tests: DH parameter file DSA conversion and error cases

author Jouni Malinen <j@w1.fi>

Mon, 29 Jun 2015 19:45:03 +0000 (22:45 +0300)

committer Jouni Malinen <j@w1.fi>

Mon, 29 Jun 2015 20:23:56 +0000 (23:23 +0300)
author Jouni Malinen <j@w1.fi>
Mon, 29 Jun 2015 19:45:03 +0000 (22:45 +0300)
committer Jouni Malinen <j@w1.fi>
Mon, 29 Jun 2015 20:23:56 +0000 (23:23 +0300)
diff --git a/tests/hwsim/auth_serv/dsaparam.pem b/tests/hwsim/auth_serv/dsaparam.pem

new file mode 100644 (file)

index 0000000..54ba66a
--- /dev/null
+++ b/tests/hwsim/auth_serv/dsaparam.pem
@@ -0,0 +1,11 @@
+-----BEGIN DSA PARAMETERS-----
+MIIBngKBwQCKGwQSQa8/VqJBvFDwpbJTEgQ2myTzbDCZqZof9EBBO5KlbUfgFZfY
+szSaZAWPok0mG9BRGoJgtajJruLU6lvoZ94FgGPhRrOZWd0wT6kiySRz4nv9kEMK
+Ch83zLQ+i1IdRFozP4k+9YHlAVL354zU+O5USxNMuhPVab4MPsl9I7gZmEQmisHA
+fwQOLppTrILuqNtVOqpRogKhVnvQITqV3VsRYV0JVersx48olOqtPGQKKewiJFJp
+n7fwGC208/sCFQD4vIUetIr4LGLwm3D/Y5HxNMyFFwKBwC7b0nT/lb1+z86vKg3v
+Cyy40D03ezYgmlwV+xObadfMmciwxK98DX763dFsY9omd6csFho1xGfSFRj8Bkv6
+rbumVtoZGurdRxU4ADJf4SF5MuK2rJ9jg4Wz6F1BhHEKtoubINlk3fyZWPx0sjkm
+t2IJlFY4rfbTI8ETrPrE+zb53tiaundB72cUWmZY/gRuaXh7lRzpMVr71+OedLU6
+VkIHXOG/nnb48hZfGohKvWTAp/wkb2w/dCdeGKgVZn3FzA==
+-----END DSA PARAMETERS-----
diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py

index ceb61787b1fc7ad718eb0e0e9c65c36f7714f43e..4197f95944d8c72c884f62d21486e16b5f988407 100644 (file)
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -2663,6 +2663,45 @@ def test_ap_wpa2_eap_ttls_dh_params(dev, apdev):
                  ca_cert="auth_serv/ca.der", phase2="auth=CHAP",
                  dh_file="auth_serv/dh.conf")
  
+def test_ap_wpa2_eap_ttls_dh_params_dsa(dev, apdev):
+    """WPA2-Enterprise connection using EAP-TTLS and setting DH params (DSA)"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], apdev[0], "TTLS", "chap user",
+                anonymous_identity="ttls", password="password",
+                ca_cert="auth_serv/ca.der", phase2="auth=CHAP",
+                dh_file="auth_serv/dsaparam.pem")
+
+def test_ap_wpa2_eap_ttls_dh_params_not_found(dev, apdev):
+    """EAP-TTLS and DH params file not found"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
+                   identity="mschap user", password="password",
+                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
+                   dh_file="auth_serv/dh-no-such-file.conf",
+                   scan_freq="2412", wait_connect=False)
+    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
+    if ev is None:
+        raise Exception("EAP failure timed out")
+    dev[0].request("REMOVE_NETWORK all")
+    dev[0].wait_disconnected()
+
+def test_ap_wpa2_eap_ttls_dh_params_invalid(dev, apdev):
+    """EAP-TTLS and invalid DH params file"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
+                   identity="mschap user", password="password",
+                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
+                   dh_file="auth_serv/ca.pem",
+                   scan_freq="2412", wait_connect=False)
+    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
+    if ev is None:
+        raise Exception("EAP failure timed out")
+    dev[0].request("REMOVE_NETWORK all")
+    dev[0].wait_disconnected()
+
  def test_ap_wpa2_eap_ttls_dh_params_blob(dev, apdev):
      """WPA2-Enterprise connection using EAP-TTLS/CHAP and setting DH params from blob"""
      params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
@@ -2684,6 +2723,31 @@ def test_ap_wpa2_eap_ttls_dh_params_server(dev, apdev):
                  anonymous_identity="ttls", password="password",
                  ca_cert="auth_serv/ca.der", phase2="auth=CHAP")
  
+def test_ap_wpa2_eap_ttls_dh_params_dsa_server(dev, apdev):
+    """WPA2-Enterprise using EAP-TTLS and alternative server dhparams (DSA)"""
+    params = int_eap_server_params()
+    params["dh_file"] = "auth_serv/dsaparam.pem"
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], apdev[0], "TTLS", "chap user",
+                anonymous_identity="ttls", password="password",
+                ca_cert="auth_serv/ca.der", phase2="auth=CHAP")
+
+def test_ap_wpa2_eap_ttls_dh_params_not_found(dev, apdev):
+    """EAP-TLS server and dhparams file not found"""
+    params = int_eap_server_params()
+    params["dh_file"] = "auth_serv/dh-no-such-file.conf"
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True)
+    if "FAIL" not in hapd.request("ENABLE"):
+        raise Exception("Invalid configuration accepted")
+
+def test_ap_wpa2_eap_ttls_dh_params_invalid(dev, apdev):
+    """EAP-TLS server and invalid dhparams file"""
+    params = int_eap_server_params()
+    params["dh_file"] = "auth_serv/ca.pem"
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True)
+    if "FAIL" not in hapd.request("ENABLE"):
+        raise Exception("Invalid configuration accepted")
+
  def test_ap_wpa2_eap_reauth(dev, apdev):
      """WPA2-Enterprise and Authenticator forcing reauthentication"""
      params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
author	Jouni Malinen <j@w1.fi>
	Mon, 29 Jun 2015 19:45:03 +0000 (22:45 +0300)
committer	Jouni Malinen <j@w1.fi>
	Mon, 29 Jun 2015 20:23:56 +0000 (23:23 +0300)
tests/hwsim/auth_serv/dsaparam.pem	[new file with mode: 0644]	patch \| blob
tests/hwsim/test_ap_eap.py		patch \| blob \| blame \| history