Accueil Explorer Aide
S'inscrire Connexion
wareck
/
krackattacks
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

tests: DH parameter file DSA conversion and error cases

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen il y a 9 ans
Parent
0c83ae0469
commit
b3ff3decf6
2 fichiers modifiés avec 75 ajouts et 0 suppressions
Vue séparée Afficher les stats Diff
  1. 11 0
      tests/hwsim/auth_serv/dsaparam.pem
  2. 64 0
      tests/hwsim/test_ap_eap.py

+ 11 - 0
tests/hwsim/auth_serv/dsaparam.pem
Voir le fichier 

@@ -0,0 +1,11 @@
 
+-----BEGIN DSA PARAMETERS-----
 
+MIIBngKBwQCKGwQSQa8/VqJBvFDwpbJTEgQ2myTzbDCZqZof9EBBO5KlbUfgFZfY
 
+szSaZAWPok0mG9BRGoJgtajJruLU6lvoZ94FgGPhRrOZWd0wT6kiySRz4nv9kEMK
 
+Ch83zLQ+i1IdRFozP4k+9YHlAVL354zU+O5USxNMuhPVab4MPsl9I7gZmEQmisHA
 
+fwQOLppTrILuqNtVOqpRogKhVnvQITqV3VsRYV0JVersx48olOqtPGQKKewiJFJp
 
+n7fwGC208/sCFQD4vIUetIr4LGLwm3D/Y5HxNMyFFwKBwC7b0nT/lb1+z86vKg3v
 
+Cyy40D03ezYgmlwV+xObadfMmciwxK98DX763dFsY9omd6csFho1xGfSFRj8Bkv6
 
+rbumVtoZGurdRxU4ADJf4SF5MuK2rJ9jg4Wz6F1BhHEKtoubINlk3fyZWPx0sjkm
 
+t2IJlFY4rfbTI8ETrPrE+zb53tiaundB72cUWmZY/gRuaXh7lRzpMVr71+OedLU6
 
+VkIHXOG/nnb48hZfGohKvWTAp/wkb2w/dCdeGKgVZn3FzA==
 
+-----END DSA PARAMETERS-----

+ 64 - 0
tests/hwsim/test_ap_eap.py
Voir le fichier 

@@ -2663,6 +2663,45 @@ def test_ap_wpa2_eap_ttls_dh_params(dev, apdev):
 
                 ca_cert="auth_serv/ca.der", phase2="auth=CHAP",
 
                 dh_file="auth_serv/dh.conf")
 
 
+def test_ap_wpa2_eap_ttls_dh_params_dsa(dev, apdev):
 
+    """WPA2-Enterprise connection using EAP-TTLS and setting DH params (DSA)"""
 
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
 
+    hostapd.add_ap(apdev[0]['ifname'], params)
 
+    eap_connect(dev[0], apdev[0], "TTLS", "chap user",
 
+                anonymous_identity="ttls", password="password",
 
+                ca_cert="auth_serv/ca.der", phase2="auth=CHAP",
 
+                dh_file="auth_serv/dsaparam.pem")
 
+
 
+def test_ap_wpa2_eap_ttls_dh_params_not_found(dev, apdev):
 
+    """EAP-TTLS and DH params file not found"""
 
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
 
+    hostapd.add_ap(apdev[0]['ifname'], params)
 
+    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
 
+                   identity="mschap user", password="password",
 
+                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
 
+                   dh_file="auth_serv/dh-no-such-file.conf",
 
+                   scan_freq="2412", wait_connect=False)
 
+    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
 
+    if ev is None:
 
+        raise Exception("EAP failure timed out")
 
+    dev[0].request("REMOVE_NETWORK all")
 
+    dev[0].wait_disconnected()
 
+
 
+def test_ap_wpa2_eap_ttls_dh_params_invalid(dev, apdev):
 
+    """EAP-TTLS and invalid DH params file"""
 
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
 
+    hostapd.add_ap(apdev[0]['ifname'], params)
 
+    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
 
+                   identity="mschap user", password="password",
 
+                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
 
+                   dh_file="auth_serv/ca.pem",
 
+                   scan_freq="2412", wait_connect=False)
 
+    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
 
+    if ev is None:
 
+        raise Exception("EAP failure timed out")
 
+    dev[0].request("REMOVE_NETWORK all")
 
+    dev[0].wait_disconnected()
 
+
 
 def test_ap_wpa2_eap_ttls_dh_params_blob(dev, apdev):
 
     """WPA2-Enterprise connection using EAP-TTLS/CHAP and setting DH params from blob"""
 
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
 
@@ -2684,6 +2723,31 @@ def test_ap_wpa2_eap_ttls_dh_params_server(dev, apdev):
 
                 anonymous_identity="ttls", password="password",
 
                 ca_cert="auth_serv/ca.der", phase2="auth=CHAP")
 
 
+def test_ap_wpa2_eap_ttls_dh_params_dsa_server(dev, apdev):
 
+    """WPA2-Enterprise using EAP-TTLS and alternative server dhparams (DSA)"""
 
+    params = int_eap_server_params()
 
+    params["dh_file"] = "auth_serv/dsaparam.pem"
 
+    hostapd.add_ap(apdev[0]['ifname'], params)
 
+    eap_connect(dev[0], apdev[0], "TTLS", "chap user",
 
+                anonymous_identity="ttls", password="password",
 
+                ca_cert="auth_serv/ca.der", phase2="auth=CHAP")
 
+
 
+def test_ap_wpa2_eap_ttls_dh_params_not_found(dev, apdev):
 
+    """EAP-TLS server and dhparams file not found"""
 
+    params = int_eap_server_params()
 
+    params["dh_file"] = "auth_serv/dh-no-such-file.conf"
 
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True)
 
+    if "FAIL" not in hapd.request("ENABLE"):
 
+        raise Exception("Invalid configuration accepted")
 
+
 
+def test_ap_wpa2_eap_ttls_dh_params_invalid(dev, apdev):
 
+    """EAP-TLS server and invalid dhparams file"""
 
+    params = int_eap_server_params()
 
+    params["dh_file"] = "auth_serv/ca.pem"
 
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True)
 
+    if "FAIL" not in hapd.request("ENABLE"):
 
+        raise Exception("Invalid configuration accepted")
 
+
 
 def test_ap_wpa2_eap_reauth(dev, apdev):
 
     """WPA2-Enterprise and Authenticator forcing reauthentication"""
 
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")