mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
tests: PKCS#12 use for EAP-TLS
Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
9f8994c623
commit
2d10eb0efd
BIN
tests/hwsim/auth_serv/user.pkcs12
Normal file
BIN
tests/hwsim/auth_serv/user.pkcs12
Normal file
Binary file not shown.
@ -23,7 +23,8 @@ def eap_connect(dev, ap, method, identity, anonymous_identity=None,
|
||||
fragment_size=None, expect_failure=False,
|
||||
local_error_report=False,
|
||||
ca_cert2=None, client_cert2=None, private_key2=None,
|
||||
pac_file=None, subject_match=None, altsubject_match=None):
|
||||
pac_file=None, subject_match=None, altsubject_match=None,
|
||||
private_key_passwd=None):
|
||||
hapd = hostapd.Hostapd(ap['ifname'])
|
||||
id = dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
|
||||
eap=method, identity=identity,
|
||||
@ -37,7 +38,8 @@ def eap_connect(dev, ap, method, identity, anonymous_identity=None,
|
||||
ca_cert2=ca_cert2, client_cert2=client_cert2,
|
||||
private_key2=private_key2, pac_file=pac_file,
|
||||
subject_match=subject_match,
|
||||
altsubject_match=altsubject_match)
|
||||
altsubject_match=altsubject_match,
|
||||
private_key_passwd=private_key_passwd)
|
||||
eap_check_auth(dev, method, True, sha256=sha256,
|
||||
expect_failure=expect_failure,
|
||||
local_error_report=local_error_report)
|
||||
@ -325,6 +327,28 @@ def test_ap_wpa2_eap_tls(dev, apdev):
|
||||
private_key="auth_serv/user.key")
|
||||
eap_reauth(dev[0], "TLS")
|
||||
|
||||
def test_ap_wpa2_eap_tls_pkcs12(dev, apdev):
|
||||
"""WPA2-Enterprise connection using EAP-TLS and PKCS#12"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||
eap_connect(dev[0], apdev[0], "TLS", "tls user", ca_cert="auth_serv/ca.pem",
|
||||
private_key="auth_serv/user.pkcs12",
|
||||
private_key_passwd="whatever")
|
||||
dev[0].request("REMOVE_NETWORK all")
|
||||
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
|
||||
identity="tls user",
|
||||
ca_cert="auth_serv/ca.pem",
|
||||
private_key="auth_serv/user.pkcs12",
|
||||
wait_connect=False, scan_freq="2412")
|
||||
ev = dev[0].wait_event(["CTRL-REQ-PASSPHRASE"])
|
||||
if ev is None:
|
||||
raise Exception("Request for private key passphrase timed out")
|
||||
id = ev.split(':')[0].split('-')[-1]
|
||||
dev[0].request("CTRL-RSP-PASSPHRASE-" + id + ":whatever")
|
||||
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=10)
|
||||
if ev is None:
|
||||
raise Exception("Connection timed out")
|
||||
|
||||
def test_ap_wpa2_eap_tls_neg_incorrect_trust_root(dev, apdev):
|
||||
"""WPA2-Enterprise negative test - incorrect trust root"""
|
||||
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
|
||||
|
@ -572,7 +572,8 @@ class WpaSupplicant:
|
||||
wait_connect=True, only_add_network=False,
|
||||
ca_cert2=None, client_cert2=None, private_key2=None,
|
||||
scan_ssid=None, raw_psk=None, pac_file=None,
|
||||
subject_match=None, altsubject_match=None):
|
||||
subject_match=None, altsubject_match=None,
|
||||
private_key_passwd=None):
|
||||
logger.info("Connect STA " + self.ifname + " to AP")
|
||||
id = self.add_network()
|
||||
if ssid:
|
||||
@ -614,6 +615,9 @@ class WpaSupplicant:
|
||||
self.set_network_quoted(id, "client_cert", client_cert)
|
||||
if private_key:
|
||||
self.set_network_quoted(id, "private_key", private_key)
|
||||
if private_key_passwd:
|
||||
self.set_network_quoted(id, "private_key_passwd",
|
||||
private_key_passwd)
|
||||
if ca_cert2:
|
||||
self.set_network_quoted(id, "ca_cert2", ca_cert2)
|
||||
if client_cert2:
|
||||
|
Loading…
Reference in New Issue
Block a user