tests: OpenSSL cipherlist configuration

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-12 11:53:18 +03:00 · 2014-10-12 11:53:18 +03:00 · 89f20842f6
parent 07e2de3193
commit 89f20842f6
2 changed files with 33 additions and 1 deletions
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@ -2208,3 +2208,35 @@ def test_ap_wpa2_eap_non_ascii_identity2(dev, apdev):
        ev = dev[i].wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=10)
        if ev is None:
            raise Exception("EAP method selection timed out")
+
+def test_openssl_cipher_suite_config_wpas(dev, apdev):
+    """OpenSSL cipher suite configuration on wpa_supplicant"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], apdev[0], "TTLS", "pap user",
+                anonymous_identity="ttls", password="password",
+                openssl_ciphers="AES128",
+                ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
+    eap_connect(dev[1], apdev[0], "TTLS", "pap user",
+                anonymous_identity="ttls", password="password",
+                openssl_ciphers="EXPORT",
+                ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
+                expect_failure=True)
+
+def test_openssl_cipher_suite_config_hapd(dev, apdev):
+    """OpenSSL cipher suite configuration on hostapd"""
+    params = int_eap_server_params()
+    params['openssl_ciphers'] = "AES256"
+    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], apdev[0], "TTLS", "pap user",
+                anonymous_identity="ttls", password="password",
+                ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
+    eap_connect(dev[1], apdev[0], "TTLS", "pap user",
+                anonymous_identity="ttls", password="password",
+                openssl_ciphers="AES128",
+                ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
+                expect_failure=True)
+    eap_connect(dev[2], apdev[0], "TTLS", "pap user",
+                anonymous_identity="ttls", password="password",
+                openssl_ciphers="HIGH:!ADH",
+                ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
--- a/tests/hwsim/wpasupplicant.py
+++ b/tests/hwsim/wpasupplicant.py
@ -659,7 +659,7 @@ class WpaSupplicant:
                   "private_key_passwd", "ca_cert2", "client_cert2",
                   "private_key2", "phase1", "phase2", "domain_suffix_match",
                   "altsubject_match", "subject_match", "pac_file", "dh_file",
-                   "bgscan", "ht_mcs", "id_str" ]
+                   "bgscan", "ht_mcs", "id_str", "openssl_ciphers" ]
        for field in quoted:
            if field in kwargs and kwargs[field]:
                self.set_network_quoted(id, field, kwargs[field])