mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-11-29 13:59:24 +01:00
unit: add test for embedded certs to test-eapol
Refactored eapol_sm_test_tls to take a l_settings object rather than a settings string. This lets the caller either load from data or from file (the new test loads the build time generated tls-settings file).
This commit is contained in:
parent
be55eb0b5e
commit
fddf15f527
@ -2886,7 +2886,7 @@ static void test_handshake_event(struct handshake_state *hs,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void eapol_sm_test_tls(struct eapol_8021x_tls_test_state *s,
|
static void eapol_sm_test_tls(struct eapol_8021x_tls_test_state *s,
|
||||||
const char *config)
|
struct l_settings *config)
|
||||||
{
|
{
|
||||||
static const unsigned char ap_wpa_ie[] = {
|
static const unsigned char ap_wpa_ie[] = {
|
||||||
0xdd, 0x16, 0x00, 0x50, 0xf2, 0x01, 0x01, 0x00,
|
0xdd, 0x16, 0x00, 0x50, 0xf2, 0x01, 0x01, 0x00,
|
||||||
@ -2898,7 +2898,6 @@ static void eapol_sm_test_tls(struct eapol_8021x_tls_test_state *s,
|
|||||||
struct handshake_state *hs;
|
struct handshake_state *hs;
|
||||||
struct test_handshake_state *ths;
|
struct test_handshake_state *ths;
|
||||||
struct eapol_sm *sm;
|
struct eapol_sm *sm;
|
||||||
struct l_settings *settings;
|
|
||||||
uint8_t tx_buf[2000];
|
uint8_t tx_buf[2000];
|
||||||
size_t header_len, data_len, tx_len;
|
size_t header_len, data_len, tx_len;
|
||||||
bool start;
|
bool start;
|
||||||
@ -2933,13 +2932,9 @@ static void eapol_sm_test_tls(struct eapol_8021x_tls_test_state *s,
|
|||||||
|
|
||||||
handshake_state_set_authenticator_ie(hs, ap_wpa_ie);
|
handshake_state_set_authenticator_ie(hs, ap_wpa_ie);
|
||||||
|
|
||||||
settings = l_settings_new();
|
handshake_state_set_8021x_config(hs, config);
|
||||||
l_settings_load_from_data(settings, config, strlen(config));
|
|
||||||
handshake_state_set_8021x_config(hs, settings);
|
|
||||||
eapol_start(sm);
|
eapol_start(sm);
|
||||||
|
|
||||||
l_settings_free(settings);
|
|
||||||
|
|
||||||
__eapol_set_tx_packet_func(verify_8021x_identity_resp);
|
__eapol_set_tx_packet_func(verify_8021x_identity_resp);
|
||||||
s->pending_req = 1;
|
s->pending_req = 1;
|
||||||
__eapol_rx_packet(1, ap_address, ETH_P_PAE, eap_identity_req,
|
__eapol_rx_packet(1, ap_address, ETH_P_PAE, eap_identity_req,
|
||||||
@ -3152,25 +3147,48 @@ done:
|
|||||||
|
|
||||||
static void eapol_sm_test_eap_tls(const void *data)
|
static void eapol_sm_test_eap_tls(const void *data)
|
||||||
{
|
{
|
||||||
static const char *eapol_8021x_config = "[Security]\n"
|
static const char *config_8021x = "[Security]\n"
|
||||||
"EAP-Method=TLS\n"
|
"EAP-Method=TLS\n"
|
||||||
"EAP-Identity=abc@example.com\n"
|
"EAP-Identity=abc@example.com\n"
|
||||||
"EAP-TLS-CACert=" CERTDIR "cert-ca.pem\n"
|
"EAP-TLS-CACert=" CERTDIR "cert-ca.pem\n"
|
||||||
"EAP-TLS-ClientCert=" CERTDIR "cert-client.pem\n"
|
"EAP-TLS-ClientCert=" CERTDIR "cert-client.pem\n"
|
||||||
"EAP-TLS-ClientKey=" CERTDIR "cert-client-key-pkcs8.pem";
|
"EAP-TLS-ClientKey=" CERTDIR "cert-client-key-pkcs8.pem";
|
||||||
struct eapol_8021x_tls_test_state s = {};
|
struct eapol_8021x_tls_test_state s = {};
|
||||||
|
struct l_settings* config = l_settings_new();
|
||||||
|
|
||||||
|
l_settings_load_from_data(config, config_8021x, strlen(config_8021x));
|
||||||
|
|
||||||
s.app_data_cb = eapol_sm_test_tls_new_data;
|
s.app_data_cb = eapol_sm_test_tls_new_data;
|
||||||
s.ready_cb = eapol_sm_test_tls_test_ready;
|
s.ready_cb = eapol_sm_test_tls_test_ready;
|
||||||
s.disconnect_cb = eapol_sm_test_tls_test_disconnected;
|
s.disconnect_cb = eapol_sm_test_tls_test_disconnected;
|
||||||
s.method = EAP_TYPE_TLS;
|
s.method = EAP_TYPE_TLS;
|
||||||
|
|
||||||
eapol_sm_test_tls(&s, eapol_8021x_config);
|
eapol_sm_test_tls(&s, config);
|
||||||
|
|
||||||
|
l_settings_free(config);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void eapol_sm_test_eap_tls_embedded(const void *data)
|
||||||
|
{
|
||||||
|
struct eapol_8021x_tls_test_state s = {};
|
||||||
|
struct l_settings *config;
|
||||||
|
|
||||||
|
config = l_settings_new();
|
||||||
|
l_settings_load_from_file(config, CERTDIR "tls-settings.8021x");
|
||||||
|
|
||||||
|
s.app_data_cb = eapol_sm_test_tls_new_data;
|
||||||
|
s.ready_cb = eapol_sm_test_tls_test_ready;
|
||||||
|
s.disconnect_cb = eapol_sm_test_tls_test_disconnected;
|
||||||
|
s.method = EAP_TYPE_TLS;
|
||||||
|
|
||||||
|
eapol_sm_test_tls(&s, config);
|
||||||
|
|
||||||
|
l_settings_free(config);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void eapol_sm_test_eap_tls_subject_good(const void *data)
|
static void eapol_sm_test_eap_tls_subject_good(const void *data)
|
||||||
{
|
{
|
||||||
static const char *eapol_8021x_config = "[Security]\n"
|
static const char *config_8021x = "[Security]\n"
|
||||||
"EAP-Method=TLS\n"
|
"EAP-Method=TLS\n"
|
||||||
"EAP-Identity=abc@example.com\n"
|
"EAP-Identity=abc@example.com\n"
|
||||||
"EAP-TLS-CACert=" CERTDIR "cert-ca.pem\n"
|
"EAP-TLS-CACert=" CERTDIR "cert-ca.pem\n"
|
||||||
@ -3178,18 +3196,23 @@ static void eapol_sm_test_eap_tls_subject_good(const void *data)
|
|||||||
"EAP-TLS-ClientKey=" CERTDIR "cert-client-key-pkcs8.pem\n"
|
"EAP-TLS-ClientKey=" CERTDIR "cert-client-key-pkcs8.pem\n"
|
||||||
"EAP-TLS-ServerDomainMask=bad.example.org;*.example.org";
|
"EAP-TLS-ServerDomainMask=bad.example.org;*.example.org";
|
||||||
struct eapol_8021x_tls_test_state s = {};
|
struct eapol_8021x_tls_test_state s = {};
|
||||||
|
struct l_settings* config = l_settings_new();
|
||||||
|
|
||||||
|
l_settings_load_from_data(config, config_8021x, strlen(config_8021x));
|
||||||
|
|
||||||
s.app_data_cb = eapol_sm_test_tls_new_data;
|
s.app_data_cb = eapol_sm_test_tls_new_data;
|
||||||
s.ready_cb = eapol_sm_test_tls_test_ready;
|
s.ready_cb = eapol_sm_test_tls_test_ready;
|
||||||
s.disconnect_cb = eapol_sm_test_tls_test_disconnected;
|
s.disconnect_cb = eapol_sm_test_tls_test_disconnected;
|
||||||
s.method = EAP_TYPE_TLS;
|
s.method = EAP_TYPE_TLS;
|
||||||
|
|
||||||
eapol_sm_test_tls(&s, eapol_8021x_config);
|
eapol_sm_test_tls(&s, config);
|
||||||
|
|
||||||
|
l_settings_free(config);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void eapol_sm_test_eap_tls_subject_bad(const void *data)
|
static void eapol_sm_test_eap_tls_subject_bad(const void *data)
|
||||||
{
|
{
|
||||||
static const char *eapol_8021x_config = "[Security]\n"
|
static const char *config_8021x = "[Security]\n"
|
||||||
"EAP-Method=TLS\n"
|
"EAP-Method=TLS\n"
|
||||||
"EAP-Identity=abc@example.com\n"
|
"EAP-Identity=abc@example.com\n"
|
||||||
"EAP-TLS-CACert=" CERTDIR "cert-ca.pem\n"
|
"EAP-TLS-CACert=" CERTDIR "cert-ca.pem\n"
|
||||||
@ -3197,6 +3220,9 @@ static void eapol_sm_test_eap_tls_subject_bad(const void *data)
|
|||||||
"EAP-TLS-ClientKey=" CERTDIR "cert-client-key-pkcs8.pem\n"
|
"EAP-TLS-ClientKey=" CERTDIR "cert-client-key-pkcs8.pem\n"
|
||||||
"EAP-TLS-ServerDomainMask=bad.example.org";
|
"EAP-TLS-ServerDomainMask=bad.example.org";
|
||||||
struct eapol_8021x_tls_test_state s = {};
|
struct eapol_8021x_tls_test_state s = {};
|
||||||
|
struct l_settings* config = l_settings_new();
|
||||||
|
|
||||||
|
l_settings_load_from_data(config, config_8021x, strlen(config_8021x));
|
||||||
|
|
||||||
s.app_data_cb = eapol_sm_test_tls_new_data;
|
s.app_data_cb = eapol_sm_test_tls_new_data;
|
||||||
s.ready_cb = eapol_sm_test_tls_test_ready;
|
s.ready_cb = eapol_sm_test_tls_test_ready;
|
||||||
@ -3204,7 +3230,9 @@ static void eapol_sm_test_eap_tls_subject_bad(const void *data)
|
|||||||
s.method = EAP_TYPE_TLS;
|
s.method = EAP_TYPE_TLS;
|
||||||
s.expect_handshake_fail = true;
|
s.expect_handshake_fail = true;
|
||||||
|
|
||||||
eapol_sm_test_tls(&s, eapol_8021x_config);
|
eapol_sm_test_tls(&s, config);
|
||||||
|
|
||||||
|
l_settings_free(config);
|
||||||
}
|
}
|
||||||
|
|
||||||
static const uint8_t eap_ttls_eap_identity_avp[] = {
|
static const uint8_t eap_ttls_eap_identity_avp[] = {
|
||||||
@ -3267,7 +3295,7 @@ static void eapol_sm_test_eap_ttls_test_ready(const char *peer_identity,
|
|||||||
|
|
||||||
static void eapol_sm_test_eap_ttls_md5(const void *data)
|
static void eapol_sm_test_eap_ttls_md5(const void *data)
|
||||||
{
|
{
|
||||||
static const char *eapol_8021x_config = "[Security]\n"
|
static const char *config_8021x = "[Security]\n"
|
||||||
"EAP-Method=TTLS\n"
|
"EAP-Method=TTLS\n"
|
||||||
"EAP-Identity=abc@example.com\n"
|
"EAP-Identity=abc@example.com\n"
|
||||||
"EAP-TTLS-CACert=" CERTDIR "cert-ca.pem\n"
|
"EAP-TTLS-CACert=" CERTDIR "cert-ca.pem\n"
|
||||||
@ -3277,13 +3305,18 @@ static void eapol_sm_test_eap_ttls_md5(const void *data)
|
|||||||
"EAP-TTLS-Phase2-Identity=abc@example.com\n"
|
"EAP-TTLS-Phase2-Identity=abc@example.com\n"
|
||||||
"EAP-TTLS-Phase2-Password=testpasswd";
|
"EAP-TTLS-Phase2-Password=testpasswd";
|
||||||
struct eapol_8021x_eap_ttls_test_state s = {};
|
struct eapol_8021x_eap_ttls_test_state s = {};
|
||||||
|
struct l_settings* config = l_settings_new();
|
||||||
|
|
||||||
|
l_settings_load_from_data(config, config_8021x, strlen(config_8021x));
|
||||||
|
|
||||||
s.tls.app_data_cb = eapol_sm_test_eap_ttls_new_data;
|
s.tls.app_data_cb = eapol_sm_test_eap_ttls_new_data;
|
||||||
s.tls.ready_cb = eapol_sm_test_eap_ttls_test_ready;
|
s.tls.ready_cb = eapol_sm_test_eap_ttls_test_ready;
|
||||||
s.tls.disconnect_cb = eapol_sm_test_tls_test_disconnected;
|
s.tls.disconnect_cb = eapol_sm_test_tls_test_disconnected;
|
||||||
s.tls.method = EAP_TYPE_TTLS;
|
s.tls.method = EAP_TYPE_TTLS;
|
||||||
|
|
||||||
eapol_sm_test_tls(&s.tls, eapol_8021x_config);
|
eapol_sm_test_tls(&s.tls, config);
|
||||||
|
|
||||||
|
l_settings_free(config);
|
||||||
}
|
}
|
||||||
|
|
||||||
static const uint8_t eap_ttls_start_req[] = {
|
static const uint8_t eap_ttls_start_req[] = {
|
||||||
@ -3605,6 +3638,8 @@ int main(int argc, char *argv[])
|
|||||||
&eapol_sm_test_eap_tls_subject_good, NULL);
|
&eapol_sm_test_eap_tls_subject_good, NULL);
|
||||||
l_test_add("EAPoL/8021x EAP-TLS subject name mismatch",
|
l_test_add("EAPoL/8021x EAP-TLS subject name mismatch",
|
||||||
&eapol_sm_test_eap_tls_subject_bad, NULL);
|
&eapol_sm_test_eap_tls_subject_bad, NULL);
|
||||||
|
l_test_add("EAPoL/8021x EAP-TLS embedded certs",
|
||||||
|
&eapol_sm_test_eap_tls_embedded, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
l_test_add("EAPoL/FT-Using-PSK 4-Way Handshake",
|
l_test_add("EAPoL/FT-Using-PSK 4-Way Handshake",
|
||||||
|
Loading…
Reference in New Issue
Block a user