| ID | Title | Function Name | Test Steps | Expected Result |
| Auth_1 | Verify EAP-MD5 authentication | test_eap_md5 | 1. Send EAPOL start message from the client. 2. Send EAP response with identity. 3. Send EAP response with MD5 challenge | 1. Got EAP Request for identity. 2. Got EAP request for MD5 challenge. 3. EAP success message should be seen. |
| Auth_2 | Verify EAP-MD5 authentication with wrong password | test_eap_md5_wrg_password | 1. Send EAPOL start message from the client. 2. Send EAP response. 3. Send EAP response with MD5 challenge with wrong password | 1. Got EAP Request for identity. 2. Got EAP request for MD5 challenge. 3. EAP failure message should be seen. |
| Auth_3 | Verify EAP-MD5 authentication with wrong challenge | | 1. Send EAPOL start message from the client. 2. Send EAP response. 3. Send EAP response with MD5 challenge with wrong challenge | 1. Got EAP Request for identity. 2. Got EAP request for MD5 challenge. 3. EAP failure message should be seen. |
| Auth_4 | Verify EAP-TLS authentication | test_eap_tls | 1. Send EAPOL start message from the client. 2. Send EAP response with identity. 3. Send Client Hello TLS payload . 4. Send Client Hello TLS Certificate. 5. Send Client TLS Finished | 1. Got EAP Request for identity. 2. Got hello request for id. 3. Got cert request. 4. Got change cipher request from server 5. EAP-TLS success message should be seen. |
| Auth_5 | Verify EAP-TLS authentication with empty TLS client certification | test_eap_tls_noCrt | 1. Send EAPOL start message from the client 2. Send EAP response with identity. 3. Send Client Hello TLS payload . 4. Send an empty Client Hello TLS Certificate | 1. Got EAP Request for identity. 2. Got hello request for id. 3. Got cert request. 4. Access reject message should be seen from ONOS or socket should get timed out. |
| Auth_6 | Verify EAP-TLS authentication with Invalid client certification | test_eap_tls_InvalidCrt | 1. Send EAPOL start message from the client . 2. Send EAP response with identity. 3. Send Client Hello TLS payload . 4. Send an invalid Client Hello TLS Certificate | 1. Got EAP Request for identity. 2. Got hello request for id. 3. Got cert request. 4. Access reject message should be seen from ONOS or socket should get timed out. |
| Auth_7 | Verify EAP-TLS authentication with self signed client certification | test_eap_tls_Self_Signed_Crt | 1. Send EAPOL start message from the client . 2. Send EAP response with identity. 3. Send Client Hello TLS payload . 4. Send Self signed Client Hello TLS Certificate. | 1. Got EAP Request for identity. 2. Got hello request for id. 3. Got cert request. 4. Access reject message should be seen from ONOS or socket should get timed out. |
| Auth_8 | Verify EAP-TLS authentication with 2 RGs having the same valid TLS certificate | test_eap_tls_2RGs_SameValid_Crt | 1.Let one RG start with EAPOL message using the valid TLS certificate. 2. Let 2nd RG start with EAPOL message using the same TLS certificate. | Access reject message should be seen from ONOS or socket should get timed out. |
| Auth_9 | Verify tls authentication fails with invalid session id | test_eap_tls_invalid_session_id | 1. Initiate tls authentication process with invalid session id | Authentication should get fail |
| Auth_10 | Verify random gmt_unit_time field in tls hello | test_eap_tls_random_gmt_unix_time | Initiate tla authentication process with gmt_unix_time value set to random value | Authentication should get success if gmt_unix_time in within range |
| Auth_11 | Verify authentication with invalid content type in tls hello | test_eap_tls_invalid_content_type | Initiate tls authentication with invalid content type in tls hello | Authentication should get failed |
| Auth_12 | Verify tls authentication with invalid fragment length field in tls record packet | test_eap_tls_invalid_record_fragment_length | Initiate tls authentication process with invalid fragment length in tls record | Authentication should get failed |
| Auth_13 | Verify tls authentication with invalid id in identifier response packet | test_eap_tls_with_invalid_id_in_identifier_response_packet | Initiate tls authentication process with invalid id in identifier response packet | Authentication should get failed |
| Auth_14 | Verify tls authentication with invalid id in client hello packet | test_eap_tls_with_invalid_id_in_client_hello_packet | Initiate tls authentication process with invalid id in client hello packet | Authentication should get failed |
| Auth_15 | Verify tls authentication without sending client hello packet | test_eap_tls_without_sending_client_hello | Initiate tls authentication without sending client hello packet | Authentication should get failed |
| Auth_16 | Verify tls authentication with app deactivated | test_eap_tls_aaa_app_deactivate | Initiate tls authentication with app deactivation | Authentication should get failed |
| Auth_17 | Verify tls authentication with incorrect cipher suite length field | test_eap_tls_incorrect_cipher_suite_length_field | Initiate tls authentication with invalid cipher suite length field | Authentication should get failed |
| Auth_18 | Verify tls authentication with incorrect compression method field length in tls hello | test_eap_tls_incorrect_compression_methods_length_field | Initiate tls authentication with incorrect compression length field in tls hello | Authentication should get failed |
| Auth_19 | Verify tls authentication with broadcast source mac | test_eap_tls_invalid_source_mac_broadcast | Initiate tls authentication process with client mac broadcast | Authentication should get failed |
| Auth_20 | Verify tls authentication with multicast source mac | test_eap_tls_invalid_source_mac_multicast | Initiate tls authentication process with client mac multicast | Authentication should get failed |
| Auth_21 | Verify tls authentication with all 0’s source mac | test_eap_tls_invalid_source_mac_zero | Initiate tls authentication process with client mac all 0’s | Authentication should get failed |
| Auth_22 | Verify tls authentication if radius server restarts in middle of auth process | test_eap_tls_restart_radius_server | Initiate tls authentication process and restart radius server in middle of auth process | Authentication should get failed |
| Auth_23 | Verify tls authentication with incorrect tls hello handshake type | test_eap_tls_with_incorrect_handshake_type_client_hello | Initiate tls authentication process with incorrect hello handshake type | Authentication should get failed |
| Auth_24 | Verify tls authentication with incorrect tls hello handshake type certificate request | test_eap_tls_with_incorrect_handshake_type_certificate_request | Initiate tls authentication process with incorrect hello handshake type | Authentication should get failed |
| Auth_25 | Verify tls authentication with incorrect tls hello tls record certificate request | test_eap_tls_with_incorrect_tlsrecord_certificate_request | Initiate tls authentication process with incorrect tls record certificate request | Authentication should get failed |
| Auth_26 | Verify tls authentication with invalid handshake length in client hello | test_eap_tls_invalid_handshake_length_client_hello | Initiate tls authentication with invalid handshake length in client hello | Authentication should get failed |
| Auth_27 | Verify tls authentication with client key exchange with server key exchange | test_eap_tls_clientkeyex_replace_with_serverkeyex | Initiate tls authentication process with client key exchange replaced with server key exchange | Authentication should get failed |
| Auth_28 | Verify tls authentication for 1000 users | test_eap_tls_1k_with_diff_mac | Initiate tls authentication for 1000 clients | Authentication should get success for all 1000 clients |
| Auth_29 | Verify tls authentication for 5000 clients | test_eap_tls_5k_with_diff_mac | Initiate tls authentication for 5000 clients | Authentication should get success for all 5000 clients |