From 2d10eb0efddba94871e0ee330eea5774fef8f980 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 8 Jan 2014 17:18:22 +0200 Subject: [PATCH] tests: PKCS#12 use for EAP-TLS Signed-hostap: Jouni Malinen --- tests/hwsim/auth_serv/user.pkcs12 | Bin 0 -> 1702 bytes tests/hwsim/test_ap_eap.py | 28 ++++++++++++++++++++++++++-- tests/hwsim/wpasupplicant.py | 6 +++++- 3 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 tests/hwsim/auth_serv/user.pkcs12 diff --git a/tests/hwsim/auth_serv/user.pkcs12 b/tests/hwsim/auth_serv/user.pkcs12 new file mode 100644 index 0000000000000000000000000000000000000000..552476144e19b9419e0c155ac5fb0d0038b92cb3 GIT binary patch literal 1702 zcmY+DdpHw}9>;ex%kYM|gt;cyG+~N3CD%0O7KwMActgpKnCt9#MhLBik;v_JNpxPC zQCWHq8;!=^qTDa@x+O6)*UZuLoO3$okKglqp6}=R{r>uXP-JK&2na@zp<&QNM(Hl; zn=(L2U^y9j8A68o9>ks~GT7<|f|irP1_#km5D;*%kUt0zr4E()_XlYp6eSCRU3W1C3n#+)y*A5}$vWw^p}7y-!1eIdTf|?4KKBC@R(} z0|BFG>SPgx@9D!}tb@86ZSZpx<_krL(Ql&9k!#M`{5G=xfd3t?Gw|_>`PK0Rx2O#k zzOpQQ_pKwu_x0+>sfQfmo+qJK+vlu-jWY0&y6%-*FIA;U?sNle!EXKuaPfYmpqM?V zJ{)m)w-bwOw#0kDJCjdOj{&oVAG*pFpkh#~el1eC>Y;-O(b@`d=oCe6vvi0Tis~jZZ=mL9t;^k+s<3xjEubv(&qhGBD z`iwy<(0-td>DE?h6xf3>Ij<SZ{Lstafvf$VH;Y znLQLU?0KR!BAU@E8~ie)6W3_u%np?B=YYIAhyuJpQ#1 zyzjeu8iNG=L#P8ASSIM37vmnP*ZQrTCD|9wzCF49@+aS?Vx<1x&$2@I>JdPlrNVVp zt-m-b^D;U_T7Jm-=b1paQ(^HSRW8L8O9?-m`Lryv_NYlFDTA-sC;3@cM)+gyN} zvXFWmt)WZz3YH!|G8st6Yf2kuOL$<3Y>%r0_U96rNF}>Hv0A#_SFioJ0ka~{fw1Y~ zyQXiVVl~o1!gd93`U6wLCg)Nq;}NVgiC|^KAa|*OZ=_4HPU)&HSc#QKx!> zojIns9{Yf`J(%Op$7pR$ey;sy{$-WxP=V#S$<%&Hba1@yL}30DS$)2v>BbGTAd^a! zvV5N#ASusi2}s%j%eQGO`RM*G+r$C@^)9THDk%~zXgSr0&wl~Oz&W^iiSn}?ufp_@f znv}eq9ZRjTGlLjoR-ra_{F0#D_1UF-$f`;EpRDeR zR05B*_2N`LtxL16n=dD-9|6psoRihpS5ELcer6#?YjwUv;E4LwML~p$7*1?1@tBAr z`m1uW>ms7s)B=~LBsqj8?UW#CPnUWvDdP`{!71SOZdteTs)ZI4SaReO%-K zDGeBa0Ehd0WLv#^fdZ2ZTYWOVb1_%Np3jCSek@21Hwf`3!10R+E literal 0 HcmV?d00001 diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index 3559f3b79..0c29a9379 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -23,7 +23,8 @@ def eap_connect(dev, ap, method, identity, anonymous_identity=None, fragment_size=None, expect_failure=False, local_error_report=False, ca_cert2=None, client_cert2=None, private_key2=None, - pac_file=None, subject_match=None, altsubject_match=None): + pac_file=None, subject_match=None, altsubject_match=None, + private_key_passwd=None): hapd = hostapd.Hostapd(ap['ifname']) id = dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256", eap=method, identity=identity, @@ -37,7 +38,8 @@ def eap_connect(dev, ap, method, identity, anonymous_identity=None, ca_cert2=ca_cert2, client_cert2=client_cert2, private_key2=private_key2, pac_file=pac_file, subject_match=subject_match, - altsubject_match=altsubject_match) + altsubject_match=altsubject_match, + private_key_passwd=private_key_passwd) eap_check_auth(dev, method, True, sha256=sha256, expect_failure=expect_failure, local_error_report=local_error_report) @@ -325,6 +327,28 @@ def test_ap_wpa2_eap_tls(dev, apdev): private_key="auth_serv/user.key") eap_reauth(dev[0], "TLS") +def test_ap_wpa2_eap_tls_pkcs12(dev, apdev): + """WPA2-Enterprise connection using EAP-TLS and PKCS#12""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hostapd.add_ap(apdev[0]['ifname'], params) + eap_connect(dev[0], apdev[0], "TLS", "tls user", ca_cert="auth_serv/ca.pem", + private_key="auth_serv/user.pkcs12", + private_key_passwd="whatever") + dev[0].request("REMOVE_NETWORK all") + dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS", + identity="tls user", + ca_cert="auth_serv/ca.pem", + private_key="auth_serv/user.pkcs12", + wait_connect=False, scan_freq="2412") + ev = dev[0].wait_event(["CTRL-REQ-PASSPHRASE"]) + if ev is None: + raise Exception("Request for private key passphrase timed out") + id = ev.split(':')[0].split('-')[-1] + dev[0].request("CTRL-RSP-PASSPHRASE-" + id + ":whatever") + ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=10) + if ev is None: + raise Exception("Connection timed out") + def test_ap_wpa2_eap_tls_neg_incorrect_trust_root(dev, apdev): """WPA2-Enterprise negative test - incorrect trust root""" params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py index 366d2d925..6c1bb584a 100644 --- a/tests/hwsim/wpasupplicant.py +++ b/tests/hwsim/wpasupplicant.py @@ -572,7 +572,8 @@ class WpaSupplicant: wait_connect=True, only_add_network=False, ca_cert2=None, client_cert2=None, private_key2=None, scan_ssid=None, raw_psk=None, pac_file=None, - subject_match=None, altsubject_match=None): + subject_match=None, altsubject_match=None, + private_key_passwd=None): logger.info("Connect STA " + self.ifname + " to AP") id = self.add_network() if ssid: @@ -614,6 +615,9 @@ class WpaSupplicant: self.set_network_quoted(id, "client_cert", client_cert) if private_key: self.set_network_quoted(id, "private_key", private_key) + if private_key_passwd: + self.set_network_quoted(id, "private_key_passwd", + private_key_passwd) if ca_cert2: self.set_network_quoted(id, "ca_cert2", ca_cert2) if client_cert2: