jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

tests: Suite B with RSA keys

Browse source 
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2017-09-17 00:12:18 +03:00 committed by Jouni Malinen
parent 1c9663cf6b
commit 78b6be046d
9 changed files with 558 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
tests/hwsim/auth_serv/dh_param_3072.pem Normal file
View file

@ -0,0 +1,11 @@
-----BEGIN DH PARAMETERS-----
MIIBiAKCAYEA3HLNJq+KXn0kCgo4QNnZNmkzwAVLPyIoK24CCfXC53Ax2jAY7iCu
recce4hWsRAXjfFLcdGlcHPQ6saSwKE80ebj2eSpiASnAMO46PaGDxpycLl+Ac92
RTaNDFYXveOMSAQboBC6KlNuf4hf7m+ZNxNTEdhKJnx5DmE5UbRKLzndH49OSsNG
9ip+gHvO6FmRI4bUr5tosVfcVv2nWA0aRknEWFgUw5qKzi0XIejxHf+SKl+XlHGF
/HuFV7zvksy/wVd0aMl40QSRTLvUfK+jwjPyAKFi7pSEa+cJGJNO1AVfiDCQ8xiA
wXM4cqU1cUgTuSZZy3itLIlr3+a0O0PQ/zYCgSZlfRBtbWoOK54RhEJ33xTUVcIH
bMkS8lmqscVIccPVzC9cv+MASbrfE1wvSJFkW1cHy+LScyQLaXeiqovH0HWp60cN
9UhTcBRV49JTZfTk4wcfc50q+oNNMOXiHXX6Cz7YYkWQhVarawZcOOXkL5LwyqWE
Fd2a8VjMc7ujAgEC
-----END DH PARAMETERS-----

40
tests/hwsim/auth_serv/rsa3072-ca.key Normal file
View file

@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDiAu/025dmYcmq
o9AhYIhHpHjo9DCIg1tjbybtl0upoTTrO9paSG00hVnZ1hL8iL+Dez9KL+3zbsiQ
ilnLWTLvVa1WJlytk8yhXohK2D+frPyqTmH2GjewI/N0+o2lJPzXycFTX9GjWeAg
2Mc4GeIOHbY3QZCP8PQBxzyfiH30Pins2ZmtKVegzuaNBN2ZXp5ZZ+ABjpyBkmjv
vb8kb89DQBVgzow5Wk77efs6Av2Js128i/PPQfDVkEuHJaaltMF5V3JCj7TR0nji
+6l6wzE4oBc5zuKYJ/Ux6H9789Zws5Q3gi+VeeJ+8PzPTmCN3mtAh7NXPKI7MlFj
EQiSkJ7nOGtc0UKNTZXq7w0JjNlHurc/cVrYfer6+gPf623EMwCZ/zw+YyjKEjMg
MFoaeR4G4nkPklpx4GYM0knBkcoSczBkdcpasHeCEXQoNkS7u+RjzHAsYNoSOad0
gWLLym0EyGKj7Ws2U3jXM3r5j8n2xOv9JGAZ8/q8K1QRrxQw5tsCAwEAAQKCAYAY
+KwciLqkpD9M7EaNuYW1LLXzPy+xlZneVaSeca35cwdOylEo0oHGYMl5qQ51+oH2
fAKVJtCKqf3dAnxDXHqlOPkq4Jgy0Xa1iaVTZ6s38DwGcRyfvWvTuVUn4psN2RVa
nj8PADJAcyixWGJCj5GLb7r3RfY8ASpkm+fV1JXeC5RESBKTsFKvQMz2XchCLtMe
G70DTwd5xXx0qKla1EO5MXZrOMcDezfozyRz12q98SR1NZ1dk/KRFh1SNFXCT0Mv
+yD0clnPJa13kYHvXRABHfzx/3z7NQk9UM9bd5iWsLLQm57HtfbpV089H4XsAobU
xabRbuen9JrejsMETudCtP/ftZQNKEjAyY6y0yrOM4c/z1IL4zc75KW3gh/0ruPa
XTlHEBvA3h29W1dLhk9oyeiFHiV8BRffjlyS325CX9z89hdoPK1cZwuIDgqdTpVw
VL6MqKxu72oyLWZcq4CKT6ZIpLgwRAfPZ/oCsJQZbO46PIg5hRIlNEb1H5vGkDEC
gcEA+qE5IS8kt676UXZLEjp3UtsuGHzfj+kC2x9dVepRL8bxf58W65ZsZim9xZ56
Ls8gw8NXh7/7SRqHBpaH6Sg7YZZFzfD6RB86O7atZ2CwTMMuBcN5zZc6AwfH418Z
wHaQeN1gYAyLdHf80rMMlElz8hjJ3uCuBWG70WinemzynlS14AtG4HB09C1vmjnD
Q4L8lCmEQpqy3GeKDQnWTIhzoqenr1+iQF7bdCUw878yMI0x7Di+okiWFC7HnW/y
qPiZAoHBAObarPdCbpqiUtymTRbdq1xP69pZXcMOmgL+kLEELhhl9BfJqbXY51xn
NCIpIMH3CyhJ5/Og9TCE72gfhA2jzJK9mK6Jmiz04BViCf308yh9y6TaZSdsOEz6
M+uVbuP+UcBLV5AV9UvrgWDcWOm46W63v7Mgqh6x7rC1rR+VFi3Lj2HoU4aM4mEM
E5OfbgMxWUQNKkyUy58KUs2wu58v+K7N8eu3Fa4Sl63xkRi1YKgqYAxeRKknrNb+
IkVq5zC/kwKBwHOB8k5057swDXWVyytvfqbVFP18L5yniwVqAx4hi6E1Uv+6Vlnl
TbgX7LozO6RvGW6fjKunsywR6cEDh0fRnuxu0WUEdpMGwVPb8Tb/vMDkA0XsvSof
VEEpSNplbfzhp9vMSyp5HZxj4EVK97Uv1RvyiLcLXahlTqZIUUd/BqIp8Fh9WgD+
Uyhl+FVf4bovmDDAoZAAtAYYQeuYaQeEq6Z/Fi0hKin4jbONoG315C+0Ixn3XQR1
55UNqjnI6lEtoQKBwQCi/VvHi2jJ1reIQAYHkeRN3cOYuyXe9O06Ff+Ua24cHceU
D/a5hHX9IISHZeBR8hk3jc6tjUPvyLu7GR1EABUMub4V5OMswIuBrWF+ozYWrZJd
RzDJ/7dUagbEWxIa+NFBYjBlc4tn2dPTzl8cTUjKugMn9nUGDPyIWQztUnaBSMpo
Bv8J7WhbuooL3TFwIaRzzpPB1ABbvo8t2IzvXJBI4vDeSrqM12WuEvMtrcmbkaeU
s+3oPDHk7TLHLi4ile8CgcEAmV1hwY4s78tMYrUbDypyH9r5a2QT9ezyPS64WntC
y3I4zVwO0pqtPMXQCgby2Z+PkuBC1WWCFSZZ4Aw5P/0OShIf+ADMewFF//DvReEc
p+kh/7vKulnX4mPQGkuSnCmO5zyMDroP8JtTnkX8K4P143vQY4n/oFogUx+4lTG/
bedKQgI9v+ubb0JsZkENPirKyIOdiTz64fjD+IKMgq15SYifVundDC/ubG5Cr0rn
PId0vxr7ixFQPAT1hwUT1CuI
-----END PRIVATE KEY-----

27
tests/hwsim/auth_serv/rsa3072-ca.pem Normal file
View file

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEizCCAvOgAwIBAgIJAIAj56DfmvbYMA0GCSqGSIb3DQEBDAUAMFExCzAJBgNV
BAYTAkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxHzAdBgNV
BAMMFlN1aXRlIEIgUlNBIDNrIFJvb3QgQ0EwHhcNMTcwOTE3MTgxNjQwWhcNMjcw
OTE1MTgxNjQwWjBRMQswCQYDVQQGEwJGSTERMA8GA1UEBwwISGVsc2lua2kxDjAM
BgNVBAoMBXcxLmZpMR8wHQYDVQQDDBZTdWl0ZSBCIFJTQSAzayBSb290IENBMIIB
ojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA4gLv9NuXZmHJqqPQIWCIR6R4
6PQwiINbY28m7ZdLqaE06zvaWkhtNIVZ2dYS/Ii/g3s/Si/t827IkIpZy1ky71Wt
ViZcrZPMoV6IStg/n6z8qk5h9ho3sCPzdPqNpST818nBU1/Ro1ngINjHOBniDh22
N0GQj/D0Acc8n4h99D4p7NmZrSlXoM7mjQTdmV6eWWfgAY6cgZJo772/JG/PQ0AV
YM6MOVpO+3n7OgL9ibNdvIvzz0Hw1ZBLhyWmpbTBeVdyQo+00dJ44vupesMxOKAX
Oc7imCf1Meh/e/PWcLOUN4IvlXnifvD8z05gjd5rQIezVzyiOzJRYxEIkpCe5zhr
XNFCjU2V6u8NCYzZR7q3P3Fa2H3q+voD3+ttxDMAmf88PmMoyhIzIDBaGnkeBuJ5
D5JaceBmDNJJwZHKEnMwZHXKWrB3ghF0KDZEu7vkY8xwLGDaEjmndIFiy8ptBMhi
o+1rNlN41zN6+Y/J9sTr/SRgGfP6vCtUEa8UMObbAgMBAAGjZjBkMB0GA1UdDgQW
BBQh9+/awzQ67c3VUMCzugnuP4DXcDAfBgNVHSMEGDAWgBQh9+/awzQ67c3VUMCz
ugnuP4DXcDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkq
hkiG9w0BAQwFAAOCAYEAHmNoYP+c4TRPSogjCswhbzSVEpZhnjEg0Yd8XkGxKeBw
o0hsPRFWjj/vO3uVeqoAyj2zkpiulPjBqlhLbwX31Q0T6vknWfNOsXgv2lB1yEZN
HqxyEYsMN5RpEVqRRio66dhmALYuacX6gIphueTetaR9zeq1yy8GD0/omB7Ryig6
5dMoTt4c9g8YFZE7AENkkbzMPqTdGKnY4uUQKgDBPH3TIlckx5zNq8GXTcAy4zyc
4gj7NGPDdU5nk6BNRmlhFlsTaLHNc8C+5tI5fEx057AEa/7kggskvHxc7zespVMj
RjTR9qkNC15IJHClMhBMiIDyURZF6Z3nyD0tMBJuIt2GU3gTqZLnrChp7PLXRCN/
uByPuhJ528FzhQ1hnz93qBQ7OAamHfo44Zyk5wFnIUy+sd9QsM9zm+33/j0Vd5ar
fzSfGRHJTb8xF7vH7TBH92CifdO17WNqH6+7KkFkEK44Dn87gjsgC8mXAOsE6HFw
lKzThlrFLvCBIsQ4V9qH
-----END CERTIFICATE-----

63
tests/hwsim/auth_serv/rsa3072-generate.sh Executable file
View file

@ -0,0 +1,63 @@
#!/bin/sh
OPENSSL=openssl
echo
echo "---[ DH parameters ]----------------------------------------------------"
echo
if [ -r dh_param_3072.pem ]; then
echo "Use already generated dh_param_3072.pem"
else
openssl dhparam -out dh_param_3072.pem 3072
fi
echo
echo "---[ Root CA ]----------------------------------------------------------"
echo
if [ -r rsa3072-ca.key ]; then
echo "Use already generated Root CA"
else
cat ec-ca-openssl.cnf |
sed "s/#@CN@/commonName_default = Suite B RSA 3k Root CA/" |
sed s%\./ec-ca$%./rsa3072-ca% \
> rsa3072-ca-openssl.cnf.tmp
$OPENSSL req -config rsa3072-ca-openssl.cnf.tmp -batch -x509 -new -newkey rsa:3072 -nodes -keyout rsa3072-ca.key -out rsa3072-ca.pem -outform PEM -days 3650 -sha384
mkdir -p rsa3072-ca/certs rsa3072-ca/crl rsa3072-ca/newcerts rsa3072-ca/private
touch rsa3072-ca/index.txt
rm rsa3072-ca-openssl.cnf.tmp
fi
echo
echo "---[ Server ]-----------------------------------------------------------"
echo
cat ec-ca-openssl.cnf |
sed "s/#@CN@/commonName_default = rsa3072.server.w1.fi/" |
sed "s/#@ALTNAME@/subjectAltName=critical,DNS:rsa3072.server.w1.fi/" |
sed s%\./ec-ca$%./rsa3072-ca% \
> rsa3072-ca-openssl.cnf.tmp
$OPENSSL req -config rsa3072-ca-openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout rsa3072-server.key -out rsa3072-server.req -outform PEM -sha384
$OPENSSL ca -config rsa3072-ca-openssl.cnf.tmp -batch -keyfile rsa3072-ca.key -cert rsa3072-ca.pem -create_serial -in rsa3072-server.req -out rsa3072-server.pem -extensions ext_server -days 730 -md sha384
rm rsa3072-ca-openssl.cnf.tmp
echo
echo "---[ User SHA-384 ]-----------------------------------------------------"
echo
cat ec-ca-openssl.cnf |
sed "s/#@CN@/commonName_default = user-rsa3072/" |
sed "s/#@ALTNAME@/subjectAltName=email:user-rsa3072@w1.fi/" |
sed s%\./ec-ca$%./rsa3072-ca% \
> rsa3072-ca-openssl.cnf.tmp
$OPENSSL req -config rsa3072-ca-openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout rsa3072-user.key -out rsa3072-user.req -outform PEM -extensions ext_client -sha384
$OPENSSL ca -config rsa3072-ca-openssl.cnf.tmp -batch -keyfile rsa3072-ca.key -cert rsa3072-ca.pem -create_serial -in rsa3072-user.req -out rsa3072-user.pem -extensions ext_client -days 730 -md sha384
rm rsa3072-ca-openssl.cnf.tmp
echo
echo "---[ Verify ]-----------------------------------------------------------"
echo
$OPENSSL verify -CAfile rsa3072-ca.pem rsa3072-server.pem
$OPENSSL verify -CAfile rsa3072-ca.pem rsa3072-user.pem

40
tests/hwsim/auth_serv/rsa3072-server.key Normal file
View file

@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/wIBADANBgkqhkiG9w0BAQEFAASCBukwggblAgEAAoIBgQD+qVxZj6qAy7hK
ifk66H0kUbjyBcZC4Gi1pPF+ijGi4AxYxYAgyyDwDsFrTeHX68xFSMmwD4/vgNsb
YAKv7+gKKcgE33CS6fHcakc7Wm8Q5hlNk5LQCo6iTTKfE8g0bBpM7KTtiSoD+xgN
fw3ePn/YXSel4XtiY3FhRVL5RxAdKMJdc/udA2i/baQSEnTH0LiHQ7Nnh85ue1gf
LzLrEB/ndFw62YwYyASVa+M7JUwK25nzWbCOet765NtQFZCiMOKKxqkGMOPXKd0m
qJVubvXEQtD3fkBNPf2tL89A3dTAa4CiNH4FL78yRAvUeG0qEgh8hLRNUVrlhG4X
JkOMg2sW81/6s5+E0yur8z4sI2W5EXbhhRLOuwM4WYK/THe6O5BRnGd2sB50HkzI
sTXWNyncfsOJzIaeCDGccOpabIeSU+uZ+zPSMvGBMXigyX1t2WsH+shKZ1csjKbO
5X42lfEJvd+/yFM9IWf9k8uyerVWYZ4vzmn6+lYKa5xpePdOVHMCAwEAAQKCAYAG
VHVcMIr/apDpIWbVhQPfTDy5n1UfQm633SK3j33OW51S843Mwt/Nt8AtB6GOeWj5
a+a/fpOIU36evpMyhlcRMZqsLFWjATemz+l3WzcZh26nk/x5OVn0RND2TUqTqwA4
W0V6NgeaU7p0U20n0gvhd+dNYz5q4qfl0BBQ6+hFoUa7he+CJpyK7ZG/dT/7239K
tW8XKrQB4QT+uXCdkSgJ28WTHOczkn0yrZzXUoUCXBUGjHsr/3fdaqTc57xRm79p
HDAjOavFnSDENTDsB5R9jmN70BY008xoitAtUzMkCVABbxn9npvjrTjKw/fg3oph
1Ml8JaLDjsh3UzhqnmYKIJrZvdyfe7/Q9j7KtECPuxdf170BJ3jPrJPcWTecazfh
szpt1beLyv8o4D7ttmgs/n1OXhGL1smcrTeIXdmrBlfIiKjY+3EE9SpxvXN/9DCy
+jnuEfy1KkbEhHSPVplGmyHb8xToA5FUfWsX/wWo0CZbH1ouquUHdcq/HsFGLZkC
gcEA/2tBin4Hmmn5987Y17Iv3WG0XZFNW5jfvt0THo5R+Phg3DKGyYKFtrnS6bMZ
IKl7YvpxZZ6+w0wBkaQWE/y9wN2oeiQE8WMvnYptGXs+sVXCNQJmKbZHxnZuQrwr
KGAIwhGxShbx+rAzyXakKM0p2PUyHg9xAPu3Sfmb8zYWc8KZ62Xxf3tFErnGeJUm
ZgdqtWvOWXJxMz2nM/Ow6FlnHr0Wo8ZEpli5kWlTwp+S7Trn6969lVJV4cGjPJxD
7kGnAoHBAP89qeS0vx6XmMwqfgH+OTrRO6+F2sGOSvrcSWRBS0R4ninIOXASMWxH
W/bAgzUwGB7bTUmVjQRGkFXIn0YcBlvMVJlvpQ0DqPftVY9Fa2TSUa2//M8PbIgk
NsHa89YWkkKFMOZUH9JzIkn4H+f6mNv83sMOWGrdaymiLP7NxgA8VIeybekQ73j3
thnDT2xyMXwO6Y0FbySvV8y6AEFTOq5vgR8A0orEEeP0eUlBzv030J/CNW4hXo0c
qVsknTo4VQKBwQDw1s3CLPw2Wd9eDyjgmiAP+2T7JVtwF0JC0mqI0WHyBSIv/2Sg
9fXnSmjZ/Aqhha3WspfiXkE6HZ0NG0/GIPc7uMZ4BSa0BfaL8k7VTCTdSiQJn+19
P2eGd32YZ526QHOBqvUlC2W4IBV0ze4Umv/ul6VeOukvKCq4Eik+t62MEd7Y3BNP
RYjoE0xVvy2p3yx7TOAR75tV2bijgBE7xbE6hsmmO/nXcKnptwtH5PfBwV2WRz00
Y6KfcNre9+oF6tkCgcEAifVrgenML53jAd+p0iv2BPuY1it0bRAbKPKuXJkKNM05
N/44RYIf4pXDeGDfynzfXLZOVQqXeQsm8qcIp9139mBADdsRjDJBPxiyGUl9XbZs
XYya+dQtZnykeC1/hGUY0wmov6YSuS5wByktHbcOrkFEqotzcPeS96LnzSWt8uyp
B9uCmuoDdg/2BoDRyh0C8DojNI0OYPbBby/N+YEiA6zTTs2j/0sxHFRExjrixW1I
v0E6nfc9YupuA4yLyy8tAoHBAPoDc7AZeCsAIrGU/ojvPEMGYk/DyCnPyalrTeI3
DP01lx3/URyhIawu0k9oXQy6IdyJ4BHonMRSHqoMw53W9Lvany0n1CgW9+84JZ1C
9H6VyK+uxK/00UYEDwVf5PSZiWFxa4h7uQm/EDzTEF/cim47DbpQR8j8YkJ77+dZ
lBleLkVv9CgT2eH4zGAjAiD5KPd0pQEPse5jNXnwI/+qa5rKZBWFcnFRiHbcMqDF
b7FtSAoTF3UtdZ9XQUM0V4ZwuA==
-----END PRIVATE KEY-----

105
tests/hwsim/auth_serv/rsa3072-server.pem Normal file
View file

@ -0,0 +1,105 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12505381161559820488 (0xad8c09e8fba288c8)
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=FI, L=Helsinki, O=w1.fi, CN=Suite B RSA 3k Root CA
Validity
Not Before: Sep 17 18:16:40 2017 GMT
Not After : Sep 17 18:16:40 2019 GMT
Subject: C=FI, O=w1.fi, CN=rsa3072.server.w1.fi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (3072 bit)
Modulus:
00:fe:a9:5c:59:8f:aa:80:cb:b8:4a:89:f9:3a:e8:
7d:24:51:b8:f2:05:c6:42:e0:68:b5:a4:f1:7e:8a:
31:a2:e0:0c:58:c5:80:20:cb:20:f0:0e:c1:6b:4d:
e1:d7:eb:cc:45:48:c9:b0:0f:8f:ef:80:db:1b:60:
02:af:ef:e8:0a:29:c8:04:df:70:92:e9:f1:dc:6a:
47:3b:5a:6f:10:e6:19:4d:93:92:d0:0a:8e:a2:4d:
32:9f:13:c8:34:6c:1a:4c:ec:a4:ed:89:2a:03:fb:
18:0d:7f:0d:de:3e:7f:d8:5d:27:a5:e1:7b:62:63:
71:61:45:52:f9:47:10:1d:28:c2:5d:73:fb:9d:03:
68:bf:6d:a4:12:12:74:c7:d0:b8:87:43:b3:67:87:
ce:6e:7b:58:1f:2f:32:eb:10:1f:e7:74:5c:3a:d9:
8c:18:c8:04:95:6b:e3:3b:25:4c:0a:db:99:f3:59:
b0:8e:7a:de:fa:e4:db:50:15:90:a2:30:e2:8a:c6:
a9:06:30:e3:d7:29:dd:26:a8:95:6e:6e:f5:c4:42:
d0:f7:7e:40:4d:3d:fd:ad:2f:cf:40:dd:d4:c0:6b:
80:a2:34:7e:05:2f:bf:32:44:0b:d4:78:6d:2a:12:
08:7c:84:b4:4d:51:5a:e5:84:6e:17:26:43:8c:83:
6b:16:f3:5f:fa:b3:9f:84:d3:2b:ab:f3:3e:2c:23:
65:b9:11:76:e1:85:12:ce:bb:03:38:59:82:bf:4c:
77:ba:3b:90:51:9c:67:76:b0:1e:74:1e:4c:c8:b1:
35:d6:37:29:dc:7e:c3:89:cc:86:9e:08:31:9c:70:
ea:5a:6c:87:92:53:eb:99:fb:33:d2:32:f1:81:31:
78:a0:c9:7d:6d:d9:6b:07:fa:c8:4a:67:57:2c:8c:
a6:ce:e5:7e:36:95:f1:09:bd:df:bf:c8:53:3d:21:
67:fd:93:cb:b2:7a:b5:56:61:9e:2f:ce:69:fa:fa:
56:0a:6b:9c:69:78:f7:4e:54:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
82:D7:75:95:94:9E:35:F7:1F:91:6D:37:9F:26:4F:3D:9D:C1:6E:96
X509v3 Authority Key Identifier:
keyid:21:F7:EF:DA:C3:34:3A:ED:CD:D5:50:C0:B3:BA:09:EE:3F:80:D7:70
X509v3 Subject Alternative Name: critical
DNS:rsa3072.server.w1.fi
X509v3 Extended Key Usage: critical
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
Signature Algorithm: sha384WithRSAEncryption
55:60:59:3f:3b:85:7c:d2:95:9b:c0:00:fb:a8:57:c6:02:41:
7b:2c:b5:fd:e0:a6:35:1c:18:f8:0f:d6:f7:f4:0c:01:7d:7c:
a4:cc:80:11:73:5b:06:03:f0:25:58:46:0b:2c:50:8e:80:5a:
f4:49:df:69:ca:8a:de:7c:00:5d:3b:5d:45:f8:c9:19:f8:e1:
ab:01:6b:ee:49:1f:c2:e3:3e:f6:a2:fa:4e:5d:b9:6f:93:2b:
cc:b8:77:52:ae:8c:22:a1:53:f2:98:d0:df:b1:9b:27:ea:32:
76:2d:fb:4c:8a:04:32:4d:aa:07:57:ad:c7:3f:d1:86:c0:71:
05:35:c4:6e:e3:b8:a0:63:06:6b:e8:0e:50:4b:8c:60:3a:a6:
84:ae:da:ab:b8:7a:7b:20:7a:c5:74:9b:bf:41:a9:b8:d8:34:
20:56:35:86:60:d0:43:fa:06:a0:b7:b1:49:f3:02:f1:cf:72:
20:8d:9a:48:6b:db:14:30:e3:21:a4:6f:87:08:d8:95:66:e3:
b6:7e:15:e8:44:03:f3:92:b8:84:54:ba:af:c6:ce:7d:32:85:
1f:a7:54:40:86:4e:93:89:73:e5:18:ea:49:4a:9d:80:78:6d:
2e:d3:bf:9c:a9:75:09:3c:b7:33:36:ce:20:81:df:7e:ca:50:
0d:c7:b9:91:82:5d:3b:25:d3:0b:ee:bb:a8:84:fc:79:ce:c1:
1f:af:d3:df:34:f6:a0:50:3d:4b:1c:b4:91:1b:b1:5a:d2:27:
44:4e:0e:20:f1:b3:8c:7f:08:44:27:c8:56:0a:0b:b9:aa:f7:
4d:62:5d:35:ef:06:44:a2:2d:35:8a:66:8c:1f:c9:c2:89:cb:
7d:38:54:84:5c:c4:96:3d:11:d1:2c:d2:98:9d:b7:4f:1c:4f:
e9:37:80:4f:25:6b:3a:29:1c:55:52:56:23:6e:4e:b6:74:d3:
cd:0a:1d:b7:24:f2:41:24:8a:05:ad:e0:d3:8f:fc:c5:bd:a7:
bc:8e:e5:7f:0b:d7
-----BEGIN CERTIFICATE-----
MIIEqzCCAxOgAwIBAgIJAK2MCej7oojIMA0GCSqGSIb3DQEBDAUAMFExCzAJBgNV
BAYTAkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxHzAdBgNV
BAMMFlN1aXRlIEIgUlNBIDNrIFJvb3QgQ0EwHhcNMTcwOTE3MTgxNjQwWhcNMTkw
OTE3MTgxNjQwWjA8MQswCQYDVQQGEwJGSTEOMAwGA1UECgwFdzEuZmkxHTAbBgNV
BAMMFHJzYTMwNzIuc2VydmVyLncxLmZpMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A
MIIBigKCAYEA/qlcWY+qgMu4Son5Ouh9JFG48gXGQuBotaTxfooxouAMWMWAIMsg
8A7Ba03h1+vMRUjJsA+P74DbG2ACr+/oCinIBN9wkunx3GpHO1pvEOYZTZOS0AqO
ok0ynxPINGwaTOyk7YkqA/sYDX8N3j5/2F0npeF7YmNxYUVS+UcQHSjCXXP7nQNo
v22kEhJ0x9C4h0OzZ4fObntYHy8y6xAf53RcOtmMGMgElWvjOyVMCtuZ81mwjnre
+uTbUBWQojDiisapBjDj1yndJqiVbm71xELQ935ATT39rS/PQN3UwGuAojR+BS+/
MkQL1HhtKhIIfIS0TVFa5YRuFyZDjINrFvNf+rOfhNMrq/M+LCNluRF24YUSzrsD
OFmCv0x3ujuQUZxndrAedB5MyLE11jcp3H7DicyGnggxnHDqWmyHklPrmfsz0jLx
gTF4oMl9bdlrB/rISmdXLIymzuV+NpXxCb3fv8hTPSFn/ZPLsnq1VmGeL85p+vpW
CmucaXj3TlRzAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgtd1
lZSeNfcfkW03nyZPPZ3BbpYwHwYDVR0jBBgwFoAUIffv2sM0Ou3N1VDAs7oJ7j+A
13AwIgYDVR0RAQH/BBgwFoIUcnNhMzA3Mi5zZXJ2ZXIudzEuZmkwFgYDVR0lAQH/
BAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBDAUAA4IBgQBV
YFk/O4V80pWbwAD7qFfGAkF7LLX94KY1HBj4D9b39AwBfXykzIARc1sGA/AlWEYL
LFCOgFr0Sd9pyorefABdO11F+MkZ+OGrAWvuSR/C4z72ovpOXblvkyvMuHdSrowi
oVPymNDfsZsn6jJ2LftMigQyTaoHV63HP9GGwHEFNcRu47igYwZr6A5QS4xgOqaE
rtqruHp7IHrFdJu/Qam42DQgVjWGYNBD+gagt7FJ8wLxz3IgjZpIa9sUMOMhpG+H
CNiVZuO2fhXoRAPzkriEVLqvxs59MoUfp1RAhk6TiXPlGOpJSp2AeG0u07+cqXUJ
PLczNs4ggd9+ylANx7mRgl07JdML7ruohPx5zsEfr9PfNPagUD1LHLSRG7Fa0idE
Tg4g8bOMfwhEJ8hWCgu5qvdNYl017wZEoi01imaMH8nCict9OFSEXMSWPRHRLNKY
nbdPHE/pN4BPJWs6KRxVUlYjbk62dNPNCh23JPJBJIoFreDTj/zFvae8juV/C9c=
-----END CERTIFICATE-----

40
tests/hwsim/auth_serv/rsa3072-user.key Normal file
View file

@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQCSd2eORDSDqDf5
qcRyXHFynTUdPYw0Ilwk+IeB3t6spZN3xTikgpyMBpsUi1IJMkwxxfjpL2SKOQpw
nk6KnLylq3gYUkR1/sMAYecfRcAScuQ4niid9nZgcLN7EcqQmCrqJsBcrqkSzFIR
pgKs6FlWeqiT7P0G7qzorxdoV085ytRISYq0jT4hUaOW558k5fUQ5zb+jjOyfSJm
j0Jlzw9PzKMkD+O6mIk1p1SZ7IFHxC+yOzuyTM6kqFpmEECODX1n2O0a/eVhFtv1
THNAOeN9bycmCGgYAt87WgQKCMVTux0AkWz2OCrwqp8rNm6VJKcahNhcavjVP2IP
IEu3lsbCG/iBZBMVeptdmO4P2XM31TyfNVKT33KdidSfIPIThRIAfCMnzvnd4reC
CaL6JlQix/20+hrTbSmPG2cTL9ji8Fx1nqp5/MG3SF0IEgE3eBP5Uzc6qCE45190
+4VTayFrgsmlQSyjOXQUoFwDyBMXVaYVRVI8ubk//tmoFG8gxSECAwEAAQKCAYBq
xnOPCngCNwM/lhzphi0KckMDYxgv9ZCZPzmCWxiYYkjkerm1bKZ1imdKDdsrayiS
7JFuZad1AOp0eWQmtubsG9n8WRUhtC0yvSzB5paEnI92Gw7fQYrA+chOgwTabqRy
ePepWYdWde+qgAzZQrXGTrtQw+ceQ6d4JhT5cxUFu7EQVdSxlXpizeJlo8uoGaCT
xwuXfdGAYKtQe0XbdJzj/vo70v2gzYzRuX/6iqkgyYw/8eCuNkI7VaQ5XcXCCWB1
nCf578JBXynJEpEBh6FEZj6LzBD7aop2ErYkiTRdWKTvweqVxSQtiiS//FH91tiy
hMm61mzgf4kTf1FsFokp+xssSbHKhxTsZO4pXoupdUTfG9B8vAlbQObDiOmLUtdX
mpXkDDnZUD//alLGxbiOmncH4K/VGuZuSXnSkbUnjrdkOGVtSy4cwxAbgii1z6D9
jeImt4vTvFkt3jiqfPs7/c6M6giEY3OyjbR8P3jksBC4urKTWI+B010AsKUur5UC
gcEAwnj7nNSyABEhyimKIfGIjXGiKaRevfstRTs+fRYWGkcVvVZQ2s1xxTAXGiYa
kJgFUL3lTfbdvkTHEp5U7PrC4ErXBAV61fjv9DfRGFTIvtOM10YfrS/GeZuJYHXe
abrVliB56jiOg2tq6XrKPe6f7vZFDaan2srh0/FN/CEHom2WS7mQL+VjwwCtBZHh
aMMkg/bW9qaV0fWwi2dK97vcQzb3udgnnC6M2P6bK7og9Vfa8tW8kVtSBVjyoGu7
1aCrAoHBAMDOO+LM8nPhju/jeWH2366YhGbRZM2lpqb6b7c/09AUC4ESK82S9AKe
1Ppa8Q5KnaI0PAg7V6CebL1EjGgzUcWZWzC7Q8u+In7ktq09G0uk6vtlfpwjx4OU
Q9DiosZdBASKmhQpmYRYawbvjQXhPIexAYSvwb+930g93+gmLOXOtg1C/y2vHtsm
JU8bCkXceC2PsCB2D8aOKlUoyutXMW8VX0VmBab0JBuTp9T+woYp5RXj2Id1CuOC
BlJZZNjpYwKBwQC9wGJxsi9EVXMM2N9JI21D5d5+lz1CTfTsGlRspMJIPZf+uFwI
QnGCH9xKzWcaMtrs330AR6IxZtZ/WjIvULYZN6z45YfnhBBN0LCa9w8w8yX3XxrF
V1pnidXPYvLzYzPIWkPav/h+Tq9wxTjUmSNAfNb/7N7XYyJaNJcNLgVO/XKqzJLd
yQtAWEZ6qs6v88iLYqx42i5RQVNTkiPZ+Vl/1AB/O2PaxqjziepKDkDeYyzlyJtH
kT1Ernd/A9+xICUCgcAszkCAflxBrcNH4DcPGw30RyFNu4+PctV9rGlVzpFso5vg
zNY9Gc925G5eF9A5IAHt9fGVgCTnAKoIeeufM33nS7IzavFgYbkmgAQr0i2LsLGi
5n07z9zHqSbxXhmxu1/5pjQUR26ToPCOVhERsrwcVHgj26xM4NUItshX7Lc2WIla
H52pgi7LgtvcvE3w2kFbZS7q/ETCQbt4utgdRNAKHo9bU1Aw8j+J4RB5oRKXlxjT
s3VYVUzIfij17ixPdD0CgcA8LTjVgy6jeCeCWIUjoAlPLuMB3A/zU3ZxeWJ7uEUj
Xjz/6ToSQBWtbW1xtKBW9RZBzbIZCgiNBqO38DqKzoKY6T/muIJniLUW5lshj5B5
XFSanprP/vp+J8lEaTiVAAfsbt2/ZuZq+IAxwDo9oifr5NtKvexaiEJ0apx/e0yg
tvwouNj0+z89rF2INCDbWB3750mPcBRafASXyVRCwiopzfdFHZB1boUcSq7cRY2R
cTEirRqQCdUI6fmEGFMYR6A=
-----END PRIVATE KEY-----

105
tests/hwsim/auth_serv/rsa3072-user.pem Normal file
View file

@ -0,0 +1,105 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 12505381161559820489 (0xad8c09e8fba288c9)
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=FI, L=Helsinki, O=w1.fi, CN=Suite B RSA 3k Root CA
Validity
Not Before: Sep 17 18:16:40 2017 GMT
Not After : Sep 17 18:16:40 2019 GMT
Subject: C=FI, O=w1.fi, CN=user-rsa3072
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (3072 bit)
Modulus:
00:92:77:67:8e:44:34:83:a8:37:f9:a9:c4:72:5c:
71:72:9d:35:1d:3d:8c:34:22:5c:24:f8:87:81:de:
de:ac:a5:93:77:c5:38:a4:82:9c:8c:06:9b:14:8b:
52:09:32:4c:31:c5:f8:e9:2f:64:8a:39:0a:70:9e:
4e:8a:9c:bc:a5:ab:78:18:52:44:75:fe:c3:00:61:
e7:1f:45:c0:12:72:e4:38:9e:28:9d:f6:76:60:70:
b3:7b:11:ca:90:98:2a:ea:26:c0:5c:ae:a9:12:cc:
52:11:a6:02:ac:e8:59:56:7a:a8:93:ec:fd:06:ee:
ac:e8:af:17:68:57:4f:39:ca:d4:48:49:8a:b4:8d:
3e:21:51:a3:96:e7:9f:24:e5:f5:10:e7:36:fe:8e:
33:b2:7d:22:66:8f:42:65:cf:0f:4f:cc:a3:24:0f:
e3:ba:98:89:35:a7:54:99:ec:81:47:c4:2f:b2:3b:
3b:b2:4c:ce:a4:a8:5a:66:10:40:8e:0d:7d:67:d8:
ed:1a:fd:e5:61:16:db:f5:4c:73:40:39:e3:7d:6f:
27:26:08:68:18:02:df:3b:5a:04:0a:08:c5:53:bb:
1d:00:91:6c:f6:38:2a:f0:aa:9f:2b:36:6e:95:24:
a7:1a:84:d8:5c:6a:f8:d5:3f:62:0f:20:4b:b7:96:
c6:c2:1b:f8:81:64:13:15:7a:9b:5d:98:ee:0f:d9:
73:37:d5:3c:9f:35:52:93:df:72:9d:89:d4:9f:20:
f2:13:85:12:00:7c:23:27:ce:f9:dd:e2:b7:82:09:
a2:fa:26:54:22:c7:fd:b4:fa:1a:d3:6d:29:8f:1b:
67:13:2f:d8:e2:f0:5c:75:9e:aa:79:fc:c1:b7:48:
5d:08:12:01:37:78:13:f9:53:37:3a:a8:21:38:e7:
5f:74:fb:85:53:6b:21:6b:82:c9:a5:41:2c:a3:39:
74:14:a0:5c:03:c8:13:17:55:a6:15:45:52:3c:b9:
b9:3f:fe:d9:a8:14:6f:20:c5:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
B1:4F:36:17:24:40:AD:6B:05:33:87:C4:AD:4F:4A:53:AF:F5:D6:23
X509v3 Authority Key Identifier:
keyid:21:F7:EF:DA:C3:34:3A:ED:CD:D5:50:C0:B3:BA:09:EE:3F:80:D7:70
X509v3 Subject Alternative Name:
email:user-rsa3072@w1.fi
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
Signature Algorithm: sha384WithRSAEncryption
82:14:fb:75:bc:ee:a9:e9:9d:fa:bf:af:19:ef:d5:80:2d:c7:
47:52:bd:a5:68:f3:38:5b:47:45:a0:54:53:48:14:1a:28:af:
10:f7:a5:a8:4e:b6:86:12:15:b0:3f:5e:df:03:c8:d8:ae:f0:
eb:67:7e:ad:6f:93:8a:bd:16:a2:5f:70:ba:4c:61:62:d5:23:
f5:bc:a6:a6:84:25:05:f9:15:54:54:05:22:c7:28:18:df:76:
18:f8:87:fe:50:81:7f:22:9b:4e:2e:34:62:f1:10:8a:df:78:
f8:b7:0e:e7:fe:86:46:e7:52:e4:88:85:48:d3:c9:70:7e:77:
db:1f:d1:ab:b9:34:d5:54:17:9a:f5:6b:6a:2c:1d:71:e6:ee:
17:76:ed:6f:af:1e:47:48:33:38:43:9f:c5:3d:ab:c6:8b:03:
ec:bb:30:9f:a3:32:69:38:3f:74:76:bd:4b:39:15:5e:22:c6:
f6:e7:fb:2b:8f:f9:8a:60:00:6f:08:04:a8:a9:6f:78:ba:16:
a5:5f:82:82:cf:a9:9a:d3:b8:8e:44:71:09:3f:ae:0f:0f:f9:
a6:68:20:e9:65:a7:5a:16:b7:4b:12:53:77:77:f8:cf:34:e7:
49:cb:1d:e8:ee:82:70:50:3a:30:1a:fe:71:ae:b2:13:95:6e:
3c:c2:f9:49:1c:34:15:86:a2:b4:fa:4d:08:4a:92:40:66:bc:
db:76:84:d2:5e:03:4c:9e:62:78:9d:01:60:db:35:be:e3:3a:
29:15:87:64:44:0d:8f:78:c4:ce:cc:c6:68:8d:c3:ea:42:86:
14:de:26:26:25:1d:02:fb:e5:b9:be:8d:44:7c:75:a4:fe:13:
63:cb:94:8f:5a:8c:86:e5:4c:fd:05:d1:3b:2f:91:9b:bb:03:
13:71:f0:d7:b8:7f:a1:ee:4e:5b:a2:1c:22:d4:38:7a:16:62:
50:11:5e:ab:23:14:a7:a7:5e:24:4a:0c:20:54:8b:05:56:4f:
d0:8c:c0:2d:12:ca
-----BEGIN CERTIFICATE-----
MIIEmDCCAwCgAwIBAgIJAK2MCej7oojJMA0GCSqGSIb3DQEBDAUAMFExCzAJBgNV
BAYTAkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxHzAdBgNV
BAMMFlN1aXRlIEIgUlNBIDNrIFJvb3QgQ0EwHhcNMTcwOTE3MTgxNjQwWhcNMTkw
OTE3MTgxNjQwWjA0MQswCQYDVQQGEwJGSTEOMAwGA1UECgwFdzEuZmkxFTATBgNV
BAMMDHVzZXItcnNhMzA3MjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGB
AJJ3Z45ENIOoN/mpxHJccXKdNR09jDQiXCT4h4He3qylk3fFOKSCnIwGmxSLUgky
TDHF+OkvZIo5CnCeToqcvKWreBhSRHX+wwBh5x9FwBJy5DieKJ32dmBws3sRypCY
KuomwFyuqRLMUhGmAqzoWVZ6qJPs/QburOivF2hXTznK1EhJirSNPiFRo5bnnyTl
9RDnNv6OM7J9ImaPQmXPD0/MoyQP47qYiTWnVJnsgUfEL7I7O7JMzqSoWmYQQI4N
fWfY7Rr95WEW2/VMc0A5431vJyYIaBgC3ztaBAoIxVO7HQCRbPY4KvCqnys2bpUk
pxqE2Fxq+NU/Yg8gS7eWxsIb+IFkExV6m12Y7g/ZczfVPJ81UpPfcp2J1J8g8hOF
EgB8IyfO+d3it4IJovomVCLH/bT6GtNtKY8bZxMv2OLwXHWeqnn8wbdIXQgSATd4
E/lTNzqoITjnX3T7hVNrIWuCyaVBLKM5dBSgXAPIExdVphVFUjy5uT/+2agUbyDF
IQIDAQABo4GPMIGMMAkGA1UdEwQCMAAwHQYDVR0OBBYEFLFPNhckQK1rBTOHxK1P
SlOv9dYjMB8GA1UdIwQYMBaAFCH379rDNDrtzdVQwLO6Ce4/gNdwMB0GA1UdEQQW
MBSBEnVzZXItcnNhMzA3MkB3MS5maTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV
HQ8EBAMCBaAwDQYJKoZIhvcNAQEMBQADggGBAIIU+3W87qnpnfq/rxnv1YAtx0dS
vaVo8zhbR0WgVFNIFBoorxD3pahOtoYSFbA/Xt8DyNiu8Otnfq1vk4q9FqJfcLpM
YWLVI/W8pqaEJQX5FVRUBSLHKBjfdhj4h/5QgX8im04uNGLxEIrfePi3Duf+hkbn
UuSIhUjTyXB+d9sf0au5NNVUF5r1a2osHXHm7hd27W+vHkdIMzhDn8U9q8aLA+y7
MJ+jMmk4P3R2vUs5FV4ixvbn+yuP+YpgAG8IBKipb3i6FqVfgoLPqZrTuI5EcQk/
rg8P+aZoIOllp1oWt0sSU3d3+M8050nLHejugnBQOjAa/nGushOVbjzC+UkcNBWG
orT6TQhKkkBmvNt2hNJeA0yeYnidAWDbNb7jOikVh2REDY94xM7MxmiNw+pChhTe
JiYlHQL75bm+jUR8daT+E2PLlI9ajIblTP0F0TsvkZu7AxNx8Ne4f6HuTluiHCLU
OHoWYlARXqsjFKenXiRKDCBUiwVWT9CMwC0Syg==
-----END CERTIFICATE-----

127
tests/hwsim/test_suite_b.py
View file

@ -302,3 +302,130 @@ def test_suite_b_192_mic_failure(dev, apdev):
pairwise="GCMP-256", group="GCMP-256", scan_freq="2412",
wait_connect=False)
dev[0].wait_disconnected()
def suite_b_192_rsa_ap_params():
params = { "ssid": "test-suite-b",
"wpa": "2",
"wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
"rsn_pairwise": "GCMP-256",
"group_mgmt_cipher": "BIP-GMAC-256",
"ieee80211w": "2",
"ieee8021x": "1",
"tls_flags": "[SUITEB]",
"dh_file": "auth_serv/dh_param_3072.pem",
"eap_server": "1",
"eap_user_file": "auth_serv/eap_user.conf",
"ca_cert": "auth_serv/rsa3072-ca.pem",
"server_cert": "auth_serv/rsa3072-server.pem",
"private_key": "auth_serv/rsa3072-server.key" }
return params
def test_suite_b_192_rsa(dev, apdev):
"""WPA2/GCMP-256 connection at Suite B 192-bit level and RSA"""
run_suite_b_192_rsa(dev, apdev)
def test_suite_b_192_rsa_ecdhe(dev, apdev):
"""WPA2/GCMP-256 connection at Suite B 192-bit level and RSA (ECDHE)"""
run_suite_b_192_rsa(dev, apdev, no_dhe=True)
def test_suite_b_192_rsa_dhe(dev, apdev):
"""WPA2/GCMP-256 connection at Suite B 192-bit level and RSA (DHE)"""
run_suite_b_192_rsa(dev, apdev, no_ecdh=True)
def run_suite_b_192_rsa(dev, apdev, no_ecdh=False, no_dhe=False):
check_suite_b_192_capa(dev)
dev[0].flush_scan_cache()
params = suite_b_192_rsa_ap_params()
if no_ecdh:
params["tls_flags"] = "[SUITEB-NO-ECDH]"
if no_dhe:
del params["dh_file"]
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
ieee80211w="2",
phase1="tls_suiteb=1",
eap="TLS", identity="tls user",
ca_cert="auth_serv/rsa3072-ca.pem",
client_cert="auth_serv/rsa3072-user.pem",
private_key="auth_serv/rsa3072-user.key",
pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
tls_cipher = dev[0].get_status_field("EAP TLS cipher")
if tls_cipher != "ECDHE-RSA-AES256-GCM-SHA384" and tls_cipher != "DHE-RSA-AES256-GCM-SHA384":
raise Exception("Unexpected TLS cipher: " + tls_cipher)
cipher = dev[0].get_status_field("mgmt_group_cipher")
if cipher != "BIP-GMAC-256":
raise Exception("Unexpected mgmt_group_cipher: " + cipher)
bss = dev[0].get_bss(apdev[0]['bssid'])
if 'flags' not in bss:
raise Exception("Could not get BSS flags from BSS table")
if "[WPA2-EAP-SUITE-B-192-GCMP-256]" not in bss['flags']:
raise Exception("Unexpected BSS flags: " + bss['flags'])
dev[0].request("DISCONNECT")
dev[0].wait_disconnected(timeout=20)
dev[0].dump_monitor()
dev[0].request("RECONNECT")
ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
"CTRL-EVENT-CONNECTED"], timeout=20)
if ev is None:
raise Exception("Roaming with the AP timed out")
if "CTRL-EVENT-EAP-STARTED" in ev:
raise Exception("Unexpected EAP exchange")
conf = hapd.get_config()
if conf['key_mgmt'] != 'WPA-EAP-SUITE-B-192':
raise Exception("Unexpected config key_mgmt: " + conf['key_mgmt'])
def test_suite_b_192_rsa_insufficient_key(dev, apdev):
"""WPA2/GCMP-256 connection at Suite B 192-bit level and RSA with insufficient key length"""
check_suite_b_192_capa(dev)
dev[0].flush_scan_cache()
params = suite_b_192_rsa_ap_params()
params["ca_cert"] = "auth_serv/ca.pem"
params["server_cert"] = "auth_serv/server.pem"
params["private_key"] = "auth_serv/server.key"
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
ieee80211w="2",
phase1="tls_suiteb=1",
eap="TLS", identity="tls user",
ca_cert="auth_serv/ca.pem",
client_cert="auth_serv/user.pem",
private_key="auth_serv/user.key",
pairwise="GCMP-256", group="GCMP-256", scan_freq="2412",
wait_connect=False)
ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
dev[0].request("DISCONNECT")
if ev is None:
raise Exception("Certificate error not reported")
if "reason=11" not in ev or "err='Insufficient RSA modulus size'" not in ev:
raise Exception("Unexpected error reason: " + ev)
def test_suite_b_192_rsa_insufficient_dh(dev, apdev):
"""WPA2/GCMP-256 connection at Suite B 192-bit level and RSA with insufficient DH key length"""
check_suite_b_192_capa(dev)
dev[0].flush_scan_cache()
params = suite_b_192_rsa_ap_params()
params["tls_flags"] = "[SUITEB-NO-ECDH]"
params["dh_file"] = "auth_serv/dh.conf"
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
ieee80211w="2",
phase1="tls_suiteb=1",
eap="TLS", identity="tls user",
ca_cert="auth_serv/rsa3072-ca.pem",
client_cert="auth_serv/rsa3072-user.pem",
private_key="auth_serv/rsa3072-user.key",
pairwise="GCMP-256", group="GCMP-256", scan_freq="2412",
wait_connect=False)
ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS status='local TLS alert'"],
timeout=10)
dev[0].request("DISCONNECT")
if ev is None:
raise Exception("DH error not reported")
if "insufficient security" not in ev and "internal error" not in ev:
raise Exception("Unexpected error reason: " + ev)