diff --git a/tests/hwsim/auth_serv/dsaparam.pem b/tests/hwsim/auth_serv/dsaparam.pem new file mode 100644 index 000000000..54ba66a46 --- /dev/null +++ b/tests/hwsim/auth_serv/dsaparam.pem @@ -0,0 +1,11 @@ +-----BEGIN DSA PARAMETERS----- +MIIBngKBwQCKGwQSQa8/VqJBvFDwpbJTEgQ2myTzbDCZqZof9EBBO5KlbUfgFZfY +szSaZAWPok0mG9BRGoJgtajJruLU6lvoZ94FgGPhRrOZWd0wT6kiySRz4nv9kEMK +Ch83zLQ+i1IdRFozP4k+9YHlAVL354zU+O5USxNMuhPVab4MPsl9I7gZmEQmisHA +fwQOLppTrILuqNtVOqpRogKhVnvQITqV3VsRYV0JVersx48olOqtPGQKKewiJFJp +n7fwGC208/sCFQD4vIUetIr4LGLwm3D/Y5HxNMyFFwKBwC7b0nT/lb1+z86vKg3v +Cyy40D03ezYgmlwV+xObadfMmciwxK98DX763dFsY9omd6csFho1xGfSFRj8Bkv6 +rbumVtoZGurdRxU4ADJf4SF5MuK2rJ9jg4Wz6F1BhHEKtoubINlk3fyZWPx0sjkm +t2IJlFY4rfbTI8ETrPrE+zb53tiaundB72cUWmZY/gRuaXh7lRzpMVr71+OedLU6 +VkIHXOG/nnb48hZfGohKvWTAp/wkb2w/dCdeGKgVZn3FzA== +-----END DSA PARAMETERS----- diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index ceb61787b..4197f9594 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -2663,6 +2663,45 @@ def test_ap_wpa2_eap_ttls_dh_params(dev, apdev): ca_cert="auth_serv/ca.der", phase2="auth=CHAP", dh_file="auth_serv/dh.conf") +def test_ap_wpa2_eap_ttls_dh_params_dsa(dev, apdev): + """WPA2-Enterprise connection using EAP-TTLS and setting DH params (DSA)""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hostapd.add_ap(apdev[0]['ifname'], params) + eap_connect(dev[0], apdev[0], "TTLS", "chap user", + anonymous_identity="ttls", password="password", + ca_cert="auth_serv/ca.der", phase2="auth=CHAP", + dh_file="auth_serv/dsaparam.pem") + +def test_ap_wpa2_eap_ttls_dh_params_not_found(dev, apdev): + """EAP-TTLS and DH params file not found""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hostapd.add_ap(apdev[0]['ifname'], params) + dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", + identity="mschap user", password="password", + ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP", + dh_file="auth_serv/dh-no-such-file.conf", + scan_freq="2412", wait_connect=False) + ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"]) + if ev is None: + raise Exception("EAP failure timed out") + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected() + +def test_ap_wpa2_eap_ttls_dh_params_invalid(dev, apdev): + """EAP-TTLS and invalid DH params file""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hostapd.add_ap(apdev[0]['ifname'], params) + dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS", + identity="mschap user", password="password", + ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP", + dh_file="auth_serv/ca.pem", + scan_freq="2412", wait_connect=False) + ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"]) + if ev is None: + raise Exception("EAP failure timed out") + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected() + def test_ap_wpa2_eap_ttls_dh_params_blob(dev, apdev): """WPA2-Enterprise connection using EAP-TTLS/CHAP and setting DH params from blob""" params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") @@ -2684,6 +2723,31 @@ def test_ap_wpa2_eap_ttls_dh_params_server(dev, apdev): anonymous_identity="ttls", password="password", ca_cert="auth_serv/ca.der", phase2="auth=CHAP") +def test_ap_wpa2_eap_ttls_dh_params_dsa_server(dev, apdev): + """WPA2-Enterprise using EAP-TTLS and alternative server dhparams (DSA)""" + params = int_eap_server_params() + params["dh_file"] = "auth_serv/dsaparam.pem" + hostapd.add_ap(apdev[0]['ifname'], params) + eap_connect(dev[0], apdev[0], "TTLS", "chap user", + anonymous_identity="ttls", password="password", + ca_cert="auth_serv/ca.der", phase2="auth=CHAP") + +def test_ap_wpa2_eap_ttls_dh_params_not_found(dev, apdev): + """EAP-TLS server and dhparams file not found""" + params = int_eap_server_params() + params["dh_file"] = "auth_serv/dh-no-such-file.conf" + hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True) + if "FAIL" not in hapd.request("ENABLE"): + raise Exception("Invalid configuration accepted") + +def test_ap_wpa2_eap_ttls_dh_params_invalid(dev, apdev): + """EAP-TLS server and invalid dhparams file""" + params = int_eap_server_params() + params["dh_file"] = "auth_serv/ca.pem" + hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True) + if "FAIL" not in hapd.request("ENABLE"): + raise Exception("Invalid configuration accepted") + def test_ap_wpa2_eap_reauth(dev, apdev): """WPA2-Enterprise and Authenticator forcing reauthentication""" params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")