Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-18 02:44:03 -05:00
Code Issues Projects Releases Wiki Activity

tests: EAP-TLS with OCSP

Browse Source 
Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-01-08 17:45:56 +02:00
parent 2d10eb0efd
commit d4c7a2b9e6
5 changed files with 45 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tests/hwsim/auth_serv/as.conf
View File

@ -6,6 +6,7 @@ eap_user_file=auth_serv/eap_user.conf
ca_cert=auth_serv/ca.pem ca_cert=auth_serv/ca.pem
server_cert=auth_serv/server.pem server_cert=auth_serv/server.pem
private_key=auth_serv/server.key private_key=auth_serv/server.key
ocsp_stapling_response=auth_serv/ocsp-server-cache.der
server_id=server.w1.fi server_id=server.w1.fi
eap_sim_db=unix:/tmp/hlr_auc_gw.sock eap_sim_db=unix:/tmp/hlr_auc_gw.sock
dh_file=auth_serv/dh.conf dh_file=auth_serv/dh.conf

BIN
tests/hwsim/auth_serv/ocsp-server-cache.der Normal file
View File

Binary file not shown.

BIN
tests/hwsim/auth_serv/ocsp-server-cache.der-invalid Normal file
View File

Binary file not shown.

43
tests/hwsim/test_ap_eap.py
View File

@ -24,7 +24,7 @@ def eap_connect(dev, ap, method, identity, anonymous_identity=None,
local_error_report=False, local_error_report=False,
ca_cert2=None, client_cert2=None, private_key2=None, ca_cert2=None, client_cert2=None, private_key2=None,
pac_file=None, subject_match=None, altsubject_match=None, pac_file=None, subject_match=None, altsubject_match=None,
private_key_passwd=None): private_key_passwd=None, ocsp=None):
hapd = hostapd.Hostapd(ap['ifname']) hapd = hostapd.Hostapd(ap['ifname'])
id = dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256", id = dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
eap=method, identity=identity, eap=method, identity=identity,
@ -39,7 +39,8 @@ def eap_connect(dev, ap, method, identity, anonymous_identity=None,
private_key2=private_key2, pac_file=pac_file, private_key2=private_key2, pac_file=pac_file,
subject_match=subject_match, subject_match=subject_match,
altsubject_match=altsubject_match, altsubject_match=altsubject_match,
private_key_passwd=private_key_passwd) private_key_passwd=private_key_passwd,
ocsp=ocsp)
eap_check_auth(dev, method, True, sha256=sha256, eap_check_auth(dev, method, True, sha256=sha256,
expect_failure=expect_failure, expect_failure=expect_failure,
local_error_report=local_error_report) local_error_report=local_error_report)
@ -838,3 +839,41 @@ def test_ap_wpa2_eap_fast_gtc_auth_prov(dev, apdev):
phase1="fast_provisioning=2", pac_file="blob://fast_pac_auth") phase1="fast_provisioning=2", pac_file="blob://fast_pac_auth")
hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname']) hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
eap_reauth(dev[0], "FAST") eap_reauth(dev[0], "FAST")
def test_ap_wpa2_eap_tls_ocsp(dev, apdev):
"""WPA2-Enterprise connection using EAP-TLS and verifying OCSP"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hostapd.add_ap(apdev[0]['ifname'], params)
eap_connect(dev[0], apdev[0], "TLS", "tls user", ca_cert="auth_serv/ca.pem",
private_key="auth_serv/user.pkcs12",
private_key_passwd="whatever", ocsp=2)
def test_ap_wpa2_eap_tls_ocsp_invalid(dev, apdev):
"""WPA2-Enterprise connection using EAP-TLS and invalid OCSP response"""
params = { "ssid": "test-wpa2-eap", "wpa": "2", "wpa_key_mgmt": "WPA-EAP",
"rsn_pairwise": "CCMP", "ieee8021x": "1",
"eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf",
"ca_cert": "auth_serv/ca.pem",
"server_cert": "auth_serv/server.pem",
"private_key": "auth_serv/server.key",
"ocsp_stapling_response": "auth_serv/ocsp-server-cache.der-invalid" }
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
identity="tls user", ca_cert="auth_serv/ca.pem",
private_key="auth_serv/user.pkcs12",
private_key_passwd="whatever", ocsp=2,
wait_connect=False, scan_freq="2412")
count = 0
while True:
ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS"])
if ev is None:
raise Exception("Timeout on EAP status")
if 'bad certificate status response' in ev:
break
count = count + 1
if count > 10:
raise Exception("Unexpected number of EAP status messages")
ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
if ev is None:
raise Exception("Timeout on EAP failure report")

4
tests/hwsim/wpasupplicant.py
View File

@ -573,7 +573,7 @@ class WpaSupplicant:
ca_cert2=None, client_cert2=None, private_key2=None, ca_cert2=None, client_cert2=None, private_key2=None,
scan_ssid=None, raw_psk=None, pac_file=None, scan_ssid=None, raw_psk=None, pac_file=None,
subject_match=None, altsubject_match=None, subject_match=None, altsubject_match=None,
private_key_passwd=None): private_key_passwd=None, ocsp=None):
logger.info("Connect STA " + self.ifname + " to AP") logger.info("Connect STA " + self.ifname + " to AP")
id = self.add_network() id = self.add_network()
if ssid: if ssid:
@ -649,6 +649,8 @@ class WpaSupplicant:
self.set_network(id, "scan_ssid", scan_ssid) self.set_network(id, "scan_ssid", scan_ssid)
if pac_file: if pac_file:
self.set_network_quoted(id, "pac_file", pac_file) self.set_network_quoted(id, "pac_file", pac_file)
if ocsp:
self.set_network(id, "ocsp", str(ocsp))
if only_add_network: if only_add_network:
return id return id
if wait_connect: if wait_connect: