tests: Start RADIUS authentication server

This can be used to run WPA2-Enterprise test cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2013-09-29 19:14:16 +03:00
parent 77e3094bb7
commit 479cbb3892
13 changed files with 286 additions and 1 deletions

View file

@ -44,7 +44,7 @@ make
cd ../hostapd
cp ../tests/hwsim/example-hostapd.config .config
make clean
make
make hostapd hlr_auc_gw
cd ../wlantest
make clean
make
@ -146,6 +146,8 @@ specific log:
- tcpdump = tcpdump output
- run = debug prints from the test scripts
- trace.dat = Linux tracing record (if enabled)
- hlr_auc_gw - hlr_auc_gw (EAP-SIM/AKA/AKA' authentication) log
- auth_serv - hostapd as RADIUS authentication server log
For manual testing, ./start.sh can be used to initialize interfaces and

View file

@ -0,0 +1,15 @@
driver=none
radius_server_clients=auth_serv/radius_clients.conf
eap_server=1
eap_user_file=auth_serv/eap_user.conf
ca_cert=auth_serv/ca.pem
server_cert=auth_serv/server.pem
private_key=auth_serv/server.key
server_id=server.w1.fi
eap_sim_db=unix:/tmp/hlr_auc_gw.sock
dh_file=auth_serv/dh.conf
pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f
eap_fast_a_id=101112131415161718191a1b1c1d1e1f
eap_fast_a_id_info=test server
eap_sim_aka_result_ind=1

View file

@ -0,0 +1,55 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15624081837803162817 (0xd8d3e3a6cbe3ccc1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FI, O=w1.fi, CN=Root CA
Validity
Not Before: Jun 29 16:41:22 2013 GMT
Not After : Jun 27 16:41:22 2023 GMT
Subject: C=FI, O=w1.fi, CN=Root CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:be:1e:86:e4:79:03:c1:d1:94:d5:d4:b3:b1:28:
90:76:fb:b8:a6:cd:6d:1c:d1:48:f4:08:9a:67:ff:
f9:a6:54:b1:19:29:df:29:1b:cd:f1:6f:66:01:e7:
db:79:ce:c0:39:2a:25:13:26:94:0c:2c:7b:5a:2c:
81:0f:94:ee:51:d0:75:e6:46:db:17:46:a7:15:8b:
0e:57:0f:b0:54:76:63:12:ca:86:18:bc:1a:c3:16:
c0:70:09:d6:6b:43:39:b8:98:29:46:ac:cb:6a:ad:
38:88:3b:07:dc:81:cd:3a:f6:1d:f6:2f:ef:1d:d7:
ae:8a:b6:d1:e7:b3:15:02:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
X509v3 Authority Key Identifier:
keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
1a:cf:77:60:44:43:c4:55:0e:99:e0:89:aa:b9:d3:7b:32:b7:
5c:9c:7c:ca:fe:8c:d4:94:c6:5e:f3:83:19:5f:29:59:68:a4:
4f:dc:04:2e:b8:71:c0:6d:3b:ae:01:e4:b9:88:99:cc:ce:82:
be:6a:28:c2:ac:6a:94:c6:87:90:ed:85:3c:10:71:c5:ff:3c:
70:64:e2:41:62:31:ea:86:7b:11:8c:93:ea:c6:f3:f3:4e:f9:
d4:f2:81:90:d7:f4:fa:a1:91:6e:d4:dd:15:3e:26:3b:ac:1e:
c3:c2:1f:ed:bb:34:bf:cb:b2:67:c6:c6:51:e8:51:22:b4:f3:
92:e8
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIJANjT46bL48zBMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV
BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xMzA2
MjkxNjQxMjJaFw0yMzA2MjcxNjQxMjJaMC8xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
DAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAvh6G5HkDwdGU1dSzsSiQdvu4ps1tHNFI9AiaZ//5plSxGSnfKRvN8W9m
Aefbec7AOSolEyaUDCx7WiyBD5TuUdB15kbbF0anFYsOVw+wVHZjEsqGGLwawxbA
cAnWa0M5uJgpRqzLaq04iDsH3IHNOvYd9i/vHdeuirbR57MVArkCAwEAAaNQME4w
HQYDVR0OBBYEFLiS3v2KGLMww59V8zNdtMgpikEUMB8GA1UdIwQYMBaAFLiS3v2K
GLMww59V8zNdtMgpikEUMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
Gs93YERDxFUOmeCJqrnTezK3XJx8yv6M1JTGXvODGV8pWWikT9wELrhxwG07rgHk
uYiZzM6CvmoowqxqlMaHkO2FPBBxxf88cGTiQWIx6oZ7EYyT6sbz80751PKBkNf0
+qGRbtTdFT4mO6wew8If7bs0v8uyZ8bGUehRIrTzkug=
-----END CERTIFICATE-----

View file

@ -0,0 +1,5 @@
-----BEGIN DH PARAMETERS-----
MIGHAoGBAP3V8IHq3H2DUlYywsvjYNuS17eCdt0mJo6/os6PHqdhgkMrPxF9u4Gr
qKXq9e6GqmZYdjta30N3FkXaV924BJ0xOqb2TntiKg4u50/l6hSUneWt6UFBaizd
XrqjNFIme/5RXMZ7RglXliBpCepAaFLMcKhOS4ulUyYYHSy+oqRjAgEC
-----END DH PARAMETERS-----

View file

@ -0,0 +1,27 @@
"0"* AKA
"1"* SIM
"2"* AKA
"3"* SIM
"4"* AKA
"5"* SIM
"6"* AKA'
"7"* AKA'
"8"* AKA'
* TTLS,TLS,PEAP,FAST,SIM,AKA',AKA
"0"* AKA [2]
"1"* SIM [2]
"2"* AKA [2]
"3"* SIM [2]
"4"* AKA [2]
"5"* SIM [2]
"6"* AKA' [2]
"7"* AKA' [2]
"8"* AKA' [2]
"pap user" TTLS-PAP "password" [2]
"chap user" TTLS-CHAP "password" [2]
"mschap user" TTLS-MSCHAP "password" [2]
"DOMAIN\mschapv2 user" TTLS-MSCHAPV2 hash:8846f7eaee8fb117ad06bdd830b7586c [2]
"user" MSCHAPV2,MD5,GTC "password" [2]

View file

@ -0,0 +1,13 @@
# Parameters for Milenage (Example algorithms for AKA).
# The example Ki, OPc, and AMF values here are from 3GPP TS 35.208 v6.0.0
# 4.3.20 Test Set 20. SQN is the last used SQN value.
# These values can be used for both UMTS (EAP-AKA) and GSM (EAP-SIM)
# authentication. In case of GSM/EAP-SIM, AMF and SQN values are not used, but
# dummy values will need to be included in this file.
# IMSI Ki OPc AMF SQN
232010000000000 90dca4eda45b53cf0f12d7c9c3bc6a89 cb9cccc4b9258e6dca4760379fb82581 61df 000000000000
# These values are from Test Set 19 which has the AMF separation bit set to 1
# and as such, is suitable for EAP-AKA' test.
555444333222111 5122250214c33e723a5dd523fc145fc0 981d464c7c52eb6e5036234984ad0bcf c3ab 16f3b3f70fc1

View file

@ -0,0 +1 @@
0.0.0.0/0 radius

View file

@ -0,0 +1,16 @@
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALqgd1UiFIVVZZtk
LK3tm91lMcnaYFDOONY03Oi8G54w5xLjU2zJ7UgDeYFpmM6KuHdHNkXPxuDxex5x
iVT3AcwiraBCsag1nmCqOphR0P8f7r6NCmP7ojkX8mRh9mUCMnl04Z/RiWVVqcMg
nr9pVrP3Tz+pVMLajzyv8nVU+n6BAgMBAAECgYBH8LlvcM62QyAC0Y/DkBeINY0G
wY5lN8mDESei83g196XriwPKqOA15Vj+QOVtoN3Q5PuP17NTXOLX7m5A+WKQVK/O
Cl0uBCEqS9YvPN6Fp9va5VonhWxGpLdZcrxETTpxjHhVBGS9C8wBday65r2nDfo6
uWlCebceUBuuSzwybQJBAOAwS7ZY8xY/bCNDzvfnNuPsPQDEQWVx6A9mv9BnepT/
8bQcvfkUbXyWy5NsPN6yt/tqmjdbUEFAuNJlI23I2wsCQQDVG7poTL8KPa7UZge7
W79FyyEoL5but1VPTAN6JJNTMpp9k2LBWFjUSmTiTkeccHfbvKxMjUuI7NQwya41
hSQjAkApSRuYUBcsIK/kaqdhxeW44Zd2Xa4BZZGrzGtEkNnlOKElXympBhcHm6mP
053+EQGKvl36FcnYynd+33s/y35zAkAZ5ZC1c/4TJIPGU8/EuNV5icGxvHa+85Bu
XnJduWwdxBx5/hsWG8JPqeqwhYq2PASUs0zM0K7JKN5wP1HoNxG5AkEAlaumCfLv
vA/b3HVZD/b0nxkl/F7g3nACPVJ48FU2BneB+bU75zqeI3B7xGd9CKamkuutH6or
fe17ZI8ZeLCLqA==
-----END PRIVATE KEY-----

View file

@ -0,0 +1,64 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15624081837803162823 (0xd8d3e3a6cbe3ccc7)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FI, O=w1.fi, CN=Root CA
Validity
Not Before: Sep 29 16:02:03 2013 GMT
Not After : Sep 29 16:02:03 2014 GMT
Subject: C=FI, O=w1.fi, CN=server.w1.fi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:ba:a0:77:55:22:14:85:55:65:9b:64:2c:ad:ed:
9b:dd:65:31:c9:da:60:50:ce:38:d6:34:dc:e8:bc:
1b:9e:30:e7:12:e3:53:6c:c9:ed:48:03:79:81:69:
98:ce:8a:b8:77:47:36:45:cf:c6:e0:f1:7b:1e:71:
89:54:f7:01:cc:22:ad:a0:42:b1:a8:35:9e:60:aa:
3a:98:51:d0:ff:1f:ee:be:8d:0a:63:fb:a2:39:17:
f2:64:61:f6:65:02:32:79:74:e1:9f:d1:89:65:55:
a9:c3:20:9e:bf:69:56:b3:f7:4f:3f:a9:54:c2:da:
8f:3c:af:f2:75:54:fa:7e:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
31:4F:10:5C:67:9F:BE:4E:88:D6:DC:C5:AB:9E:12:88:86:69:02:4F
X509v3 Authority Key Identifier:
keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
Authority Information Access:
OCSP - URI:http://server.w1.fi:8888/
X509v3 Subject Alternative Name:
DNS:server.w1.fi
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha1WithRSAEncryption
a9:b3:cc:e7:b7:5e:fa:88:46:c9:21:97:47:f5:18:9e:1d:5c:
8f:d9:78:51:7f:d8:e8:9d:e4:b1:d0:74:68:67:d3:dc:84:56:
21:7e:a3:ca:ba:97:e9:74:0a:b1:8f:e3:6a:7c:cc:f8:8c:cf:
73:34:27:3f:f5:ac:e6:c4:13:86:b7:86:fb:d0:19:49:ff:55:
28:8e:dc:56:a5:17:fa:8f:43:ef:72:d3:21:00:a2:92:74:b8:
b3:b8:38:4a:2a:01:98:5a:c7:a4:02:f2:43:af:e5:d9:52:3a:
fd:e1:24:ac:33:f4:99:e5:c0:1d:aa:29:b6:c4:a0:e9:6a:a6:
99:0a
-----BEGIN CERTIFICATE-----
MIIClTCCAf6gAwIBAgIJANjT46bL48zHMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV
BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xMzA5
MjkxNjAyMDNaFw0xNDA5MjkxNjAyMDNaMDQxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
DAV3MS5maTEVMBMGA1UEAwwMc2VydmVyLncxLmZpMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQC6oHdVIhSFVWWbZCyt7ZvdZTHJ2mBQzjjWNNzovBueMOcS41Ns
ye1IA3mBaZjOirh3RzZFz8bg8XsecYlU9wHMIq2gQrGoNZ5gqjqYUdD/H+6+jQpj
+6I5F/JkYfZlAjJ5dOGf0YllVanDIJ6/aVaz908/qVTC2o88r/J1VPp+gQIDAQAB
o4GzMIGwMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDFPEFxnn75OiNbcxaueEoiGaQJP
MB8GA1UdIwQYMBaAFLiS3v2KGLMww59V8zNdtMgpikEUMDUGCCsGAQUFBwEBBCkw
JzAlBggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzAXBgNVHREE
EDAOggxzZXJ2ZXIudzEuZmkwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcN
AQEFBQADgYEAqbPM57de+ohGySGXR/UYnh1cj9l4UX/Y6J3ksdB0aGfT3IRWIX6j
yrqX6XQKsY/janzM+IzPczQnP/Ws5sQThreG+9AZSf9VKI7cVqUX+o9D73LTIQCi
knS4s7g4SioBmFrHpALyQ6/l2VI6/eEkrDP0meXAHaoptsSg6WqmmQo=
-----END CERTIFICATE-----

View file

@ -0,0 +1,16 @@
-----BEGIN PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALBoVlPcsi29gqk6
U0WmBrfNjU9IM93x8gjxjrUAhpwTbc8TzXaoxWFL8WhD1M2MX1zhoTLhrbp1dSvC
JRY7dPWX4BOGivgpadUvbQAkz9ZKQw0RJtkp1z8LW2eLKAI7mSzAJkut+b0QHivK
+h/s2Ld0+opxwQyUZaizXxPf2q0pAgMBAAECgYBgj2wZkWdSlDZOLWfhauSofXJJ
IGuLpGDotlh4CSaljhkATYWc2vrXrDsi6GY2cQzOCY80C8YNlzeg0S99wOPelW/3
VA9Frx4IBJRT5KLKELd7qHU8Bu/V8plDHcS84lw5JfrSrN/GAojSXmHCPYx7ZBfN
h+jvTI8zDURRMyg81QJBAOZrm3YFtKqguuVACRKDIqYsDegn3SInq3Tv+iKDVS36
JkTUk4Lk68ycJbvvlH7ak3rzAO3PLfP2aEbhOOtW+dcCQQDD/bkN9FAwHCsIxOSu
eO1rfO+W1NWJIcWuY5Cyjgj3xriJqdG/NL0mxXKvlAN9BD/nbHuNP0hXEes/t0cU
rLD/AkBagX3o18jlFIkUrxhhKx0bBEbaH35eghJ4tiIcGFYG3zDU7GKckWqFTfgM
X8iGIzi2nGiLAEvefbTr0l9XISy1AkB+KXaVN/7iaU9+bpgyg595gMwN0OXAR6Aj
2O3NMsctEJu76jgdmEpmidWAlowETtcAFwIVc3YSrnM76bP06BFrAkAJ7LK5Vn4H
BWNwMHLUVaZoCbMXUwTfshlpnv1ctcOzUPExl/IlqbNl9cVeh/Ap2LQlSv2w5kPl
htcvTkfc8Pr6
-----END PRIVATE KEY-----

View file

@ -0,0 +1,62 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15624081837803162824 (0xd8d3e3a6cbe3ccc8)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FI, O=w1.fi, CN=Root CA
Validity
Not Before: Sep 29 16:04:21 2013 GMT
Not After : Sep 29 16:04:21 2014 GMT
Subject: C=FI, O=w1.fi, CN=Test User
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:a6:96:2e:9b:22:8c:df:94:be:8b:89:49:f6:78:
76:a2:60:7e:14:95:f3:96:fe:ab:19:25:03:34:64:
74:01:3e:a8:9f:7c:f1:47:61:60:4c:82:92:28:7c:
2b:a0:0e:cb:87:bf:59:eb:d7:f3:61:22:3b:14:f3:
ab:31:f6:5a:95:1f:b8:7a:b8:2c:3c:a9:61:53:78:
9b:e8:3e:50:ec:c2:d6:44:e7:43:cd:bc:3e:4e:e7:
46:fe:92:9e:c3:98:0f:29:58:c8:cb:89:01:75:47:
e9:95:57:0f:76:c5:2f:05:5e:c7:1e:0d:f2:3c:12:
63:5d:b9:54:19:af:7f:40:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
81:DE:DF:E9:5A:00:1A:CA:67:D6:06:DD:65:B2:4E:C5:9A:04:43:7D
X509v3 Authority Key Identifier:
keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
Authority Information Access:
OCSP - URI:http://server.w1.fi:8888/
X509v3 Extended Key Usage:
TLS Web Client Authentication
Signature Algorithm: sha1WithRSAEncryption
6a:81:f0:61:9e:79:2f:39:cc:3a:e3:29:ed:51:35:59:64:c3:
7d:f9:2d:27:83:20:eb:4a:fa:94:37:ee:9d:c2:69:47:ed:f5:
91:95:e2:2a:75:f9:4c:99:5e:e0:b1:98:9b:af:fe:ba:1e:86:
49:88:12:ac:26:30:81:bb:e7:61:6b:6f:b3:e3:13:06:27:35:
3b:15:7a:cb:f5:83:53:cc:7f:83:ae:36:18:f2:1f:b7:b8:f4:
16:e3:4c:e5:43:84:ee:b8:e5:47:02:60:37:1f:a3:41:74:8f:
db:0f:f8:d7:87:fa:24:65:ca:1a:54:9a:a7:d4:5c:79:7b:70:
de:52
-----BEGIN CERTIFICATE-----
MIICeTCCAeKgAwIBAgIJANjT46bL48zIMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV
BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xMzA5
MjkxNjA0MjFaFw0xNDA5MjkxNjA0MjFaMDExCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
DAV3MS5maTESMBAGA1UEAwwJVGVzdCBVc2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQCmli6bIozflL6LiUn2eHaiYH4UlfOW/qsZJQM0ZHQBPqiffPFHYWBM
gpIofCugDsuHv1nr1/NhIjsU86sx9lqVH7h6uCw8qWFTeJvoPlDswtZE50PNvD5O
50b+kp7DmA8pWMjLiQF1R+mVVw92xS8FXsceDfI8EmNduVQZr39AawIDAQABo4Ga
MIGXMAkGA1UdEwQCMAAwHQYDVR0OBBYEFIHe3+laABrKZ9YG3WWyTsWaBEN9MB8G
A1UdIwQYMBaAFLiS3v2KGLMww59V8zNdtMgpikEUMDUGCCsGAQUFBwEBBCkwJzAl
BggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzATBgNVHSUEDDAK
BggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOBgQBqgfBhnnkvOcw64yntUTVZZMN9
+S0ngyDrSvqUN+6dwmlH7fWRleIqdflMmV7gsZibr/66HoZJiBKsJjCBu+dha2+z
4xMGJzU7FXrL9YNTzH+DrjYY8h+3uPQW40zlQ4TuuOVHAmA3H6NBdI/bD/jXh/ok
ZcoaVJqn1Fx5e3DeUg==
-----END CERTIFICATE-----

View file

@ -5,6 +5,7 @@ WPAS=$DIR/../../wpa_supplicant/wpa_supplicant
WPACLI=$DIR/../../wpa_supplicant/wpa_cli
HAPD=$DIR/../../hostapd/hostapd
WLANTEST=$DIR/../../wlantest/wlantest
HLR_AUC_GW=$DIR/../../hostapd/hlr_auc_gw
if groups | tr ' ' "\n" | grep -q ^admin$; then
GROUP=admin
@ -72,6 +73,12 @@ if [ "x$VALGRIND" = "xy" ]; then
sudo chown $USER $DIR/logs/$DATE-*valgrind*
fi
if [ -x $HLR_AUC_GW ]; then
$HLR_AUC_GW -m $DIR/auth_serv/hlr_auc_gw.milenage_db > $DIR/logs/$DATE-hlr_auc_gw &
fi
$HAPD -ddKt $DIR/auth_serv/as.conf > $DIR/logs/$DATE-auth_serv &
# wait for programs to be fully initialized
for i in 0 1 2; do
for j in `seq 1 10`; do

View file

@ -19,6 +19,8 @@ if grep -q hwsim0 /proc/net/dev; then
sudo ifconfig hwsim0 down
fi
killall -q hlr_auc_gw
if [ "$RUNNING" = "yes" ]; then
# give some time for hostapd and wpa_supplicant to complete deinit
sleep 0.5