mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
tests: Suite B tests with BoringSSL
Enable appropriate Suite B test cases with BoringSSL. Currently, this means enabling only the 192-bit level ECDSA and ECDHE-RSA since BoringSSL has removed support for DHE and there is no need to support 128-bit level ECDSA anymore. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
c54cc8bb1d
commit
adc5e37a02
@ -18,9 +18,9 @@ def check_suite_b_capa(dev):
|
||||
raise HwsimSkip("BIP-GMAC-128 not supported")
|
||||
if "WPA-EAP-SUITE-B" not in dev[0].get_capability("key_mgmt"):
|
||||
raise HwsimSkip("WPA-EAP-SUITE-B not supported")
|
||||
check_suite_b_tls_lib(dev)
|
||||
check_suite_b_tls_lib(dev, level128=True)
|
||||
|
||||
def check_suite_b_tls_lib(dev):
|
||||
def check_suite_b_tls_lib(dev, dhe=False, level128=False):
|
||||
tls = dev[0].request("GET tls_library")
|
||||
if tls.startswith("GnuTLS"):
|
||||
return
|
||||
@ -31,6 +31,9 @@ def check_suite_b_tls_lib(dev):
|
||||
if "build=OpenSSL " + ver in tls and "run=OpenSSL " + ver in tls:
|
||||
supported = True
|
||||
break
|
||||
if not dhe and not level128 and "build=OpenSSL " + ver in tls and "run=BoringSSL" in tls:
|
||||
supported = True
|
||||
break
|
||||
if not supported:
|
||||
raise HwsimSkip("OpenSSL version not supported for Suite B: " + tls)
|
||||
|
||||
@ -133,14 +136,14 @@ def test_suite_b_radius(dev, apdev):
|
||||
private_key="auth_serv/ec-user.key",
|
||||
pairwise="GCMP", group="GCMP", scan_freq="2412")
|
||||
|
||||
def check_suite_b_192_capa(dev):
|
||||
def check_suite_b_192_capa(dev, dhe=False):
|
||||
if "GCMP-256" not in dev[0].get_capability("pairwise"):
|
||||
raise HwsimSkip("GCMP-256 not supported")
|
||||
if "BIP-GMAC-256" not in dev[0].get_capability("group_mgmt"):
|
||||
raise HwsimSkip("BIP-GMAC-256 not supported")
|
||||
if "WPA-EAP-SUITE-B-192" not in dev[0].get_capability("key_mgmt"):
|
||||
raise HwsimSkip("WPA-EAP-SUITE-B-192 not supported")
|
||||
check_suite_b_tls_lib(dev)
|
||||
check_suite_b_tls_lib(dev, dhe=dhe)
|
||||
|
||||
def suite_b_192_ap_params():
|
||||
params = { "ssid": "test-suite-b",
|
||||
@ -379,7 +382,7 @@ def test_suite_b_192_rsa_dhe(dev, apdev):
|
||||
run_suite_b_192_rsa(dev, apdev, no_ecdh=True)
|
||||
|
||||
def run_suite_b_192_rsa(dev, apdev, no_ecdh=False, no_dhe=False):
|
||||
check_suite_b_192_capa(dev)
|
||||
check_suite_b_192_capa(dev, dhe=no_ecdh)
|
||||
dev[0].flush_scan_cache()
|
||||
params = suite_b_192_rsa_ap_params()
|
||||
if no_ecdh:
|
||||
@ -458,7 +461,7 @@ def test_suite_b_192_rsa_insufficient_key(dev, apdev):
|
||||
|
||||
def test_suite_b_192_rsa_insufficient_dh(dev, apdev):
|
||||
"""WPA2/GCMP-256 connection at Suite B 192-bit level and RSA with insufficient DH key length"""
|
||||
check_suite_b_192_capa(dev)
|
||||
check_suite_b_192_capa(dev, dhe=True)
|
||||
dev[0].flush_scan_cache()
|
||||
params = suite_b_192_rsa_ap_params()
|
||||
params["tls_flags"] = "[SUITEB-NO-ECDH]"
|
||||
@ -535,7 +538,7 @@ def test_suite_b_192_rsa_dhe_radius_rsa2048_client(dev, apdev):
|
||||
run_suite_b_192_rsa_radius_rsa2048_client(dev, apdev, False)
|
||||
|
||||
def run_suite_b_192_rsa_radius_rsa2048_client(dev, apdev, ecdhe):
|
||||
check_suite_b_192_capa(dev)
|
||||
check_suite_b_192_capa(dev, dhe=not ecdhe)
|
||||
dev[0].flush_scan_cache()
|
||||
params = suite_b_as_params()
|
||||
params['ca_cert'] = 'auth_serv/rsa3072-ca.pem'
|
||||
|
Loading…
Reference in New Issue
Block a user