diff --git a/tests/hwsim/auth_serv/server-eku-client-server.key b/tests/hwsim/auth_serv/server-eku-client-server.key new file mode 100644 index 000000000..ce2e5f237 --- /dev/null +++ b/tests/hwsim/auth_serv/server-eku-client-server.key @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMowHv0TagIoUZoO +qR5yfudayMsMfoqZgY0FswmwqYbnrkT64Mfu8xi0MWXjBW9mTuPkhYGbR39ftRYr +sFmRnMVV09PKLIHO8CeoVN4OT9jwEb0LEFY4Jt+pOpUVk6YW7dIetLXAqGGOrhAE +/eYmykoNkEu5rMmU8rFrl2tgJOq9AgMBAAECgYAdONdBvIyVwz4IBhZrUCEHTxe2 +QRgI8CbJOwmlXOMjnFiTn67dNqvr5h89mpIuh5rfVSf2k3rB7hM+IRJb36/Ik7qg +GdktPSEIK/ktUcfofVLaLn+ehG7vXhkkB6juBR7jaXDZRBPvFM+TCtirlaZ5sQ0u +TbSw7m9NcFD2APxgAQJBAPIoCxZCJGpMvh+5ta8EJQVQKhJeMWmDlUQvscKTauWb +aTz0z+OMBGpZH7DWCTww4+/3fjqZt/TURuPSh0ZcACUCQQDVvyPTO3h3R5fig/zV +NV8E0/dCYH6kwsFk0AUIRbMHdaN3sEHWszKG9nTNyPyHhDo8i9jguSjkb9MwdgR7 +BJC5AkBB6/bAs3bYXVXwqwyzvWwamy0o3O2UrNaIvnck4h7arMkkZ/zkFCzriqGe +8VWIRkL3A6ggadJzWwqFYL2kwMzlAkEAhfEdFgUyXCy09PEYwtKLFI9vZlzpf327 +it0ACksDAS2qnhoJZ+0rQH+4eiv0c0dc5wwLf+cHxP5+LOQHsr8NoQJAcsRe+KyX +G0TLKZg/J5E+zJMH6M19BZ4BC32UIMTJWe1xzp+9XrCWflagRJMJ+DOWtHzu/Opo +Ty4OiT0uZUxcMw== +-----END PRIVATE KEY----- diff --git a/tests/hwsim/auth_serv/server-eku-client-server.pem b/tests/hwsim/auth_serv/server-eku-client-server.pem new file mode 100644 index 000000000..4f944554d --- /dev/null +++ b/tests/hwsim/auth_serv/server-eku-client-server.pem @@ -0,0 +1,62 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15624081837803162828 (0xd8d3e3a6cbe3cccc) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Root CA + Validity + Not Before: Feb 28 22:41:44 2014 GMT + Not After : Feb 28 22:41:44 2015 GMT + Subject: C=FI, O=w1.fi, CN=server6.w1.fi + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:ca:30:1e:fd:13:6a:02:28:51:9a:0e:a9:1e:72: + 7e:e7:5a:c8:cb:0c:7e:8a:99:81:8d:05:b3:09:b0: + a9:86:e7:ae:44:fa:e0:c7:ee:f3:18:b4:31:65:e3: + 05:6f:66:4e:e3:e4:85:81:9b:47:7f:5f:b5:16:2b: + b0:59:91:9c:c5:55:d3:d3:ca:2c:81:ce:f0:27:a8: + 54:de:0e:4f:d8:f0:11:bd:0b:10:56:38:26:df:a9: + 3a:95:15:93:a6:16:ed:d2:1e:b4:b5:c0:a8:61:8e: + ae:10:04:fd:e6:26:ca:4a:0d:90:4b:b9:ac:c9:94: + f2:b1:6b:97:6b:60:24:ea:bd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + C7:C6:EF:F5:61:D2:A0:08:81:6A:6B:44:2C:F5:72:F7:DA:DE:5B:B9 + X509v3 Authority Key Identifier: + keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 + + Authority Information Access: + OCSP - URI:http://server.w1.fi:8888/ + + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + Signature Algorithm: sha1WithRSAEncryption + 64:52:09:25:e9:ce:db:1f:fa:81:aa:8a:ed:7e:f7:db:1e:27: + de:a7:41:b3:ab:73:e3:bc:b7:24:ed:5f:a6:88:5b:c8:16:1a: + f9:60:93:0b:d2:3f:5f:ce:3c:8c:50:53:8e:30:ae:0a:f8:0a: + 53:74:d7:37:47:55:81:7d:75:c7:a2:e2:ff:82:bd:55:67:3d: + dd:e3:ca:d6:ef:33:63:2d:f4:65:4f:a2:8c:d5:f1:ac:af:ce: + 02:83:91:37:cc:7c:55:7a:81:9c:c9:46:9e:9c:e6:ce:d5:35: + 6c:f7:2e:08:05:c3:ca:c7:25:8c:e0:ba:4e:4c:fc:d3:a2:5a: + 57:0e +-----BEGIN CERTIFICATE----- +MIIChzCCAfCgAwIBAgIJANjT46bL48zMMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNDAy +MjgyMjQxNDRaFw0xNTAyMjgyMjQxNDRaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK +DAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNi53MS5maTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAyjAe/RNqAihRmg6pHnJ+51rIywx+ipmBjQWzCbCphueuRPrg +x+7zGLQxZeMFb2ZO4+SFgZtHf1+1FiuwWZGcxVXT08osgc7wJ6hU3g5P2PARvQsQ +Vjgm36k6lRWTphbt0h60tcCoYY6uEAT95ibKSg2QS7msyZTysWuXa2Ak6r0CAwEA +AaOBpDCBoTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTHxu/1YdKgCIFqa0Qs9XL32t5b +uTAfBgNVHSMEGDAWgBS4kt79ihizMMOfVfMzXbTIKYpBFDA1BggrBgEFBQcBAQQp +MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8wHQYDVR0l +BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAGRSCSXp +ztsf+oGqiu1+99seJ96nQbOrc+O8tyTtX6aIW8gWGvlgkwvSP1/OPIxQU44wrgr4 +ClN01zdHVYF9dcei4v+CvVVnPd3jytbvM2Mt9GVPoozV8ayvzgKDkTfMfFV6gZzJ +Rp6c5s7VNWz3LggFw8rHJYzguk5M/NOiWlcO +-----END CERTIFICATE----- diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index 532a21df5..5a17077e5 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -959,6 +959,17 @@ def test_ap_wpa2_eap_ttls_server_cert_eku_client(dev, apdev): if ev is None: raise Exception("Timeout on EAP failure report") +def test_ap_wpa2_eap_ttls_server_cert_eku_client_server(dev, apdev): + """WPA2-Enterprise using EAP-TTLS and server cert with client and server EKU""" + params = int_eap_server_params() + params["server_cert"] = "auth_serv/server-eku-client-server.pem" + params["private_key"] = "auth_serv/server-eku-client-server.key" + hostapd.add_ap(apdev[0]['ifname'], params) + dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", + identity="mschap user", password="password", + ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP", + scan_freq="2412") + def test_ap_wpa2_eap_ttls_dh_params(dev, apdev): """WPA2-Enterprise connection using EAP-TTLS/CHAP and setting DH params""" params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")