP method APIs will successfully survive 6 hours of comprehensive API fuzz testing without error. There should not be any observable resource leaks.

 

Overview

Self explanatory

 

Results Interpretation

The test writes the pass/fail results to a log file.

 

146.3.4 - EAP Authenticator Methods will successfully survive end-to-end negative authentication stress for a period of  6 hours.

 

Overview

Self explanatory

 

Results Interpretation

The test writes the pass/fail results to a log file.

 

147.3.1 - If the method is a password or smart card based test case, it should not write password or pin in traces or event logs (Manual).

This test verifies that EAP method does not write password information in the trace logs. This test case needs user interaction in DTM client side.

 

Overview

The test performs the following steps:

  • Checks the status of the trace file.
  • Runs the Authentication session with the method.
  • Ensure that method has written to trace logs.
  • Verify that the password is not present in the trace logs.

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • As part of authentication method writes password information into the trace logs.

 

User Interactions

User has to do the following tasks.

  • In the DTM studio schedule the job which has the Test case id as 147.3.1, then at the DTM client the following interactions are needed.
  • Enable the method specific trace (which will be written to C:\windows\tracing) and then press Ok.
  • An authentication session will be run as part of the test case.
  • Disable the method trace and then press Ok.
  • The trace file will be displayed in notepad.
  • Verify whether the trace has password information
  • Enter the appropriate choice (Yes/No) in the dialog box that follows.
  • End of the test case.

 

148.3.1 - All data for a given EAP method will be located under  HKLM\SYSTEM\CurrenTControlSet\Services\EAPHost\Methods

This test verifies that installation of method does not modify the registry, other than its allocated space.

 

Overview

The test performs the following steps:

  • Uninstall the method if it is already installed.
  • Install the method.
  • Verifies that all the registry updates are done as part of installation under the following key:

    HKLM\System\CurrentControlSet\Services\EapHost\Methods\AuthId\TypeId

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • Installation process adds the entries to registry location other than the one specified.

 

148.3.2 - All Vendors who submit methods to the ECP will acquire a valid Enterprise-ID from IANA (Manual).

This test verifies that registry should have the enterprise id at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EAPHost\Methods\<VendorIANAid>

 

Overview

The test performs the following steps:

  • Validate if the enterprise-id is in the acceptable range.
  • If it’s an expanded EAP type, then check if Vendor id is inacceptable range or not.

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • If there is enterprise id /vendor id is in inacceptable range.

 

148.3.3 - The Vendor Registry Key under which all vendor method configuration data is stored will contain a string value which identifies the vendor name corresponding to the vendor’s enterprise-id.

This test verifies that registry should have the enterprise id at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EAPHost\Methods\<<VendorIANAid>>.

And the registry location has a default string value or a value “Name” which specifies the Vendor name

 

Overview

The test performs the following steps:

  • Check if the name present at this registry location matches with the Vendor Name corresponding to the vendor’s enterprise id.

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • If there is a mismatch in names.

 

148.3.4 - All files that are added to the system by the installation package (INF) are to be physically located under the Windows “Program Files: directory in a private sub-directory that reasonably reflects the nature of the ECP submission.

This test verifies that files added by package should be only under Program files. 

 

Overview

The test performs the following steps:

  • Check the install section of inf file. All the files added should be located one folder under Program Files.

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • If install section tries to copy file at some other location.

 

148.3.5 - EAP Methods MUST add their default registry keys using regsvr32 facility

This test verifies that method should be installed using regsvr32.exe

 

Overview

The test performs the following steps:

  • Uninstall the method using regsvr32.
  • Install the method using regsvr32.

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • If uninstall or install fails.

 

149.3.1 - EAP Methods will produce a human-readable debug tracing log that enables administrators or other users to investigate and determine the cause of failures

This test verifies that EAP method produce human readable trace logs. This test case needs user interaction in DTM client side (Manual).

 

Overview

The test performs the following steps:

  • Checks the status of the trace file.
  • Runs the Authentication session with the method.
  • Ensure that method has written to trace logs.
  • Verify that the trace logs are human readable.

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • As part of authentication method writes non human readable characters to the trace logs.

 

User Interactions

User has to do the following tasks.

  • In the DTM studio schedule the job which has the Test case id as 149.3.1, then at the DTM client the following interactions are needed.

  • Enable the method specific trace (which will be written to C:\windows\tracing) and then press Ok.
  • An authentication session will be run as part of the test case.
  • Disable the method trace and then press Ok.
  • The trace file will be displayed in notepad.
  • Verify whether trace file is human readable or not and then close the file.
  • Enter the appropriate choice (Yes/No) in the dialog box that follows.
  • End of the test case.

 

149.3.2 - EAP Method debug tracing will be turned-off by default

This test verifies that Method tracing should be disabled by default.

 

Overview

The test performs the following steps:

  • Check the state of trace file.
  • Run an authentication session.
  • Check the trace file.

 

Results Interpretation

The test writes the pass/fail results to a log file.

The test fails if:

  • If log gets added during the authentication session.

 

150.3.1 - The EAP Method Binary MUST export all mandatory APIs listed in the ECP EAP method exports requirement

 

Overview

EAP method must export at-least the mandatory set of APIs listed in the legal ECP EAP method exports requirement.

 

Results Interpretation

The test writes the pass/fail results to a log file.

 

150.3.2 - ECP Submissions MUST NOT include any binaries that are expected to execute in kernel-mode. ECP Submissions are expressly prohibited from shipping kernel-mode drivers of any kind (ie., .SYS, etc)

 

Overview

Self explanatory

 

Results Interpretation

The test writes the pass/fail results to a log file.

 

150.3.3 - EAP Method Submissions MUST NOT take a dependency on .NET framework

 

Overview

Self explanatory

 

Results Interpretation

The test writes the pass/fail results to a log file.

 

150.3.4 - EAP Methods MUST demonstrate successful end-to-end authentication

 

Overview

Self explanatory

 

Results Interpretation

The test writes the pass/fail results to a log file.

 

Troubleshooting tips

Make sure your radius server is available and an end-to-end authentication is happening before executing this case. This case will require the use of Connection.XML and a USER.XML to carry out the end to end Authentication.

 

150.3.5 - EAP Method MUST NOT make any assumptions about the underlying transport

 

Overview

Self explanatory

 

Results Interpretation

The test writes the pass/fail results to a log file.

 

Troubleshooting tips

Make sure your radius server is available and an end-to-end authentication is happening before executing this case. This case will require the use of Connection.XML and a USER.XML to carry out the end to end Authentication.

 

150.3.6 - All implemented EAP method APIs will successfully survive comprehensive API fuzz testing without error, including observable resource leaks

 

Overview

Self explanatory

 

Results Interpretation

The test writes the pass/fail results to a log file.

 

Troubleshooting tips

Make sure the location of the method is properly entered in the UI
 

150.3.7 - EAP Methods MUST NOT load any DLLs  or cause to be loaded any DLLs that are not provided with the submission or provided by Windows itself

 

Overview

Self explanatory

 

Results Interpretation

The test writes the pass/fail results to a log file.

 

150.3.8 - EAP Methods MUST NOT initiate, terminate or pass-through any IPC

 

Overview

Network interaction is prohibited for any EAP method. If the method interacts with the network in anyway (initiate, terminate) then this test will fail.

 

Results Interpretation

The test writes the pass/fail results to a log file.

 

150.3.17 - EAP Methods MUST always perform legal state transitions.

 

Overview

Self explanatory

 

Results Interpretation

The test writes the pass/fail results to a log file.

 

151.3.1 – EAP Method Submissions MUST accurately set appropriate security and property descriptor bits for the EAP method.

 

Overview

The method must accept these security descriptor. Our tools will test to verify that the methods actually support these

 

Results Interpretation

The test writes the pass/fail results to a log file.

 

Troubleshooting tips

Please indicate the proper security descriptor during submission. You will be presented with a UI, make sure you click on the checkboxes that correspond to the security descriptors as the method supports

 

153.3.1 – EAP Methods that export keys must export them only to EAPHost and to no other destination. The keys will be delivered directly to the lower layer for consumption and use entirely at that layer. Keys may not be distributed outside of the lower layer per RFC. The keys must be exported in the following manner:

MSK using the MS-MPPE extension.

EMSK using the EMSK extension (Manual).

 

Overview 

The method must not handle key distribution. It's potentially very compromising to handle, store or export  these key

 

Results Interpretation

The test writes the pass/fail results to a log file.


Send feedback on this topic
Built on December 10, 2009
Show:
© 2015 Microsoft