tests: Complete Suite B 128-bit coverage

Enable BIP-GMAC-128 and enforce Suite B profile for TLS.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests/hwsim/auth_serv/ec-ca-openssl.cnf

@@ -0,0 +1,111 @@
+# OpenSSL configuration file for Suite B
+
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+oid_section		= new_oids
+
+[ new_oids ]
+
+[ ca ]
+default_ca	= CA_default
+
+[ CA_default ]
+
+dir		= ./ec-ca
+certs		= $dir/certs
+crl_dir		= $dir/crl
+database	= $dir/index.txt
+#unique_subject	= no
+new_certs_dir	= $dir/newcerts
+certificate	= $dir/cacert.pem
+serial		= $dir/serial
+crlnumber	= $dir/crlnumber
+crl		= $dir/crl.pem
+private_key	= $dir/private/cakey.pem
+RANDFILE	= $dir/private/.rand
+
+x509_extensions	= ext_client
+
+name_opt 	= ca_default
+cert_opt 	= ca_default
+
+copy_extensions = copy
+
+default_days	= 365
+default_crl_days= 30
+default_md	= default
+preserve	= no
+
+policy		= policy_match
+
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= optional
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+#emailAddress		= optional
+
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+#emailAddress		= optional
+
+[ req ]
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca
+
+string_mask = utf8only
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= FI
+countryName_min			= 2
+countryName_max			= 2
+
+localityName			= Locality Name (eg, city)
+localityName_default		= Helsinki
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= w1.fi
+
+commonName			= Common Name (e.g. server FQDN or YOUR name)
+#@CN@
+commonName_max			= 64
+
+[ req_attributes ]
+
+[ v3_ca ]
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, cRLSign, keyCertSign
+
+[ crl_ext ]
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ ext_client ]
+
+basicConstraints=CA:FALSE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+#@ALTNAME@
+extendedKeyUsage = clientAuth
+keyUsage = digitalSignature, keyEncipherment
+
+[ ext_server ]
+
+basicConstraints=critical, CA:FALSE
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+#@ALTNAME@
+extendedKeyUsage = critical, serverAuth
+keyUsage = digitalSignature, keyEncipherment

tests/hwsim/auth_serv/ec-ca.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICAjCCAaegAwIBAgIJANry4MnEh6ybMAoGCCqGSM49BAMCMFIxCzAJBgNVBAYT
+AkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxIDAeBgNVBAMM
+F1N1aXRlIEIgMTI4LWJpdCBSb290IENBMB4XDTE1MDEyNTExMjk1M1oXDTI1MDEy
+MjExMjk1M1owUjELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4wDAYD
+VQQKDAV3MS5maTEgMB4GA1UEAwwXU3VpdGUgQiAxMjgtYml0IFJvb3QgQ0EwWTAT
+BgcqhkjOPQIBBggqhkjOPQMBBwNCAASqUNEASvF83W/PA2xqq/2fhIgZeLdSnnLc
+0yLcjku5WvpLHGy/pLhRsvghtjWjTsgqBqfeW8tq0ywsUdY0ylsNo2YwZDAdBgNV
+HQ4EFgQU/IP6SzTrGV4cfeWF7Mf8IfXodWgwHwYDVR0jBBgwFoAU/IP6SzTrGV4c
+feWF7Mf8IfXodWgwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYw
+CgYIKoZIzj0EAwIDSQAwRgIhAIfEWvUO4+28moKfVL8RXbKKexTZk82UCRL2yi01
+c81AAiEAxBGPZU0vnwxjAaCOhRIH+5X9PDkdLSs25S4ua6BicT8=
+-----END CERTIFICATE-----

tests/hwsim/auth_serv/ec-generate.sh

@@ -0,0 +1,53 @@
+#!/bin/sh
+
+OPENSSL=openssl
+
+CURVE=prime256v1
+DIGEST="-sha256"
+DIGEST_CA="-md sha256"
+
+echo
+echo "---[ Root CA ]----------------------------------------------------------"
+echo
+
+cat ec-ca-openssl.cnf |
+	sed "s/#@CN@/commonName_default = Suite B 128-bit Root CA/" \
+	> ec-ca-openssl.cnf.tmp
+$OPENSSL ecparam -out ec-ca.key -name $CURVE -genkey
+$OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -x509 -new -key ec-ca.key -out ec-ca.pem -outform PEM -days 3650 $DIGEST
+mkdir -p ec-ca/certs ec-ca/crl ec-ca/newcerts ec-ca/private
+touch ec-ca/index.txt
+rm ec-ca-openssl.cnf.tmp
+
+echo
+echo "---[ Server ]-----------------------------------------------------------"
+echo
+
+cat ec-ca-openssl.cnf |
+	sed "s/#@CN@/commonName_default = server.w1.fi/" |
+	sed "s/#@ALTNAME@/subjectAltName=critical,DNS:server.w1.fi/" \
+	> ec-ca-openssl.cnf.tmp
+$OPENSSL ecparam -out ec-server.key -name $CURVE -genkey
+$OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -nodes -key ec-server.key -out ec-server.req -outform PEM $DIGEST
+$OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile ec-ca.key -cert ec-ca.pem -create_serial -in ec-server.req -out ec-server.pem -extensions ext_server $DIGEST_CA
+rm ec-ca-openssl.cnf.tmp
+
+echo
+echo "---[ User ]-------------------------------------------------------------"
+echo
+
+cat ec-ca-openssl.cnf |
+	sed "s/#@CN@/commonName_default = user/" |
+	sed "s/#@ALTNAME@/subjectAltName=email:user@w1.fi/" \
+	> ec-ca-openssl.cnf.tmp
+$OPENSSL ecparam -out ec-user.key -name $CURVE -genkey
+$OPENSSL req -config ec-ca-openssl.cnf.tmp -batch -new -nodes -key ec-user.key -out ec-user.req -outform PEM -extensions ext_client $DIGEST
+$OPENSSL ca -config ec-ca-openssl.cnf.tmp -batch -keyfile ec-ca.key -cert ec-ca.pem -create_serial -in ec-user.req -out ec-user.pem -extensions ext_client $DIGEST_CA
+rm ec-ca-openssl.cnf.tmp
+
+echo
+echo "---[ Verify ]-----------------------------------------------------------"
+echo
+
+$OPENSSL verify -CAfile ec-ca.pem ec-server.pem
+$OPENSSL verify -CAfile ec-ca.pem ec-user.pem

tests/hwsim/auth_serv/ec-server.key

@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIN/qNiKLsQDpQWumSiRRF6LM7TP7GTwdS8vG7xP8vKz/oAoGCCqGSM49
+AwEHoUQDQgAEvl8WCLIK1vIZbxQZ7yDyKzzgvoxlhl+VwbuQNuzcWTq6QJqdEXbH
+gFohTPzAXxlSyHi45Uz6yWrR/uq2OldcmQ==
+-----END EC PRIVATE KEY-----

tests/hwsim/auth_serv/ec-server.pem

@@ -0,0 +1,53 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 9573410140069116734 (0x84db95ccdff13b3e)
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C=FI, L=Helsinki, O=w1.fi, CN=Suite B 128-bit Root CA
+        Validity
+            Not Before: Jan 25 11:29:53 2015 GMT
+            Not After : Jan 25 11:29:53 2016 GMT
+        Subject: C=FI, O=w1.fi, CN=server.w1.fi
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub: 
+                    04:be:5f:16:08:b2:0a:d6:f2:19:6f:14:19:ef:20:
+                    f2:2b:3c:e0:be:8c:65:86:5f:95:c1:bb:90:36:ec:
+                    dc:59:3a:ba:40:9a:9d:11:76:c7:80:5a:21:4c:fc:
+                    c0:5f:19:52:c8:78:b8:e5:4c:fa:c9:6a:d1:fe:ea:
+                    b6:3a:57:5c:99
+                ASN1 OID: prime256v1
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                6E:21:26:96:72:29:39:BF:8B:EF:EB:65:CD:E0:4E:97:6F:1A:2C:E5
+            X509v3 Authority Key Identifier: 
+                keyid:FC:83:FA:4B:34:EB:19:5E:1C:7D:E5:85:EC:C7:FC:21:F5:E8:75:68
+
+            X509v3 Subject Alternative Name: critical
+                DNS:server.w1.fi
+            X509v3 Extended Key Usage: critical
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: ecdsa-with-SHA256
+         30:44:02:20:47:b1:5e:57:ae:6c:0b:df:78:11:79:5c:b2:60:
+         fd:0c:9c:37:18:19:fe:c1:b6:ca:f6:4f:62:63:13:ff:ff:64:
+         02:20:07:1f:3b:1d:c7:d8:fe:ff:26:0b:68:d0:85:bc:01:15:
+         62:e4:7f:f4:c7:e4:ad:d5:da:40:44:5a:0b:f5:72:9e
+-----BEGIN CERTIFICATE-----
+MIICDzCCAbagAwIBAgIJAITblczf8Ts+MAoGCCqGSM49BAMCMFIxCzAJBgNVBAYT
+AkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxIDAeBgNVBAMM
+F1N1aXRlIEIgMTI4LWJpdCBSb290IENBMB4XDTE1MDEyNTExMjk1M1oXDTE2MDEy
+NTExMjk1M1owNDELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMRUwEwYDVQQD
+DAxzZXJ2ZXIudzEuZmkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS+XxYIsgrW
+8hlvFBnvIPIrPOC+jGWGX5XBu5A27NxZOrpAmp0RdseAWiFM/MBfGVLIeLjlTPrJ
+atH+6rY6V1yZo4GSMIGPMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFG4hJpZyKTm/
+i+/rZc3gTpdvGizlMB8GA1UdIwQYMBaAFPyD+ks06xleHH3lhezH/CH16HVoMBoG
+A1UdEQEB/wQQMA6CDHNlcnZlci53MS5maTAWBgNVHSUBAf8EDDAKBggrBgEFBQcD
+ATALBgNVHQ8EBAMCBaAwCgYIKoZIzj0EAwIDRwAwRAIgR7FeV65sC994EXlcsmD9
+DJw3GBn+wbbK9k9iYxP//2QCIAcfOx3H2P7/Jgto0IW8ARVi5H/0x+St1dpARFoL
+9XKe
+-----END CERTIFICATE-----

tests/hwsim/auth_serv/ec-user.key

@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIL52ZfaYm8GAzhot94BCQriTmQEq2+JPkS+HCwUpLuwaoAoGCCqGSM49
+AwEHoUQDQgAEnE2sSN8ZOateUoi3Ao0VewSH+1ceTf+NkiJpoymO6U6q0CSlG2bp
+dZyBk+6UIOD9WiCi2tN+QGbvPnPrlLfBOg==
+-----END EC PRIVATE KEY-----

tests/hwsim/auth_serv/ec-user.pem

@@ -0,0 +1,52 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 9573410140069116735 (0x84db95ccdff13b3f)
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C=FI, L=Helsinki, O=w1.fi, CN=Suite B 128-bit Root CA
+        Validity
+            Not Before: Jan 25 11:29:53 2015 GMT
+            Not After : Jan 25 11:29:53 2016 GMT
+        Subject: C=FI, O=w1.fi, CN=user
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub: 
+                    04:9c:4d:ac:48:df:19:39:ab:5e:52:88:b7:02:8d:
+                    15:7b:04:87:fb:57:1e:4d:ff:8d:92:22:69:a3:29:
+                    8e:e9:4e:aa:d0:24:a5:1b:66:e9:75:9c:81:93:ee:
+                    94:20:e0:fd:5a:20:a2:da:d3:7e:40:66:ef:3e:73:
+                    eb:94:b7:c1:3a
+                ASN1 OID: prime256v1
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                89:28:76:9A:42:DB:B6:F8:36:97:63:8F:7D:0A:EA:0B:FE:66:2B:CD
+            X509v3 Authority Key Identifier: 
+                keyid:FC:83:FA:4B:34:EB:19:5E:1C:7D:E5:85:EC:C7:FC:21:F5:E8:75:68
+
+            X509v3 Subject Alternative Name: 
+                email:user@w1.fi
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: ecdsa-with-SHA256
+         30:45:02:20:26:84:14:f6:50:ac:ed:da:88:27:6d:18:d5:b3:
+         2c:c8:59:ea:2a:c3:ae:69:03:79:0d:66:5e:5f:a5:52:27:92:
+         02:21:00:db:8d:fd:58:e5:22:9b:17:32:57:34:e9:2e:30:da:
+         1d:77:4c:15:18:9b:7d:e4:5d:bc:64:cd:21:ff:57:df:16
+-----BEGIN CERTIFICATE-----
+MIIB/TCCAaOgAwIBAgIJAITblczf8Ts/MAoGCCqGSM49BAMCMFIxCzAJBgNVBAYT
+AkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxIDAeBgNVBAMM
+F1N1aXRlIEIgMTI4LWJpdCBSb290IENBMB4XDTE1MDEyNTExMjk1M1oXDTE2MDEy
+NTExMjk1M1owLDELMAkGA1UEBhMCRkkxDjAMBgNVBAoMBXcxLmZpMQ0wCwYDVQQD
+DAR1c2VyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnE2sSN8ZOateUoi3Ao0V
+ewSH+1ceTf+NkiJpoymO6U6q0CSlG2bpdZyBk+6UIOD9WiCi2tN+QGbvPnPrlLfB
+OqOBhzCBhDAJBgNVHRMEAjAAMB0GA1UdDgQWBBSJKHaaQtu2+DaXY499CuoL/mYr
+zTAfBgNVHSMEGDAWgBT8g/pLNOsZXhx95YXsx/wh9eh1aDAVBgNVHREEDjAMgQp1
+c2VyQHcxLmZpMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIFoDAKBggq
+hkjOPQQDAgNIADBFAiAmhBT2UKzt2ognbRjVsyzIWeoqw65pA3kNZl5fpVInkgIh
+ANuN/VjlIpsXMlc06S4w2h13TBUYm33kXbxkzSH/V98W
+-----END CERTIFICATE-----

tests/hwsim/test_suite_b.py

@@ -1,5 +1,5 @@
 # Suite B tests
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
+# Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
 #
 # This software may be distributed under the terms of the BSD license.
 # See README for more details.
@@ -12,19 +12,45 @@ import hostapd
 from utils import HwsimSkip
 
 def test_suite_b(dev, apdev):
-    """WPA2-PSK/GCMP connection"""
+    """WPA2-PSK/GCMP connection at Suite B 128-bit level"""
     if "GCMP" not in dev[0].get_capability("pairwise"):
         raise HwsimSkip("GCMP not supported")
-    params = hostapd.wpa2_eap_params(ssid="test-suite-b")
+    if "BIP-GMAC-128" not in dev[0].get_capability("group_mgmt"):
-    params["wpa_key_mgmt"] = "WPA-EAP-SUITE-B"
+        raise HwsimSkip("BIP-GMAC-128 not supported")
-    params['rsn_pairwise'] = "GCMP"
+    if "WPA-EAP-SUITE-B" not in dev[0].get_capability("key_mgmt"):
+        raise HwsimSkip("WPA-EAP-SUITE-B not supported")
+    tls = dev[0].request("GET tls_library")
+    if not tls.startswith("OpenSSL"):
+        raise HwsimSkip("TLS library not supported for Suite B: " + tls);
+    if "build=OpenSSL 1.0.2" not in tls or "run=OpenSSL 1.0.2" not in tls:
+        raise HwsimSkip("OpenSSL version not supported for Suite B: " + tls)
+
+    params = { "ssid": "test-suite-b",
+               "wpa": "2",
+               "wpa_key_mgmt": "WPA-EAP-SUITE-B",
+               "rsn_pairwise": "GCMP",
+               "group_mgmt_cipher": "BIP-GMAC-128",
+               "ieee80211w": "2",
+               "ieee8021x": "1",
+               "openssl_ciphers": "SUITEB128",
+               #"dh_file": "auth_serv/dh.conf",
+               "eap_server": "1",
+               "eap_user_file": "auth_serv/eap_user.conf",
+               "ca_cert": "auth_serv/ec-ca.pem",
+               "server_cert": "auth_serv/ec-server.pem",
+               "private_key": "auth_serv/ec-server.key" }
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
-    # TODO: Force Suite B configuration for TLS
+
-    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B",
+    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B", ieee80211w="2",
-                   eap="TLS", identity="tls user", ca_cert="auth_serv/ca.pem",
+                   openssl_ciphers="SUITEB128",
-                   client_cert="auth_serv/user.pem",
+                   eap="TLS", identity="tls user",
-                   private_key="auth_serv/user.key",
+                   ca_cert="auth_serv/ec-ca.pem",
+                   client_cert="auth_serv/ec-user.pem",
+                   private_key="auth_serv/ec-user.key",
                    pairwise="GCMP", group="GCMP", scan_freq="2412")
+    tls_cipher = dev[0].get_status_field("EAP TLS cipher")
+    if tls_cipher != "ECDHE-ECDSA-AES128-GCM-SHA256":
+        raise Exception("Unexpected TLS cipher: " + tls_cipher)
 
     bss = dev[0].get_bss(apdev[0]['bssid'])
     if 'flags' not in bss: