tests: Suite B 192-bit with RSA and RADIUS

This tests use of RSA >3K keys and forcing ECDHE on both the server and
client side.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2017-12-10 21:18:06 +02:00
parent a2c442be25
commit 2ce88a1d2e

View file

@ -429,3 +429,43 @@ def test_suite_b_192_rsa_insufficient_dh(dev, apdev):
raise Exception("DH error not reported")
if "insufficient security" not in ev and "internal error" not in ev:
raise Exception("Unexpected error reason: " + ev)
def test_suite_b_192_rsa_radius(dev, apdev):
"""WPA2/GCMP-256 (RADIUS) connection at Suite B 192-bit level and RSA (ECDHE)"""
check_suite_b_192_capa(dev)
dev[0].flush_scan_cache()
params = suite_b_as_params()
params['ca_cert'] = 'auth_serv/rsa3072-ca.pem'
params['server_cert'] = 'auth_serv/rsa3072-server.pem'
params['private_key'] = 'auth_serv/rsa3072-server.key'
del params['openssl_ciphers']
params["tls_flags"] = "[SUITEB]"
hostapd.add_ap(apdev[1], params)
params = { "ssid": "test-suite-b",
"wpa": "2",
"wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
"rsn_pairwise": "GCMP-256",
"group_mgmt_cipher": "BIP-GMAC-256",
"ieee80211w": "2",
"ieee8021x": "1",
'auth_server_addr': "127.0.0.1",
'auth_server_port': "18129",
'auth_server_shared_secret': "radius",
'nas_identifier': "nas.w1.fi" }
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
ieee80211w="2",
openssl_ciphers="ECDHE-RSA-AES256-GCM-SHA384",
phase1="tls_suiteb=1",
eap="TLS", identity="tls user",
ca_cert="auth_serv/rsa3072-ca.pem",
client_cert="auth_serv/rsa3072-user.pem",
private_key="auth_serv/rsa3072-user.key",
pairwise="GCMP-256", group="GCMP-256",
group_mgmt="BIP-GMAC-256", scan_freq="2412")
tls_cipher = dev[0].get_status_field("EAP TLS cipher")
if tls_cipher != "ECDHE-RSA-AES256-GCM-SHA384":
raise Exception("Unexpected TLS cipher: " + tls_cipher)