Accueil Explorer Aide
S'inscrire Connexion
wareck
/
krackattacks
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

tests: EAP-TTLS and server certificate with client EKU

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen il y a 11 ans
Parent
6a4d0dbe1c
commit
6ab4a7aa5a
3 fichiers modifiés avec 93 ajouts et 0 suppressions
Vue séparée Afficher les stats Diff
  1. 16 0
      tests/hwsim/auth_serv/server-eku-client.key
  2. 62 0
      tests/hwsim/auth_serv/server-eku-client.pem
  3. 15 0
      tests/hwsim/test_ap_eap.py

+ 16 - 0
tests/hwsim/auth_serv/server-eku-client.key
Voir le fichier 

@@ -0,0 +1,16 @@
 
+-----BEGIN PRIVATE KEY-----
 
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKOZ6eLhF2A7cDQa
 
+dFxG47i9u6rJ8+77EjCgacN0OIA6uiNSx8Fqz7rdQePSaTWkpmBsMR+FvVZsewlj
 
+zadRa4RAkHd+l2h7OLXEFTt0NzQounri14RTeHZNFre43wly54cmdCwEysXOKfW0
 
+ztso60VHQo/tiFqjI0mbe7w54QFTAgMBAAECgYAngwCtvtc6cqCCtPDtaGGPOKOe
 
+d+/mA9U80UE551POBGD4LwH3gKhy5QUI1MR8JCvalca3akF0IfcFKYl9o3hnsZ73
 
+3wGzxM8BEf9wEVtVC2CTRVoIupleaEk3j8dgaUs/O54WkmAoHF1avXAMSGOUDxCO
 
+Ggpn2tei78Csdj78IQJBANF7a7RaJsXh6xMI7hlrVrUsIbBvsBo1wbbGCwNRvgzL
 
+I1mq1O+Go7Aao0pDK7sOUa86j6ECZ5pzqcdPaF22tJ8CQQDH7kTy6ERBbLFxs/Wd
 
+YLDEh1GIGyGW10tuJTOl2R1TKSBXRzPAeI+jcC+AC00238p4MO899WOVeLvaERZa
 
+IuLNAkAtlxXGp4Qett9JQj1HbPPu9A7U7km+OorRM2K8MzMQZ7lmz2YORxgiwHlf
 
+NSU0TZZ7c1xE51gS5i9CAEcvdg7zAkAKIZfa20xCKHjhcyYaIIE0pErMY9uS4jwP
 
+S9FPMS5cPXRHF/OWaEWXGaM+kNQL2NFQv+IPuLSgKWsThNQmIyhtAkEAiQq1HdN7
 
+3l8YhUuJtxg7nrh2s0V4UcSNOZxVf/85AKrTu1IfjdwmXFeoRB/y9Ef4h1bcXgzj
 
+clIVhie7r0JNLw==
 
+-----END PRIVATE KEY-----

+ 62 - 0
tests/hwsim/auth_serv/server-eku-client.pem
Voir le fichier 

@@ -0,0 +1,62 @@
 
+Certificate:
 
+    Data:
 
+        Version: 3 (0x2)
 
+        Serial Number: 15624081837803162827 (0xd8d3e3a6cbe3cccb)
 
+    Signature Algorithm: sha1WithRSAEncryption
 
+        Issuer: C=FI, O=w1.fi, CN=Root CA
 
+        Validity
 
+            Not Before: Feb 15 08:30:08 2014 GMT
 
+            Not After : Feb 15 08:30:08 2015 GMT
 
+        Subject: C=FI, O=w1.fi, CN=server5.w1.fi
 
+        Subject Public Key Info:
 
+            Public Key Algorithm: rsaEncryption
 
+                Public-Key: (1024 bit)
 
+                Modulus:
 
+                    00:a3:99:e9:e2:e1:17:60:3b:70:34:1a:74:5c:46:
 
+                    e3:b8:bd:bb:aa:c9:f3:ee:fb:12:30:a0:69:c3:74:
 
+                    38:80:3a:ba:23:52:c7:c1:6a:cf:ba:dd:41:e3:d2:
 
+                    69:35:a4:a6:60:6c:31:1f:85:bd:56:6c:7b:09:63:
 
+                    cd:a7:51:6b:84:40:90:77:7e:97:68:7b:38:b5:c4:
 
+                    15:3b:74:37:34:28:ba:7a:e2:d7:84:53:78:76:4d:
 
+                    16:b7:b8:df:09:72:e7:87:26:74:2c:04:ca:c5:ce:
 
+                    29:f5:b4:ce:db:28:eb:45:47:42:8f:ed:88:5a:a3:
 
+                    23:49:9b:7b:bc:39:e1:01:53
 
+                Exponent: 65537 (0x10001)
 
+        X509v3 extensions:
 
+            X509v3 Basic Constraints: 
+                CA:FALSE
 
+            X509v3 Subject Key Identifier: 
+                33:16:9D:3B:17:15:82:2B:34:6E:38:E8:CC:22:BF:49:A7:5E:2A:2B
 
+            X509v3 Authority Key Identifier: 
+                keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
 
+
 
+            Authority Information Access: 
+                OCSP - URI:http://server.w1.fi:8888/
 
+
 
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
 
+    Signature Algorithm: sha1WithRSAEncryption
 
+         6f:2d:cb:3b:91:50:15:e1:c7:41:15:6c:a4:89:e5:0e:f9:f9:
 
+         9b:10:36:d8:67:a8:29:e2:6a:6f:89:7b:66:bd:f1:b8:fa:1c:
 
+         f7:22:8b:85:4e:37:f3:d6:1e:35:df:c7:04:e6:13:20:ca:fa:
 
+         62:cc:8d:3a:bd:97:10:5c:1b:0b:39:79:ac:13:61:59:79:fd:
 
+         a1:4b:7d:c9:c5:c4:19:4d:76:5b:cd:6d:1e:f2:aa:ef:67:51:
 
+         aa:0c:ef:6a:f2:10:71:6f:19:e6:12:ab:3e:65:76:0f:5a:0f:
 
+         cf:96:30:c3:fc:59:e9:13:af:e1:8a:b0:2c:78:ad:3d:b4:e9:
 
+         e5:20
 
+-----BEGIN CERTIFICATE-----
 
+MIICfTCCAeagAwIBAgIJANjT46bL48zLMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV
 
+BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNDAy
 
+MTUwODMwMDhaFw0xNTAyMTUwODMwMDhaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
 
+DAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNS53MS5maTCBnzANBgkqhkiG9w0BAQEF
 
+AAOBjQAwgYkCgYEAo5np4uEXYDtwNBp0XEbjuL27qsnz7vsSMKBpw3Q4gDq6I1LH
 
+wWrPut1B49JpNaSmYGwxH4W9Vmx7CWPNp1FrhECQd36XaHs4tcQVO3Q3NCi6euLX
 
+hFN4dk0Wt7jfCXLnhyZ0LATKxc4p9bTO2yjrRUdCj+2IWqMjSZt7vDnhAVMCAwEA
 
+AaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQzFp07FxWCKzRuOOjMIr9Jp14q
 
+KzAfBgNVHSMEGDAWgBS4kt79ihizMMOfVfMzXbTIKYpBFDA1BggrBgEFBQcBAQQp
 
+MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8wEwYDVR0l
 
+BAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAby3LO5FQFeHHQRVspInl
 
+Dvn5mxA22GeoKeJqb4l7Zr3xuPoc9yKLhU4389YeNd/HBOYTIMr6YsyNOr2XEFwb
 
+Czl5rBNhWXn9oUt9ycXEGU12W81tHvKq72dRqgzvavIQcW8Z5hKrPmV2D1oPz5Yw
 
+w/xZ6ROv4YqwLHitPbTp5SA=
 
+-----END CERTIFICATE-----

+ 15 - 0
tests/hwsim/test_ap_eap.py
Voir le fichier 

@@ -949,3 +949,18 @@ def test_ap_wpa2_eap_ttls_ignore_expired_cert(dev, apdev):
 
                    ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
 
                    phase1="tls_disable_time_checks=1",
 
                    scan_freq="2412")
 
+
 
+def test_ap_wpa2_eap_ttls_server_cert_eku_client(dev, apdev):
 
+    """WPA2-Enterprise using EAP-TTLS and server cert with client EKU"""
 
+    params = int_eap_server_params()
 
+    params["server_cert"] = "auth_serv/server-eku-client.pem"
 
+    params["private_key"] = "auth_serv/server-eku-client.key"
 
+    hostapd.add_ap(apdev[0]['ifname'], params)
 
+    dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
 
+                   identity="mschap user", password="password",
 
+                   ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
 
+                   wait_connect=False,
 
+                   scan_freq="2412")
 
+    ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
 
+    if ev is None:
 
+        raise Exception("Timeout on EAP failure report")