tests: Server certificate with both client and server EKU

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/tests/hwsim/auth_serv/server-eku-client-server.key b/tests/hwsim/auth_serv/server-eku-client-server.key
new file mode 100644 (file)
index 0000000..ce2e5f2
--- /dev/null
+++ b/tests/hwsim/auth_serv/server-eku-client-server.key
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMowHv0TagIoUZoO
+qR5yfudayMsMfoqZgY0FswmwqYbnrkT64Mfu8xi0MWXjBW9mTuPkhYGbR39ftRYr
+sFmRnMVV09PKLIHO8CeoVN4OT9jwEb0LEFY4Jt+pOpUVk6YW7dIetLXAqGGOrhAE
+/eYmykoNkEu5rMmU8rFrl2tgJOq9AgMBAAECgYAdONdBvIyVwz4IBhZrUCEHTxe2
+QRgI8CbJOwmlXOMjnFiTn67dNqvr5h89mpIuh5rfVSf2k3rB7hM+IRJb36/Ik7qg
+GdktPSEIK/ktUcfofVLaLn+ehG7vXhkkB6juBR7jaXDZRBPvFM+TCtirlaZ5sQ0u
+TbSw7m9NcFD2APxgAQJBAPIoCxZCJGpMvh+5ta8EJQVQKhJeMWmDlUQvscKTauWb
+aTz0z+OMBGpZH7DWCTww4+/3fjqZt/TURuPSh0ZcACUCQQDVvyPTO3h3R5fig/zV
+NV8E0/dCYH6kwsFk0AUIRbMHdaN3sEHWszKG9nTNyPyHhDo8i9jguSjkb9MwdgR7
+BJC5AkBB6/bAs3bYXVXwqwyzvWwamy0o3O2UrNaIvnck4h7arMkkZ/zkFCzriqGe
+8VWIRkL3A6ggadJzWwqFYL2kwMzlAkEAhfEdFgUyXCy09PEYwtKLFI9vZlzpf327
+it0ACksDAS2qnhoJZ+0rQH+4eiv0c0dc5wwLf+cHxP5+LOQHsr8NoQJAcsRe+KyX
+G0TLKZg/J5E+zJMH6M19BZ4BC32UIMTJWe1xzp+9XrCWflagRJMJ+DOWtHzu/Opo
+Ty4OiT0uZUxcMw==
+-----END PRIVATE KEY-----

diff --git a/tests/hwsim/auth_serv/server-eku-client-server.pem b/tests/hwsim/auth_serv/server-eku-client-server.pem
new file mode 100644 (file)
index 0000000..4f94455
--- /dev/null
+++ b/tests/hwsim/auth_serv/server-eku-client-server.pem
@@ -0,0 +1,62 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 15624081837803162828 (0xd8d3e3a6cbe3cccc)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=FI, O=w1.fi, CN=Root CA
+        Validity
+            Not Before: Feb 28 22:41:44 2014 GMT
+            Not After : Feb 28 22:41:44 2015 GMT
+        Subject: C=FI, O=w1.fi, CN=server6.w1.fi
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:ca:30:1e:fd:13:6a:02:28:51:9a:0e:a9:1e:72:
+                    7e:e7:5a:c8:cb:0c:7e:8a:99:81:8d:05:b3:09:b0:
+                    a9:86:e7:ae:44:fa:e0:c7:ee:f3:18:b4:31:65:e3:
+                    05:6f:66:4e:e3:e4:85:81:9b:47:7f:5f:b5:16:2b:
+                    b0:59:91:9c:c5:55:d3:d3:ca:2c:81:ce:f0:27:a8:
+                    54:de:0e:4f:d8:f0:11:bd:0b:10:56:38:26:df:a9:
+                    3a:95:15:93:a6:16:ed:d2:1e:b4:b5:c0:a8:61:8e:
+                    ae:10:04:fd:e6:26:ca:4a:0d:90:4b:b9:ac:c9:94:
+                    f2:b1:6b:97:6b:60:24:ea:bd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                C7:C6:EF:F5:61:D2:A0:08:81:6A:6B:44:2C:F5:72:F7:DA:DE:5B:B9
+            X509v3 Authority Key Identifier: 
+                keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
+
+            Authority Information Access: 
+                OCSP - URI:http://server.w1.fi:8888/
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication, TLS Web Server Authentication
+    Signature Algorithm: sha1WithRSAEncryption
+         64:52:09:25:e9:ce:db:1f:fa:81:aa:8a:ed:7e:f7:db:1e:27:
+         de:a7:41:b3:ab:73:e3:bc:b7:24:ed:5f:a6:88:5b:c8:16:1a:
+         f9:60:93:0b:d2:3f:5f:ce:3c:8c:50:53:8e:30:ae:0a:f8:0a:
+         53:74:d7:37:47:55:81:7d:75:c7:a2:e2:ff:82:bd:55:67:3d:
+         dd:e3:ca:d6:ef:33:63:2d:f4:65:4f:a2:8c:d5:f1:ac:af:ce:
+         02:83:91:37:cc:7c:55:7a:81:9c:c9:46:9e:9c:e6:ce:d5:35:
+         6c:f7:2e:08:05:c3:ca:c7:25:8c:e0:ba:4e:4c:fc:d3:a2:5a:
+         57:0e
+-----BEGIN CERTIFICATE-----
+MIIChzCCAfCgAwIBAgIJANjT46bL48zMMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV
+BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNDAy
+MjgyMjQxNDRaFw0xNTAyMjgyMjQxNDRaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
+DAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNi53MS5maTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAyjAe/RNqAihRmg6pHnJ+51rIywx+ipmBjQWzCbCphueuRPrg
+x+7zGLQxZeMFb2ZO4+SFgZtHf1+1FiuwWZGcxVXT08osgc7wJ6hU3g5P2PARvQsQ
+Vjgm36k6lRWTphbt0h60tcCoYY6uEAT95ibKSg2QS7msyZTysWuXa2Ak6r0CAwEA
+AaOBpDCBoTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTHxu/1YdKgCIFqa0Qs9XL32t5b
+uTAfBgNVHSMEGDAWgBS4kt79ihizMMOfVfMzXbTIKYpBFDA1BggrBgEFBQcBAQQp
+MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8wHQYDVR0l
+BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAGRSCSXp
+ztsf+oGqiu1+99seJ96nQbOrc+O8tyTtX6aIW8gWGvlgkwvSP1/OPIxQU44wrgr4
+ClN01zdHVYF9dcei4v+CvVVnPd3jytbvM2Mt9GVPoozV8ayvzgKDkTfMfFV6gZzJ
+Rp6c5s7VNWz3LggFw8rHJYzguk5M/NOiWlcO
+-----END CERTIFICATE-----

diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index 532a21df5fd7428305a04f20e379d73981a64044..5a17077e54e21bf56276cf6b96bb9e1aad9f8328 100644 (file)
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -959,6 +959,17 @@ def test_ap_wpa2_eap_ttls_server_cert_eku_client(dev, apdev):
     if ev is None:
         raise Exception("Timeout on EAP failure report")
 
+def test_ap_wpa2_eap_ttls_server_cert_eku_client_server(dev, apdev):
+    """WPA2-Enterprise using EAP-TTLS and server cert with client and server EKU"""
+    params = int_eap_server_params()
+    params["server_cert"] = "auth_serv/server-eku-client-server.pem"
+    params["private_key"] = "auth_serv/server-eku-client-server.key"
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
+                   identity="mschap user", password="password",
+                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
+                   scan_freq="2412")
+
 def test_ap_wpa2_eap_ttls_dh_params(dev, apdev):
     """WPA2-Enterprise connection using EAP-TTLS/CHAP and setting DH params"""
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")