tests: wpa_supplicant config blobs and PEM encoding

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2021-08-19 17:41:13 +03:00
parent cce33c7e7a
commit 2bbc5a2b09

View file

@ -124,19 +124,25 @@ def check_ec_support(dev):
if tls.startswith("internal"): if tls.startswith("internal"):
raise HwsimSkip("EC not supported with this TLS library: " + tls) raise HwsimSkip("EC not supported with this TLS library: " + tls)
def read_pem(fname): def read_pem(fname, decode=True):
with open(fname, "r") as f: with open(fname, "r") as f:
lines = f.readlines() lines = f.readlines()
copy = False copy = False
cert = "" cert = ""
for l in lines: for l in lines:
if "-----END" in l: if "-----END" in l:
if not decode:
cert = cert + l
break break
if copy: if copy:
cert = cert + l cert = cert + l
if "-----BEGIN" in l: if "-----BEGIN" in l:
copy = True copy = True
return base64.b64decode(cert) if not decode:
cert = cert + l
if decode:
return base64.b64decode(cert)
return cert.encode()
def eap_connect(dev, hapd, method, identity, def eap_connect(dev, hapd, method, identity,
sha256=False, expect_failure=False, local_error_report=False, sha256=False, expect_failure=False, local_error_report=False,
@ -2244,6 +2250,24 @@ def test_ap_wpa2_eap_tls_blob(dev, apdev):
client_cert="blob://usercert", client_cert="blob://usercert",
private_key="blob://userkey") private_key="blob://userkey")
def test_ap_wpa2_eap_tls_blob_pem(dev, apdev):
"""WPA2-Enterprise connection using EAP-TLS and config blobs (PEM)"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hapd = hostapd.add_ap(apdev[0], params)
cert = read_pem("auth_serv/ca.pem", decode=False)
if "OK" not in dev[0].request("SET blob cacert " + binascii.hexlify(cert).decode()):
raise Exception("Could not set cacert blob")
cert = read_pem("auth_serv/user.pem", decode=False)
if "OK" not in dev[0].request("SET blob usercert " + binascii.hexlify(cert).decode()):
raise Exception("Could not set usercert blob")
key = read_pem("auth_serv/user.key.pkcs8", decode=False)
if "OK" not in dev[0].request("SET blob userkey " + binascii.hexlify(key).decode()):
raise Exception("Could not set cacert blob")
eap_connect(dev[0], hapd, "TLS", "tls user", ca_cert="blob://cacert",
client_cert="blob://usercert",
private_key="blob://userkey",
private_key_passwd="whatever")
def test_ap_wpa2_eap_tls_blob_missing(dev, apdev): def test_ap_wpa2_eap_tls_blob_missing(dev, apdev):
"""EAP-TLS and config blob missing""" """EAP-TLS and config blob missing"""
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")