Kernel/iwd
3
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-25 09:39:25 +01:00
Code Releases Activity

autotests: Test encrypted private keys with EAP-TLS

Browse Source 
Make 3 connections in test EAP-TLS, one with an unencrypted private key,
one with the private key passphrase provided in the provisioning file
and one with the passphrase provided through the agent.  Also improve
the scanning logic at the beginning.
This commit is contained in:
Andrew Zaborowski 2018-04-26 11:29:27 +02:00 committed by Denis Kenzior
parent 56d3d40f30
commit 25a9d2a71f
8 changed files with 134 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
autotests/misc/certs/cert-client-key-md5-des.pem Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIE6TAbBgkqhkiG9w0BBQMwDgQI4Jws4ZHp7oQCAggABIIEyGImScBCorOX2u/F
ISGvMBLavYPfA1f349fcfPfjbMeTLtrubuFfSYJDrB1KaP4oWsK3RA8AjuNtP49N
fWjaAD6E9YTcNPVODgqNaoeslatqszPEqsqfx+vz1inTc+dyZ8ZYTWDlWAFSC33B
k6z5CX68YdujTI9hBtkwAJuCoSSIKJNM7duSXzlxM3IfCfzRn4BuO+8usdxqrc5A
p1R+LvDehIeOrQxkpJE3oHPq1xcCG4/WOnHWwRlmHmQIc2Z+ZLdgFjXYLvmNG58B
PcBAxWjppmZZMXiMqIoZxqQ7hBhwqI2wxCFYAihf4cgn6bT37sv0CeNPjRHfftpr
3tWgSeqLbov7Sfm5f1tq3AhJ3om8aaHEL8vUexs0j9mKhJyM0gyel+d1pHSi9/Ka
U/qNk2KzhZl4+/p7ngjkK8or7IDgbRQWzRXac6uxnvhDRuCZWWAjgzq7A9KdjMCf
T0+OX9USpOl2/cQSeKdRY5xKLBudQGilMvKZwd+rxBMkDBCwl+fj5HX1Tcj085kv
CSEOpA90HvqI9VvdxPw0KKWTc/d3FgWKVVzEqtVUCbtDGXZnv3Kt9F05zoX/wL2k
PkCd7yQouCYxPevVVz1kus5mwWHaZbEUW6S9GUSeZXs/Itb9Jwl9X6m1G9e393U+
FQb95dfDzP1zQzemLJ+Iu6rkmKNC6x1pC+hNG3jy5QRoQ9wB4WV4q3JRHFUECEgd
CAN52Saz9f7qt1MmoNPM0fSS+ovh08KoABEI7mp8s9fFj0b7x9h/zlRgigNKp+JE
N9/51OSopajlse0ly+1zb8I2iOGeA3U4cvZG5mEP+kstJvdD4PYgx9cWDm6EDKmN
4nIL48aNoWFxa7MGJsmQo56QmGAxG7lZusVu4lYUvHQsmqDQWhqBz1k/f4GzioN0
7wslyuElIrZyRugYdh+Epy7WbXRi9nBhwuWpOx8TnwOszWIfJT7NLWH+/SaVzuG4
IsR1gnaQ5HLPyXxuaJkzcZs7EOG5S5MT7tDW9i72RZUiUPGztmhOLxkYrH/r3UCa
8Agc1nYXs8VH9sV+LMMGdCVoY/RwJvZwf13fqnLcmIA4iI8cDf1beUVm1JvdgIL/
5Pbxyh2sAzyk/DIFD6yCQUacBKkR3EAXPG9gm5jebjHOU+gxSt69e3jgA1BvuoS5
S3xLePrZnGZuPjM2PQX6LW1wWBtNlhbqWAkyeL3YwEwv2FjluFqALB/He/MaNly3
UXFULImo8C/2UF9y9hgoSuamFqlKtgaNBUlqNPxX0EQmyCuqBEGYaouZ2TzPfZ44
Jf6p6sQZeEmklEIDkaC9DvAGU7DPRfxolLpYHvdHQTwnjKMbFkg7FSAzzdNiKKeR
nEnCkaofA2FASfQaZvOkewACaZfqJ1FCSsoetYq2Ulf8o1f8j/QM+JIq4p0DIybz
4gsBmg05xufNiZNqZrrFc0/HcZkT3ahgtY+TMzU8d0hAS7roFNlM2lpaE69HJeTZ
rhRO7/VAU2Kb0bQI5UWe4yfvbPBmmaxw06lPahlBAEgqeULwfVWBPafjSyq8vPag
9RzpwSASqL6dv89qdOPE0JioA9xZ3cemlVOgqzd04AkdnDf3flGCJa6O9BujGm72
8t0TmXLstK7YNaxQYA==
-----END ENCRYPTED PRIVATE KEY-----

30
autotests/misc/certs/cert-client-key-v2-des-ede3.pem Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIVG6rLrQ+fVgCAggA
MBQGCCqGSIb3DQMHBAizDQ76m4Q4ZQSCBMh50R/dRYR4agewBCpNNVYIHV/wotfZ
PhhwcJQFZMmp50rCI9rh13w8TSr+KDreXTY+XzvqFS7fbB0JV3QWlv2wvqkAFXoJ
CYlE40WXg5Qd2H849IyLEil8J5mvoZohDZYNk82zi+PSvkvxJ8d1RJIiHHhmReeC
0+rDHd9C+Xr2MVBOMA+gimx/P3qtS4jI0qjmzyUiorHa9lvY5qzxbMibi4mEAjBy
VWviWHszpCwKVapODFlG2r5R2wvmhp4GUGSigi7KtL7hijEbsh4CW2RqYLR733Nx
WdsyIc4sD3908ttfQSmsSt6vchAMkelwFizGSEFLMsCne3MGjVsLpVitg6nswl6N
pvngZu0zaggWFVPRIt+vIimeHrujzoiUuzDizjOVzCiyRkrFuJEMwN3l/AaSxUiG
lOWga1Eb+McH3oJNU1WtrL7gDwfmKFc26D7xNMnGLcdYxfM1F98XfM3FVswaHdC7
0uTmEmMdhpoNw4CWai37NpigW01cDnxMMpFuX0yTU8GUU/JkBgZ4NHE1sTZrFiOf
mMr83waumMGwwChhZAd1qDRB35c1HLvVqBt3HkdcyCZP1JBxG4QLrw7IVzG+knlj
QdrBC/lDNA15wG27v5hRUVEoeFRJkOllUlSqfh0PmJw2t32BP8dS6EsM8eTpnQ7R
ysqO5CVZ3WTNFwIZ7wD8zmaBOamkZ1OzOluYFL5sBHGRM05pSEsYOivsi7tlp5Gj
ZQjR+qSKLT34R4QxWhziWgNC/ynjVuWNWX67p1T/ngsM9kGa6cm84XbHQL7CqUyX
H7vOWtWHGCclS1Ori5vjFP8/qdOVGMpiKnX8HvoBv6zxJvfMYNAz39MMewlfHdCa
vEvBVwxLYRxbaL1IGNUebXVyn7JNRhuDm1SDNU1ADj8GW4AL5+22D9xArz8Lnkrj
+lvHm1NMIckciFYHraKmIPeJLiLIxDJ1SX+WgJGLo+P0W2TJLHAnQl5a1KzJOsIq
/y35Q4mFLX0JE4mzAj2S1bsVate4FZpnKqVT0mfN5/UPSnQOpJKRSTYV9QJm1mGb
gtdvwSvSniyjSSP/MAB+M7C0N4syC4N4sXYXJTKcM3CN/tN4ASycpkWRvXXLWRsj
BuQq9z50ojdnx+twu2eG3eYRAGjEW7yOD3GHPQOtCx3IQDptmzYf2v4rk9x+IFfT
L0ZfmyVevXgm9zjHI9s64Ok1g/6SL8lO+wszfjDs1zEgrMRfoVoKOBrWN7fYKiKi
GBUeaZ9HgcM1ha/a63N1LPK9OPR2w4qh+DpCLpfvhzZN6IRv1oFddws8jwye1pJb
1Po33NxHUfsOTX+lpc61NOEua7s3/Wu5gm0jBrX5c/aKCfXMsJHzW+0wl4SAXDog
3Cl29/NAMSQDpQP9A91QSwHYkyzk4rBLcrbx6bQfFSHOqdl2dto+UJfiz+5PzD7s
I7k72LGzrfIOq4brLbrLIGwj/ani/vvSZnXYzx3uUeP9w1EZSgNKC9HLBW7lyav3
IlY7HAO2GMVlIdzynHPT3wMXtLqf/ykO+tkrEF4LjOu9r+cdhCxHum22vlgZKL7J
J044ViKBro0CWL1wajpFQOvG/BG4VDJ/dfGee0iBr4R+CIkaUwVTCdRsibyZRM8E
FL0=
-----END ENCRYPTED PRIVATE KEY-----

43
autotests/testEAP-TLS/connection_test.py
View File

@ -6,14 +6,26 @@ import sys
sys.path.append('../util') sys.path.append('../util')
import iwd import iwd
from iwd import IWD from iwd import IWD
from iwd import PSKAgent
from iwd import NetworkType from iwd import NetworkType
import testutil import testutil
import hostapd
class Test(unittest.TestCase): class Test(unittest.TestCase):
def test_connection_success(self): def do_test_connection_success(self, ssid, passphrase=None):
wd = IWD() wd = IWD()
if passphrase:
psk_agent = PSKAgent(passphrase)
wd.register_psk_agent(psk_agent)
hostapd_ifname = None
for ifname in hostapd.hostapd_map:
if ssid + '.conf' in hostapd.hostapd_map[ifname].config:
hostapd_ifname = ifname
break
devices = wd.list_devices(); devices = wd.list_devices();
self.assertIsNotNone(devices) self.assertIsNotNone(devices)
device = devices[0] device = devices[0]
@ -21,15 +33,16 @@ class Test(unittest.TestCase):
condition = 'not obj.scanning' condition = 'not obj.scanning'
wd.wait_for_object_condition(device, condition) wd.wait_for_object_condition(device, condition)
device.scan() if not device.get_ordered_networks():
device.scan()
condition = 'not obj.scanning' condition = 'obj.scanning'
wd.wait_for_object_condition(device, condition) wd.wait_for_object_condition(device, condition)
condition = 'not obj.scanning'
wd.wait_for_object_condition(device, condition)
ordered_networks = device.get_ordered_networks() ordered_networks = device.get_ordered_networks()
ordered_network = ordered_networks[0] ordered_network = [n for n in ordered_networks if n.name == ssid][0]
self.assertEqual(ordered_network.name, "ssidEAP-TLS")
self.assertEqual(ordered_network.type, NetworkType.eap) self.assertEqual(ordered_network.type, NetworkType.eap)
condition = 'not obj.connected' condition = 'not obj.connected'
@ -41,16 +54,30 @@ class Test(unittest.TestCase):
wd.wait_for_object_condition(ordered_network.network_object, condition) wd.wait_for_object_condition(ordered_network.network_object, condition)
testutil.test_iface_operstate() testutil.test_iface_operstate()
testutil.test_ifaces_connected() testutil.test_ifaces_connected(hostapd_ifname, 'wln3')
device.disconnect() device.disconnect()
condition = 'not obj.connected' condition = 'not obj.connected'
wd.wait_for_object_condition(ordered_network.network_object, condition) wd.wait_for_object_condition(ordered_network.network_object, condition)
if passphrase:
wd.unregister_psk_agent(psk_agent)
def test_eap_tls(self):
self.do_test_connection_success('ssidEAP-TLS')
def test_eap_tls2(self):
self.do_test_connection_success('ssidEAP-TLS2')
def test_eap_tls3(self):
self.do_test_connection_success('ssidEAP-TLS3', 'abc')
@classmethod @classmethod
def setUpClass(cls): def setUpClass(cls):
IWD.copy_to_storage('ssidEAP-TLS.8021x') IWD.copy_to_storage('ssidEAP-TLS.8021x')
IWD.copy_to_storage('ssidEAP-TLS2.8021x')
IWD.copy_to_storage('ssidEAP-TLS3.8021x')
@classmethod @classmethod
def tearDownClass(cls): def tearDownClass(cls):

4
autotests/testEAP-TLS/hw.conf
View File

@ -1,6 +1,8 @@
[SETUP] [SETUP]
num_radios=2 num_radios=4
tmpfs_extra_stuff=../misc/certs tmpfs_extra_stuff=../misc/certs
[HOSTAPD] [HOSTAPD]
rad0=ssidEAP-TLS.conf rad0=ssidEAP-TLS.conf
rad1=ssidEAP-TLS2.conf
rad2=ssidEAP-TLS3.conf

7
autotests/testEAP-TLS/ssidEAP-TLS2.8021x Normal file
View File

@ -0,0 +1,7 @@
[Security]
EAP-Method=TLS
EAP-TLS-CACert=/tmp/certs/cert-ca.pem
EAP-TLS-ClientCert=/tmp/certs/cert-client.pem
EAP-TLS-ClientKey=/tmp/certs/cert-client-key-md5-des.pem
EAP-TLS-ClientKeyPassphrase=abc
EAP-Identity=abc@example.com

12
autotests/testEAP-TLS/ssidEAP-TLS2.conf Normal file
View File

@ -0,0 +1,12 @@
hw_mode=g
channel=2
ssid=ssidEAP-TLS2
wpa=3
wpa_key_mgmt=WPA-EAP
ieee8021x=1
eap_server=1
eap_user_file=/tmp/certs/eap-user-tls.text
ca_cert=/tmp/certs/cert-ca.pem
server_cert=/tmp/certs/cert-server.pem
private_key=/tmp/certs/cert-server-key.pem

6
autotests/testEAP-TLS/ssidEAP-TLS3.8021x Normal file
View File

@ -0,0 +1,6 @@
[Security]
EAP-Method=TLS
EAP-TLS-CACert=/tmp/certs/cert-ca.pem
EAP-TLS-ClientCert=/tmp/certs/cert-client.pem
EAP-TLS-ClientKey=/tmp/certs/cert-client-key-v2-des-ede3.pem
EAP-Identity=abc@example.com

12
autotests/testEAP-TLS/ssidEAP-TLS3.conf Normal file
View File

@ -0,0 +1,12 @@
hw_mode=g
channel=3
ssid=ssidEAP-TLS3
wpa=3
wpa_key_mgmt=WPA-EAP
ieee8021x=1
eap_server=1
eap_user_file=/tmp/certs/eap-user-tls.text
ca_cert=/tmp/certs/cert-ca.pem
server_cert=/tmp/certs/cert-server.pem
private_key=/tmp/certs/cert-server-key.pem