From 78b6be046d971d33c8c2340251c96ddf8427892f Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 17 Sep 2017 00:12:18 +0300 Subject: [PATCH] tests: Suite B with RSA keys Signed-off-by: Jouni Malinen --- tests/hwsim/auth_serv/dh_param_3072.pem | 11 ++ tests/hwsim/auth_serv/rsa3072-ca.key | 40 +++++++ tests/hwsim/auth_serv/rsa3072-ca.pem | 27 +++++ tests/hwsim/auth_serv/rsa3072-generate.sh | 63 +++++++++++ tests/hwsim/auth_serv/rsa3072-server.key | 40 +++++++ tests/hwsim/auth_serv/rsa3072-server.pem | 105 ++++++++++++++++++ tests/hwsim/auth_serv/rsa3072-user.key | 40 +++++++ tests/hwsim/auth_serv/rsa3072-user.pem | 105 ++++++++++++++++++ tests/hwsim/test_suite_b.py | 127 ++++++++++++++++++++++ 9 files changed, 558 insertions(+) create mode 100644 tests/hwsim/auth_serv/dh_param_3072.pem create mode 100644 tests/hwsim/auth_serv/rsa3072-ca.key create mode 100644 tests/hwsim/auth_serv/rsa3072-ca.pem create mode 100755 tests/hwsim/auth_serv/rsa3072-generate.sh create mode 100644 tests/hwsim/auth_serv/rsa3072-server.key create mode 100644 tests/hwsim/auth_serv/rsa3072-server.pem create mode 100644 tests/hwsim/auth_serv/rsa3072-user.key create mode 100644 tests/hwsim/auth_serv/rsa3072-user.pem diff --git a/tests/hwsim/auth_serv/dh_param_3072.pem b/tests/hwsim/auth_serv/dh_param_3072.pem new file mode 100644 index 000000000..cc72bc257 --- /dev/null +++ b/tests/hwsim/auth_serv/dh_param_3072.pem @@ -0,0 +1,11 @@ +-----BEGIN DH PARAMETERS----- +MIIBiAKCAYEA3HLNJq+KXn0kCgo4QNnZNmkzwAVLPyIoK24CCfXC53Ax2jAY7iCu +recce4hWsRAXjfFLcdGlcHPQ6saSwKE80ebj2eSpiASnAMO46PaGDxpycLl+Ac92 +RTaNDFYXveOMSAQboBC6KlNuf4hf7m+ZNxNTEdhKJnx5DmE5UbRKLzndH49OSsNG +9ip+gHvO6FmRI4bUr5tosVfcVv2nWA0aRknEWFgUw5qKzi0XIejxHf+SKl+XlHGF +/HuFV7zvksy/wVd0aMl40QSRTLvUfK+jwjPyAKFi7pSEa+cJGJNO1AVfiDCQ8xiA +wXM4cqU1cUgTuSZZy3itLIlr3+a0O0PQ/zYCgSZlfRBtbWoOK54RhEJ33xTUVcIH +bMkS8lmqscVIccPVzC9cv+MASbrfE1wvSJFkW1cHy+LScyQLaXeiqovH0HWp60cN +9UhTcBRV49JTZfTk4wcfc50q+oNNMOXiHXX6Cz7YYkWQhVarawZcOOXkL5LwyqWE +Fd2a8VjMc7ujAgEC +-----END DH PARAMETERS----- diff --git a/tests/hwsim/auth_serv/rsa3072-ca.key b/tests/hwsim/auth_serv/rsa3072-ca.key new file mode 100644 index 000000000..023409c24 --- /dev/null +++ b/tests/hwsim/auth_serv/rsa3072-ca.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDiAu/025dmYcmq +o9AhYIhHpHjo9DCIg1tjbybtl0upoTTrO9paSG00hVnZ1hL8iL+Dez9KL+3zbsiQ +ilnLWTLvVa1WJlytk8yhXohK2D+frPyqTmH2GjewI/N0+o2lJPzXycFTX9GjWeAg +2Mc4GeIOHbY3QZCP8PQBxzyfiH30Pins2ZmtKVegzuaNBN2ZXp5ZZ+ABjpyBkmjv +vb8kb89DQBVgzow5Wk77efs6Av2Js128i/PPQfDVkEuHJaaltMF5V3JCj7TR0nji ++6l6wzE4oBc5zuKYJ/Ux6H9789Zws5Q3gi+VeeJ+8PzPTmCN3mtAh7NXPKI7MlFj +EQiSkJ7nOGtc0UKNTZXq7w0JjNlHurc/cVrYfer6+gPf623EMwCZ/zw+YyjKEjMg +MFoaeR4G4nkPklpx4GYM0knBkcoSczBkdcpasHeCEXQoNkS7u+RjzHAsYNoSOad0 +gWLLym0EyGKj7Ws2U3jXM3r5j8n2xOv9JGAZ8/q8K1QRrxQw5tsCAwEAAQKCAYAY ++KwciLqkpD9M7EaNuYW1LLXzPy+xlZneVaSeca35cwdOylEo0oHGYMl5qQ51+oH2 +fAKVJtCKqf3dAnxDXHqlOPkq4Jgy0Xa1iaVTZ6s38DwGcRyfvWvTuVUn4psN2RVa +nj8PADJAcyixWGJCj5GLb7r3RfY8ASpkm+fV1JXeC5RESBKTsFKvQMz2XchCLtMe +G70DTwd5xXx0qKla1EO5MXZrOMcDezfozyRz12q98SR1NZ1dk/KRFh1SNFXCT0Mv ++yD0clnPJa13kYHvXRABHfzx/3z7NQk9UM9bd5iWsLLQm57HtfbpV089H4XsAobU +xabRbuen9JrejsMETudCtP/ftZQNKEjAyY6y0yrOM4c/z1IL4zc75KW3gh/0ruPa +XTlHEBvA3h29W1dLhk9oyeiFHiV8BRffjlyS325CX9z89hdoPK1cZwuIDgqdTpVw +VL6MqKxu72oyLWZcq4CKT6ZIpLgwRAfPZ/oCsJQZbO46PIg5hRIlNEb1H5vGkDEC +gcEA+qE5IS8kt676UXZLEjp3UtsuGHzfj+kC2x9dVepRL8bxf58W65ZsZim9xZ56 +Ls8gw8NXh7/7SRqHBpaH6Sg7YZZFzfD6RB86O7atZ2CwTMMuBcN5zZc6AwfH418Z +wHaQeN1gYAyLdHf80rMMlElz8hjJ3uCuBWG70WinemzynlS14AtG4HB09C1vmjnD +Q4L8lCmEQpqy3GeKDQnWTIhzoqenr1+iQF7bdCUw878yMI0x7Di+okiWFC7HnW/y +qPiZAoHBAObarPdCbpqiUtymTRbdq1xP69pZXcMOmgL+kLEELhhl9BfJqbXY51xn +NCIpIMH3CyhJ5/Og9TCE72gfhA2jzJK9mK6Jmiz04BViCf308yh9y6TaZSdsOEz6 +M+uVbuP+UcBLV5AV9UvrgWDcWOm46W63v7Mgqh6x7rC1rR+VFi3Lj2HoU4aM4mEM +E5OfbgMxWUQNKkyUy58KUs2wu58v+K7N8eu3Fa4Sl63xkRi1YKgqYAxeRKknrNb+ +IkVq5zC/kwKBwHOB8k5057swDXWVyytvfqbVFP18L5yniwVqAx4hi6E1Uv+6Vlnl +TbgX7LozO6RvGW6fjKunsywR6cEDh0fRnuxu0WUEdpMGwVPb8Tb/vMDkA0XsvSof +VEEpSNplbfzhp9vMSyp5HZxj4EVK97Uv1RvyiLcLXahlTqZIUUd/BqIp8Fh9WgD+ +Uyhl+FVf4bovmDDAoZAAtAYYQeuYaQeEq6Z/Fi0hKin4jbONoG315C+0Ixn3XQR1 +55UNqjnI6lEtoQKBwQCi/VvHi2jJ1reIQAYHkeRN3cOYuyXe9O06Ff+Ua24cHceU +D/a5hHX9IISHZeBR8hk3jc6tjUPvyLu7GR1EABUMub4V5OMswIuBrWF+ozYWrZJd +RzDJ/7dUagbEWxIa+NFBYjBlc4tn2dPTzl8cTUjKugMn9nUGDPyIWQztUnaBSMpo +Bv8J7WhbuooL3TFwIaRzzpPB1ABbvo8t2IzvXJBI4vDeSrqM12WuEvMtrcmbkaeU +s+3oPDHk7TLHLi4ile8CgcEAmV1hwY4s78tMYrUbDypyH9r5a2QT9ezyPS64WntC +y3I4zVwO0pqtPMXQCgby2Z+PkuBC1WWCFSZZ4Aw5P/0OShIf+ADMewFF//DvReEc +p+kh/7vKulnX4mPQGkuSnCmO5zyMDroP8JtTnkX8K4P143vQY4n/oFogUx+4lTG/ +bedKQgI9v+ubb0JsZkENPirKyIOdiTz64fjD+IKMgq15SYifVundDC/ubG5Cr0rn +PId0vxr7ixFQPAT1hwUT1CuI +-----END PRIVATE KEY----- diff --git a/tests/hwsim/auth_serv/rsa3072-ca.pem b/tests/hwsim/auth_serv/rsa3072-ca.pem new file mode 100644 index 000000000..1347046d2 --- /dev/null +++ b/tests/hwsim/auth_serv/rsa3072-ca.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEizCCAvOgAwIBAgIJAIAj56DfmvbYMA0GCSqGSIb3DQEBDAUAMFExCzAJBgNV +BAYTAkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxHzAdBgNV +BAMMFlN1aXRlIEIgUlNBIDNrIFJvb3QgQ0EwHhcNMTcwOTE3MTgxNjQwWhcNMjcw +OTE1MTgxNjQwWjBRMQswCQYDVQQGEwJGSTERMA8GA1UEBwwISGVsc2lua2kxDjAM +BgNVBAoMBXcxLmZpMR8wHQYDVQQDDBZTdWl0ZSBCIFJTQSAzayBSb290IENBMIIB +ojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA4gLv9NuXZmHJqqPQIWCIR6R4 +6PQwiINbY28m7ZdLqaE06zvaWkhtNIVZ2dYS/Ii/g3s/Si/t827IkIpZy1ky71Wt +ViZcrZPMoV6IStg/n6z8qk5h9ho3sCPzdPqNpST818nBU1/Ro1ngINjHOBniDh22 +N0GQj/D0Acc8n4h99D4p7NmZrSlXoM7mjQTdmV6eWWfgAY6cgZJo772/JG/PQ0AV +YM6MOVpO+3n7OgL9ibNdvIvzz0Hw1ZBLhyWmpbTBeVdyQo+00dJ44vupesMxOKAX +Oc7imCf1Meh/e/PWcLOUN4IvlXnifvD8z05gjd5rQIezVzyiOzJRYxEIkpCe5zhr +XNFCjU2V6u8NCYzZR7q3P3Fa2H3q+voD3+ttxDMAmf88PmMoyhIzIDBaGnkeBuJ5 +D5JaceBmDNJJwZHKEnMwZHXKWrB3ghF0KDZEu7vkY8xwLGDaEjmndIFiy8ptBMhi +o+1rNlN41zN6+Y/J9sTr/SRgGfP6vCtUEa8UMObbAgMBAAGjZjBkMB0GA1UdDgQW +BBQh9+/awzQ67c3VUMCzugnuP4DXcDAfBgNVHSMEGDAWgBQh9+/awzQ67c3VUMCz +ugnuP4DXcDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQwFAAOCAYEAHmNoYP+c4TRPSogjCswhbzSVEpZhnjEg0Yd8XkGxKeBw +o0hsPRFWjj/vO3uVeqoAyj2zkpiulPjBqlhLbwX31Q0T6vknWfNOsXgv2lB1yEZN +HqxyEYsMN5RpEVqRRio66dhmALYuacX6gIphueTetaR9zeq1yy8GD0/omB7Ryig6 +5dMoTt4c9g8YFZE7AENkkbzMPqTdGKnY4uUQKgDBPH3TIlckx5zNq8GXTcAy4zyc +4gj7NGPDdU5nk6BNRmlhFlsTaLHNc8C+5tI5fEx057AEa/7kggskvHxc7zespVMj +RjTR9qkNC15IJHClMhBMiIDyURZF6Z3nyD0tMBJuIt2GU3gTqZLnrChp7PLXRCN/ +uByPuhJ528FzhQ1hnz93qBQ7OAamHfo44Zyk5wFnIUy+sd9QsM9zm+33/j0Vd5ar +fzSfGRHJTb8xF7vH7TBH92CifdO17WNqH6+7KkFkEK44Dn87gjsgC8mXAOsE6HFw +lKzThlrFLvCBIsQ4V9qH +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/rsa3072-generate.sh b/tests/hwsim/auth_serv/rsa3072-generate.sh new file mode 100755 index 000000000..429f85334 --- /dev/null +++ b/tests/hwsim/auth_serv/rsa3072-generate.sh @@ -0,0 +1,63 @@ +#!/bin/sh + +OPENSSL=openssl + +echo +echo "---[ DH parameters ]----------------------------------------------------" +echo + +if [ -r dh_param_3072.pem ]; then + echo "Use already generated dh_param_3072.pem" +else + openssl dhparam -out dh_param_3072.pem 3072 +fi + +echo +echo "---[ Root CA ]----------------------------------------------------------" +echo + +if [ -r rsa3072-ca.key ]; then + echo "Use already generated Root CA" +else + cat ec-ca-openssl.cnf | + sed "s/#@CN@/commonName_default = Suite B RSA 3k Root CA/" | + sed s%\./ec-ca$%./rsa3072-ca% \ + > rsa3072-ca-openssl.cnf.tmp + $OPENSSL req -config rsa3072-ca-openssl.cnf.tmp -batch -x509 -new -newkey rsa:3072 -nodes -keyout rsa3072-ca.key -out rsa3072-ca.pem -outform PEM -days 3650 -sha384 + mkdir -p rsa3072-ca/certs rsa3072-ca/crl rsa3072-ca/newcerts rsa3072-ca/private + touch rsa3072-ca/index.txt + rm rsa3072-ca-openssl.cnf.tmp +fi + +echo +echo "---[ Server ]-----------------------------------------------------------" +echo + +cat ec-ca-openssl.cnf | + sed "s/#@CN@/commonName_default = rsa3072.server.w1.fi/" | + sed "s/#@ALTNAME@/subjectAltName=critical,DNS:rsa3072.server.w1.fi/" | + sed s%\./ec-ca$%./rsa3072-ca% \ + > rsa3072-ca-openssl.cnf.tmp +$OPENSSL req -config rsa3072-ca-openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout rsa3072-server.key -out rsa3072-server.req -outform PEM -sha384 +$OPENSSL ca -config rsa3072-ca-openssl.cnf.tmp -batch -keyfile rsa3072-ca.key -cert rsa3072-ca.pem -create_serial -in rsa3072-server.req -out rsa3072-server.pem -extensions ext_server -days 730 -md sha384 +rm rsa3072-ca-openssl.cnf.tmp + +echo +echo "---[ User SHA-384 ]-----------------------------------------------------" +echo + +cat ec-ca-openssl.cnf | + sed "s/#@CN@/commonName_default = user-rsa3072/" | + sed "s/#@ALTNAME@/subjectAltName=email:user-rsa3072@w1.fi/" | + sed s%\./ec-ca$%./rsa3072-ca% \ + > rsa3072-ca-openssl.cnf.tmp +$OPENSSL req -config rsa3072-ca-openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout rsa3072-user.key -out rsa3072-user.req -outform PEM -extensions ext_client -sha384 +$OPENSSL ca -config rsa3072-ca-openssl.cnf.tmp -batch -keyfile rsa3072-ca.key -cert rsa3072-ca.pem -create_serial -in rsa3072-user.req -out rsa3072-user.pem -extensions ext_client -days 730 -md sha384 +rm rsa3072-ca-openssl.cnf.tmp + +echo +echo "---[ Verify ]-----------------------------------------------------------" +echo + +$OPENSSL verify -CAfile rsa3072-ca.pem rsa3072-server.pem +$OPENSSL verify -CAfile rsa3072-ca.pem rsa3072-user.pem diff --git a/tests/hwsim/auth_serv/rsa3072-server.key b/tests/hwsim/auth_serv/rsa3072-server.key new file mode 100644 index 000000000..3319dd3f8 --- /dev/null +++ b/tests/hwsim/auth_serv/rsa3072-server.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/wIBADANBgkqhkiG9w0BAQEFAASCBukwggblAgEAAoIBgQD+qVxZj6qAy7hK +ifk66H0kUbjyBcZC4Gi1pPF+ijGi4AxYxYAgyyDwDsFrTeHX68xFSMmwD4/vgNsb +YAKv7+gKKcgE33CS6fHcakc7Wm8Q5hlNk5LQCo6iTTKfE8g0bBpM7KTtiSoD+xgN +fw3ePn/YXSel4XtiY3FhRVL5RxAdKMJdc/udA2i/baQSEnTH0LiHQ7Nnh85ue1gf +LzLrEB/ndFw62YwYyASVa+M7JUwK25nzWbCOet765NtQFZCiMOKKxqkGMOPXKd0m +qJVubvXEQtD3fkBNPf2tL89A3dTAa4CiNH4FL78yRAvUeG0qEgh8hLRNUVrlhG4X +JkOMg2sW81/6s5+E0yur8z4sI2W5EXbhhRLOuwM4WYK/THe6O5BRnGd2sB50HkzI +sTXWNyncfsOJzIaeCDGccOpabIeSU+uZ+zPSMvGBMXigyX1t2WsH+shKZ1csjKbO +5X42lfEJvd+/yFM9IWf9k8uyerVWYZ4vzmn6+lYKa5xpePdOVHMCAwEAAQKCAYAG +VHVcMIr/apDpIWbVhQPfTDy5n1UfQm633SK3j33OW51S843Mwt/Nt8AtB6GOeWj5 +a+a/fpOIU36evpMyhlcRMZqsLFWjATemz+l3WzcZh26nk/x5OVn0RND2TUqTqwA4 +W0V6NgeaU7p0U20n0gvhd+dNYz5q4qfl0BBQ6+hFoUa7he+CJpyK7ZG/dT/7239K +tW8XKrQB4QT+uXCdkSgJ28WTHOczkn0yrZzXUoUCXBUGjHsr/3fdaqTc57xRm79p +HDAjOavFnSDENTDsB5R9jmN70BY008xoitAtUzMkCVABbxn9npvjrTjKw/fg3oph +1Ml8JaLDjsh3UzhqnmYKIJrZvdyfe7/Q9j7KtECPuxdf170BJ3jPrJPcWTecazfh +szpt1beLyv8o4D7ttmgs/n1OXhGL1smcrTeIXdmrBlfIiKjY+3EE9SpxvXN/9DCy ++jnuEfy1KkbEhHSPVplGmyHb8xToA5FUfWsX/wWo0CZbH1ouquUHdcq/HsFGLZkC +gcEA/2tBin4Hmmn5987Y17Iv3WG0XZFNW5jfvt0THo5R+Phg3DKGyYKFtrnS6bMZ +IKl7YvpxZZ6+w0wBkaQWE/y9wN2oeiQE8WMvnYptGXs+sVXCNQJmKbZHxnZuQrwr +KGAIwhGxShbx+rAzyXakKM0p2PUyHg9xAPu3Sfmb8zYWc8KZ62Xxf3tFErnGeJUm +ZgdqtWvOWXJxMz2nM/Ow6FlnHr0Wo8ZEpli5kWlTwp+S7Trn6969lVJV4cGjPJxD +7kGnAoHBAP89qeS0vx6XmMwqfgH+OTrRO6+F2sGOSvrcSWRBS0R4ninIOXASMWxH +W/bAgzUwGB7bTUmVjQRGkFXIn0YcBlvMVJlvpQ0DqPftVY9Fa2TSUa2//M8PbIgk +NsHa89YWkkKFMOZUH9JzIkn4H+f6mNv83sMOWGrdaymiLP7NxgA8VIeybekQ73j3 +thnDT2xyMXwO6Y0FbySvV8y6AEFTOq5vgR8A0orEEeP0eUlBzv030J/CNW4hXo0c +qVsknTo4VQKBwQDw1s3CLPw2Wd9eDyjgmiAP+2T7JVtwF0JC0mqI0WHyBSIv/2Sg +9fXnSmjZ/Aqhha3WspfiXkE6HZ0NG0/GIPc7uMZ4BSa0BfaL8k7VTCTdSiQJn+19 +P2eGd32YZ526QHOBqvUlC2W4IBV0ze4Umv/ul6VeOukvKCq4Eik+t62MEd7Y3BNP +RYjoE0xVvy2p3yx7TOAR75tV2bijgBE7xbE6hsmmO/nXcKnptwtH5PfBwV2WRz00 +Y6KfcNre9+oF6tkCgcEAifVrgenML53jAd+p0iv2BPuY1it0bRAbKPKuXJkKNM05 +N/44RYIf4pXDeGDfynzfXLZOVQqXeQsm8qcIp9139mBADdsRjDJBPxiyGUl9XbZs +XYya+dQtZnykeC1/hGUY0wmov6YSuS5wByktHbcOrkFEqotzcPeS96LnzSWt8uyp +B9uCmuoDdg/2BoDRyh0C8DojNI0OYPbBby/N+YEiA6zTTs2j/0sxHFRExjrixW1I +v0E6nfc9YupuA4yLyy8tAoHBAPoDc7AZeCsAIrGU/ojvPEMGYk/DyCnPyalrTeI3 +DP01lx3/URyhIawu0k9oXQy6IdyJ4BHonMRSHqoMw53W9Lvany0n1CgW9+84JZ1C +9H6VyK+uxK/00UYEDwVf5PSZiWFxa4h7uQm/EDzTEF/cim47DbpQR8j8YkJ77+dZ +lBleLkVv9CgT2eH4zGAjAiD5KPd0pQEPse5jNXnwI/+qa5rKZBWFcnFRiHbcMqDF +b7FtSAoTF3UtdZ9XQUM0V4ZwuA== +-----END PRIVATE KEY----- diff --git a/tests/hwsim/auth_serv/rsa3072-server.pem b/tests/hwsim/auth_serv/rsa3072-server.pem new file mode 100644 index 000000000..30aca5833 --- /dev/null +++ b/tests/hwsim/auth_serv/rsa3072-server.pem @@ -0,0 +1,105 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12505381161559820488 (0xad8c09e8fba288c8) + Signature Algorithm: sha384WithRSAEncryption + Issuer: C=FI, L=Helsinki, O=w1.fi, CN=Suite B RSA 3k Root CA + Validity + Not Before: Sep 17 18:16:40 2017 GMT + Not After : Sep 17 18:16:40 2019 GMT + Subject: C=FI, O=w1.fi, CN=rsa3072.server.w1.fi + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (3072 bit) + Modulus: + 00:fe:a9:5c:59:8f:aa:80:cb:b8:4a:89:f9:3a:e8: + 7d:24:51:b8:f2:05:c6:42:e0:68:b5:a4:f1:7e:8a: + 31:a2:e0:0c:58:c5:80:20:cb:20:f0:0e:c1:6b:4d: + e1:d7:eb:cc:45:48:c9:b0:0f:8f:ef:80:db:1b:60: + 02:af:ef:e8:0a:29:c8:04:df:70:92:e9:f1:dc:6a: + 47:3b:5a:6f:10:e6:19:4d:93:92:d0:0a:8e:a2:4d: + 32:9f:13:c8:34:6c:1a:4c:ec:a4:ed:89:2a:03:fb: + 18:0d:7f:0d:de:3e:7f:d8:5d:27:a5:e1:7b:62:63: + 71:61:45:52:f9:47:10:1d:28:c2:5d:73:fb:9d:03: + 68:bf:6d:a4:12:12:74:c7:d0:b8:87:43:b3:67:87: + ce:6e:7b:58:1f:2f:32:eb:10:1f:e7:74:5c:3a:d9: + 8c:18:c8:04:95:6b:e3:3b:25:4c:0a:db:99:f3:59: + b0:8e:7a:de:fa:e4:db:50:15:90:a2:30:e2:8a:c6: + a9:06:30:e3:d7:29:dd:26:a8:95:6e:6e:f5:c4:42: + d0:f7:7e:40:4d:3d:fd:ad:2f:cf:40:dd:d4:c0:6b: + 80:a2:34:7e:05:2f:bf:32:44:0b:d4:78:6d:2a:12: + 08:7c:84:b4:4d:51:5a:e5:84:6e:17:26:43:8c:83: + 6b:16:f3:5f:fa:b3:9f:84:d3:2b:ab:f3:3e:2c:23: + 65:b9:11:76:e1:85:12:ce:bb:03:38:59:82:bf:4c: + 77:ba:3b:90:51:9c:67:76:b0:1e:74:1e:4c:c8:b1: + 35:d6:37:29:dc:7e:c3:89:cc:86:9e:08:31:9c:70: + ea:5a:6c:87:92:53:eb:99:fb:33:d2:32:f1:81:31: + 78:a0:c9:7d:6d:d9:6b:07:fa:c8:4a:67:57:2c:8c: + a6:ce:e5:7e:36:95:f1:09:bd:df:bf:c8:53:3d:21: + 67:fd:93:cb:b2:7a:b5:56:61:9e:2f:ce:69:fa:fa: + 56:0a:6b:9c:69:78:f7:4e:54:73 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 82:D7:75:95:94:9E:35:F7:1F:91:6D:37:9F:26:4F:3D:9D:C1:6E:96 + X509v3 Authority Key Identifier: + keyid:21:F7:EF:DA:C3:34:3A:ED:CD:D5:50:C0:B3:BA:09:EE:3F:80:D7:70 + + X509v3 Subject Alternative Name: critical + DNS:rsa3072.server.w1.fi + X509v3 Extended Key Usage: critical + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha384WithRSAEncryption + 55:60:59:3f:3b:85:7c:d2:95:9b:c0:00:fb:a8:57:c6:02:41: + 7b:2c:b5:fd:e0:a6:35:1c:18:f8:0f:d6:f7:f4:0c:01:7d:7c: + a4:cc:80:11:73:5b:06:03:f0:25:58:46:0b:2c:50:8e:80:5a: + f4:49:df:69:ca:8a:de:7c:00:5d:3b:5d:45:f8:c9:19:f8:e1: + ab:01:6b:ee:49:1f:c2:e3:3e:f6:a2:fa:4e:5d:b9:6f:93:2b: + cc:b8:77:52:ae:8c:22:a1:53:f2:98:d0:df:b1:9b:27:ea:32: + 76:2d:fb:4c:8a:04:32:4d:aa:07:57:ad:c7:3f:d1:86:c0:71: + 05:35:c4:6e:e3:b8:a0:63:06:6b:e8:0e:50:4b:8c:60:3a:a6: + 84:ae:da:ab:b8:7a:7b:20:7a:c5:74:9b:bf:41:a9:b8:d8:34: + 20:56:35:86:60:d0:43:fa:06:a0:b7:b1:49:f3:02:f1:cf:72: + 20:8d:9a:48:6b:db:14:30:e3:21:a4:6f:87:08:d8:95:66:e3: + b6:7e:15:e8:44:03:f3:92:b8:84:54:ba:af:c6:ce:7d:32:85: + 1f:a7:54:40:86:4e:93:89:73:e5:18:ea:49:4a:9d:80:78:6d: + 2e:d3:bf:9c:a9:75:09:3c:b7:33:36:ce:20:81:df:7e:ca:50: + 0d:c7:b9:91:82:5d:3b:25:d3:0b:ee:bb:a8:84:fc:79:ce:c1: + 1f:af:d3:df:34:f6:a0:50:3d:4b:1c:b4:91:1b:b1:5a:d2:27: + 44:4e:0e:20:f1:b3:8c:7f:08:44:27:c8:56:0a:0b:b9:aa:f7: + 4d:62:5d:35:ef:06:44:a2:2d:35:8a:66:8c:1f:c9:c2:89:cb: + 7d:38:54:84:5c:c4:96:3d:11:d1:2c:d2:98:9d:b7:4f:1c:4f: + e9:37:80:4f:25:6b:3a:29:1c:55:52:56:23:6e:4e:b6:74:d3: + cd:0a:1d:b7:24:f2:41:24:8a:05:ad:e0:d3:8f:fc:c5:bd:a7: + bc:8e:e5:7f:0b:d7 +-----BEGIN CERTIFICATE----- +MIIEqzCCAxOgAwIBAgIJAK2MCej7oojIMA0GCSqGSIb3DQEBDAUAMFExCzAJBgNV +BAYTAkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxHzAdBgNV +BAMMFlN1aXRlIEIgUlNBIDNrIFJvb3QgQ0EwHhcNMTcwOTE3MTgxNjQwWhcNMTkw +OTE3MTgxNjQwWjA8MQswCQYDVQQGEwJGSTEOMAwGA1UECgwFdzEuZmkxHTAbBgNV +BAMMFHJzYTMwNzIuc2VydmVyLncxLmZpMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A +MIIBigKCAYEA/qlcWY+qgMu4Son5Ouh9JFG48gXGQuBotaTxfooxouAMWMWAIMsg +8A7Ba03h1+vMRUjJsA+P74DbG2ACr+/oCinIBN9wkunx3GpHO1pvEOYZTZOS0AqO +ok0ynxPINGwaTOyk7YkqA/sYDX8N3j5/2F0npeF7YmNxYUVS+UcQHSjCXXP7nQNo +v22kEhJ0x9C4h0OzZ4fObntYHy8y6xAf53RcOtmMGMgElWvjOyVMCtuZ81mwjnre ++uTbUBWQojDiisapBjDj1yndJqiVbm71xELQ935ATT39rS/PQN3UwGuAojR+BS+/ +MkQL1HhtKhIIfIS0TVFa5YRuFyZDjINrFvNf+rOfhNMrq/M+LCNluRF24YUSzrsD +OFmCv0x3ujuQUZxndrAedB5MyLE11jcp3H7DicyGnggxnHDqWmyHklPrmfsz0jLx +gTF4oMl9bdlrB/rISmdXLIymzuV+NpXxCb3fv8hTPSFn/ZPLsnq1VmGeL85p+vpW +CmucaXj3TlRzAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgtd1 +lZSeNfcfkW03nyZPPZ3BbpYwHwYDVR0jBBgwFoAUIffv2sM0Ou3N1VDAs7oJ7j+A +13AwIgYDVR0RAQH/BBgwFoIUcnNhMzA3Mi5zZXJ2ZXIudzEuZmkwFgYDVR0lAQH/ +BAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBDAUAA4IBgQBV +YFk/O4V80pWbwAD7qFfGAkF7LLX94KY1HBj4D9b39AwBfXykzIARc1sGA/AlWEYL +LFCOgFr0Sd9pyorefABdO11F+MkZ+OGrAWvuSR/C4z72ovpOXblvkyvMuHdSrowi +oVPymNDfsZsn6jJ2LftMigQyTaoHV63HP9GGwHEFNcRu47igYwZr6A5QS4xgOqaE +rtqruHp7IHrFdJu/Qam42DQgVjWGYNBD+gagt7FJ8wLxz3IgjZpIa9sUMOMhpG+H +CNiVZuO2fhXoRAPzkriEVLqvxs59MoUfp1RAhk6TiXPlGOpJSp2AeG0u07+cqXUJ +PLczNs4ggd9+ylANx7mRgl07JdML7ruohPx5zsEfr9PfNPagUD1LHLSRG7Fa0idE +Tg4g8bOMfwhEJ8hWCgu5qvdNYl017wZEoi01imaMH8nCict9OFSEXMSWPRHRLNKY +nbdPHE/pN4BPJWs6KRxVUlYjbk62dNPNCh23JPJBJIoFreDTj/zFvae8juV/C9c= +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/rsa3072-user.key b/tests/hwsim/auth_serv/rsa3072-user.key new file mode 100644 index 000000000..11afa84b0 --- /dev/null +++ b/tests/hwsim/auth_serv/rsa3072-user.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQCSd2eORDSDqDf5 +qcRyXHFynTUdPYw0Ilwk+IeB3t6spZN3xTikgpyMBpsUi1IJMkwxxfjpL2SKOQpw +nk6KnLylq3gYUkR1/sMAYecfRcAScuQ4niid9nZgcLN7EcqQmCrqJsBcrqkSzFIR +pgKs6FlWeqiT7P0G7qzorxdoV085ytRISYq0jT4hUaOW558k5fUQ5zb+jjOyfSJm +j0Jlzw9PzKMkD+O6mIk1p1SZ7IFHxC+yOzuyTM6kqFpmEECODX1n2O0a/eVhFtv1 +THNAOeN9bycmCGgYAt87WgQKCMVTux0AkWz2OCrwqp8rNm6VJKcahNhcavjVP2IP +IEu3lsbCG/iBZBMVeptdmO4P2XM31TyfNVKT33KdidSfIPIThRIAfCMnzvnd4reC +CaL6JlQix/20+hrTbSmPG2cTL9ji8Fx1nqp5/MG3SF0IEgE3eBP5Uzc6qCE45190 ++4VTayFrgsmlQSyjOXQUoFwDyBMXVaYVRVI8ubk//tmoFG8gxSECAwEAAQKCAYBq +xnOPCngCNwM/lhzphi0KckMDYxgv9ZCZPzmCWxiYYkjkerm1bKZ1imdKDdsrayiS +7JFuZad1AOp0eWQmtubsG9n8WRUhtC0yvSzB5paEnI92Gw7fQYrA+chOgwTabqRy +ePepWYdWde+qgAzZQrXGTrtQw+ceQ6d4JhT5cxUFu7EQVdSxlXpizeJlo8uoGaCT +xwuXfdGAYKtQe0XbdJzj/vo70v2gzYzRuX/6iqkgyYw/8eCuNkI7VaQ5XcXCCWB1 +nCf578JBXynJEpEBh6FEZj6LzBD7aop2ErYkiTRdWKTvweqVxSQtiiS//FH91tiy +hMm61mzgf4kTf1FsFokp+xssSbHKhxTsZO4pXoupdUTfG9B8vAlbQObDiOmLUtdX +mpXkDDnZUD//alLGxbiOmncH4K/VGuZuSXnSkbUnjrdkOGVtSy4cwxAbgii1z6D9 +jeImt4vTvFkt3jiqfPs7/c6M6giEY3OyjbR8P3jksBC4urKTWI+B010AsKUur5UC +gcEAwnj7nNSyABEhyimKIfGIjXGiKaRevfstRTs+fRYWGkcVvVZQ2s1xxTAXGiYa +kJgFUL3lTfbdvkTHEp5U7PrC4ErXBAV61fjv9DfRGFTIvtOM10YfrS/GeZuJYHXe +abrVliB56jiOg2tq6XrKPe6f7vZFDaan2srh0/FN/CEHom2WS7mQL+VjwwCtBZHh +aMMkg/bW9qaV0fWwi2dK97vcQzb3udgnnC6M2P6bK7og9Vfa8tW8kVtSBVjyoGu7 +1aCrAoHBAMDOO+LM8nPhju/jeWH2366YhGbRZM2lpqb6b7c/09AUC4ESK82S9AKe +1Ppa8Q5KnaI0PAg7V6CebL1EjGgzUcWZWzC7Q8u+In7ktq09G0uk6vtlfpwjx4OU +Q9DiosZdBASKmhQpmYRYawbvjQXhPIexAYSvwb+930g93+gmLOXOtg1C/y2vHtsm +JU8bCkXceC2PsCB2D8aOKlUoyutXMW8VX0VmBab0JBuTp9T+woYp5RXj2Id1CuOC +BlJZZNjpYwKBwQC9wGJxsi9EVXMM2N9JI21D5d5+lz1CTfTsGlRspMJIPZf+uFwI +QnGCH9xKzWcaMtrs330AR6IxZtZ/WjIvULYZN6z45YfnhBBN0LCa9w8w8yX3XxrF +V1pnidXPYvLzYzPIWkPav/h+Tq9wxTjUmSNAfNb/7N7XYyJaNJcNLgVO/XKqzJLd +yQtAWEZ6qs6v88iLYqx42i5RQVNTkiPZ+Vl/1AB/O2PaxqjziepKDkDeYyzlyJtH +kT1Ernd/A9+xICUCgcAszkCAflxBrcNH4DcPGw30RyFNu4+PctV9rGlVzpFso5vg +zNY9Gc925G5eF9A5IAHt9fGVgCTnAKoIeeufM33nS7IzavFgYbkmgAQr0i2LsLGi +5n07z9zHqSbxXhmxu1/5pjQUR26ToPCOVhERsrwcVHgj26xM4NUItshX7Lc2WIla +H52pgi7LgtvcvE3w2kFbZS7q/ETCQbt4utgdRNAKHo9bU1Aw8j+J4RB5oRKXlxjT +s3VYVUzIfij17ixPdD0CgcA8LTjVgy6jeCeCWIUjoAlPLuMB3A/zU3ZxeWJ7uEUj +Xjz/6ToSQBWtbW1xtKBW9RZBzbIZCgiNBqO38DqKzoKY6T/muIJniLUW5lshj5B5 +XFSanprP/vp+J8lEaTiVAAfsbt2/ZuZq+IAxwDo9oifr5NtKvexaiEJ0apx/e0yg +tvwouNj0+z89rF2INCDbWB3750mPcBRafASXyVRCwiopzfdFHZB1boUcSq7cRY2R +cTEirRqQCdUI6fmEGFMYR6A= +-----END PRIVATE KEY----- diff --git a/tests/hwsim/auth_serv/rsa3072-user.pem b/tests/hwsim/auth_serv/rsa3072-user.pem new file mode 100644 index 000000000..f26039a0c --- /dev/null +++ b/tests/hwsim/auth_serv/rsa3072-user.pem @@ -0,0 +1,105 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12505381161559820489 (0xad8c09e8fba288c9) + Signature Algorithm: sha384WithRSAEncryption + Issuer: C=FI, L=Helsinki, O=w1.fi, CN=Suite B RSA 3k Root CA + Validity + Not Before: Sep 17 18:16:40 2017 GMT + Not After : Sep 17 18:16:40 2019 GMT + Subject: C=FI, O=w1.fi, CN=user-rsa3072 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (3072 bit) + Modulus: + 00:92:77:67:8e:44:34:83:a8:37:f9:a9:c4:72:5c: + 71:72:9d:35:1d:3d:8c:34:22:5c:24:f8:87:81:de: + de:ac:a5:93:77:c5:38:a4:82:9c:8c:06:9b:14:8b: + 52:09:32:4c:31:c5:f8:e9:2f:64:8a:39:0a:70:9e: + 4e:8a:9c:bc:a5:ab:78:18:52:44:75:fe:c3:00:61: + e7:1f:45:c0:12:72:e4:38:9e:28:9d:f6:76:60:70: + b3:7b:11:ca:90:98:2a:ea:26:c0:5c:ae:a9:12:cc: + 52:11:a6:02:ac:e8:59:56:7a:a8:93:ec:fd:06:ee: + ac:e8:af:17:68:57:4f:39:ca:d4:48:49:8a:b4:8d: + 3e:21:51:a3:96:e7:9f:24:e5:f5:10:e7:36:fe:8e: + 33:b2:7d:22:66:8f:42:65:cf:0f:4f:cc:a3:24:0f: + e3:ba:98:89:35:a7:54:99:ec:81:47:c4:2f:b2:3b: + 3b:b2:4c:ce:a4:a8:5a:66:10:40:8e:0d:7d:67:d8: + ed:1a:fd:e5:61:16:db:f5:4c:73:40:39:e3:7d:6f: + 27:26:08:68:18:02:df:3b:5a:04:0a:08:c5:53:bb: + 1d:00:91:6c:f6:38:2a:f0:aa:9f:2b:36:6e:95:24: + a7:1a:84:d8:5c:6a:f8:d5:3f:62:0f:20:4b:b7:96: + c6:c2:1b:f8:81:64:13:15:7a:9b:5d:98:ee:0f:d9: + 73:37:d5:3c:9f:35:52:93:df:72:9d:89:d4:9f:20: + f2:13:85:12:00:7c:23:27:ce:f9:dd:e2:b7:82:09: + a2:fa:26:54:22:c7:fd:b4:fa:1a:d3:6d:29:8f:1b: + 67:13:2f:d8:e2:f0:5c:75:9e:aa:79:fc:c1:b7:48: + 5d:08:12:01:37:78:13:f9:53:37:3a:a8:21:38:e7: + 5f:74:fb:85:53:6b:21:6b:82:c9:a5:41:2c:a3:39: + 74:14:a0:5c:03:c8:13:17:55:a6:15:45:52:3c:b9: + b9:3f:fe:d9:a8:14:6f:20:c5:21 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + B1:4F:36:17:24:40:AD:6B:05:33:87:C4:AD:4F:4A:53:AF:F5:D6:23 + X509v3 Authority Key Identifier: + keyid:21:F7:EF:DA:C3:34:3A:ED:CD:D5:50:C0:B3:BA:09:EE:3F:80:D7:70 + + X509v3 Subject Alternative Name: + email:user-rsa3072@w1.fi + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha384WithRSAEncryption + 82:14:fb:75:bc:ee:a9:e9:9d:fa:bf:af:19:ef:d5:80:2d:c7: + 47:52:bd:a5:68:f3:38:5b:47:45:a0:54:53:48:14:1a:28:af: + 10:f7:a5:a8:4e:b6:86:12:15:b0:3f:5e:df:03:c8:d8:ae:f0: + eb:67:7e:ad:6f:93:8a:bd:16:a2:5f:70:ba:4c:61:62:d5:23: + f5:bc:a6:a6:84:25:05:f9:15:54:54:05:22:c7:28:18:df:76: + 18:f8:87:fe:50:81:7f:22:9b:4e:2e:34:62:f1:10:8a:df:78: + f8:b7:0e:e7:fe:86:46:e7:52:e4:88:85:48:d3:c9:70:7e:77: + db:1f:d1:ab:b9:34:d5:54:17:9a:f5:6b:6a:2c:1d:71:e6:ee: + 17:76:ed:6f:af:1e:47:48:33:38:43:9f:c5:3d:ab:c6:8b:03: + ec:bb:30:9f:a3:32:69:38:3f:74:76:bd:4b:39:15:5e:22:c6: + f6:e7:fb:2b:8f:f9:8a:60:00:6f:08:04:a8:a9:6f:78:ba:16: + a5:5f:82:82:cf:a9:9a:d3:b8:8e:44:71:09:3f:ae:0f:0f:f9: + a6:68:20:e9:65:a7:5a:16:b7:4b:12:53:77:77:f8:cf:34:e7: + 49:cb:1d:e8:ee:82:70:50:3a:30:1a:fe:71:ae:b2:13:95:6e: + 3c:c2:f9:49:1c:34:15:86:a2:b4:fa:4d:08:4a:92:40:66:bc: + db:76:84:d2:5e:03:4c:9e:62:78:9d:01:60:db:35:be:e3:3a: + 29:15:87:64:44:0d:8f:78:c4:ce:cc:c6:68:8d:c3:ea:42:86: + 14:de:26:26:25:1d:02:fb:e5:b9:be:8d:44:7c:75:a4:fe:13: + 63:cb:94:8f:5a:8c:86:e5:4c:fd:05:d1:3b:2f:91:9b:bb:03: + 13:71:f0:d7:b8:7f:a1:ee:4e:5b:a2:1c:22:d4:38:7a:16:62: + 50:11:5e:ab:23:14:a7:a7:5e:24:4a:0c:20:54:8b:05:56:4f: + d0:8c:c0:2d:12:ca +-----BEGIN CERTIFICATE----- +MIIEmDCCAwCgAwIBAgIJAK2MCej7oojJMA0GCSqGSIb3DQEBDAUAMFExCzAJBgNV +BAYTAkZJMREwDwYDVQQHDAhIZWxzaW5raTEOMAwGA1UECgwFdzEuZmkxHzAdBgNV +BAMMFlN1aXRlIEIgUlNBIDNrIFJvb3QgQ0EwHhcNMTcwOTE3MTgxNjQwWhcNMTkw +OTE3MTgxNjQwWjA0MQswCQYDVQQGEwJGSTEOMAwGA1UECgwFdzEuZmkxFTATBgNV +BAMMDHVzZXItcnNhMzA3MjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGB +AJJ3Z45ENIOoN/mpxHJccXKdNR09jDQiXCT4h4He3qylk3fFOKSCnIwGmxSLUgky +TDHF+OkvZIo5CnCeToqcvKWreBhSRHX+wwBh5x9FwBJy5DieKJ32dmBws3sRypCY +KuomwFyuqRLMUhGmAqzoWVZ6qJPs/QburOivF2hXTznK1EhJirSNPiFRo5bnnyTl +9RDnNv6OM7J9ImaPQmXPD0/MoyQP47qYiTWnVJnsgUfEL7I7O7JMzqSoWmYQQI4N +fWfY7Rr95WEW2/VMc0A5431vJyYIaBgC3ztaBAoIxVO7HQCRbPY4KvCqnys2bpUk +pxqE2Fxq+NU/Yg8gS7eWxsIb+IFkExV6m12Y7g/ZczfVPJ81UpPfcp2J1J8g8hOF +EgB8IyfO+d3it4IJovomVCLH/bT6GtNtKY8bZxMv2OLwXHWeqnn8wbdIXQgSATd4 +E/lTNzqoITjnX3T7hVNrIWuCyaVBLKM5dBSgXAPIExdVphVFUjy5uT/+2agUbyDF +IQIDAQABo4GPMIGMMAkGA1UdEwQCMAAwHQYDVR0OBBYEFLFPNhckQK1rBTOHxK1P +SlOv9dYjMB8GA1UdIwQYMBaAFCH379rDNDrtzdVQwLO6Ce4/gNdwMB0GA1UdEQQW +MBSBEnVzZXItcnNhMzA3MkB3MS5maTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV +HQ8EBAMCBaAwDQYJKoZIhvcNAQEMBQADggGBAIIU+3W87qnpnfq/rxnv1YAtx0dS +vaVo8zhbR0WgVFNIFBoorxD3pahOtoYSFbA/Xt8DyNiu8Otnfq1vk4q9FqJfcLpM +YWLVI/W8pqaEJQX5FVRUBSLHKBjfdhj4h/5QgX8im04uNGLxEIrfePi3Duf+hkbn +UuSIhUjTyXB+d9sf0au5NNVUF5r1a2osHXHm7hd27W+vHkdIMzhDn8U9q8aLA+y7 +MJ+jMmk4P3R2vUs5FV4ixvbn+yuP+YpgAG8IBKipb3i6FqVfgoLPqZrTuI5EcQk/ +rg8P+aZoIOllp1oWt0sSU3d3+M8050nLHejugnBQOjAa/nGushOVbjzC+UkcNBWG +orT6TQhKkkBmvNt2hNJeA0yeYnidAWDbNb7jOikVh2REDY94xM7MxmiNw+pChhTe +JiYlHQL75bm+jUR8daT+E2PLlI9ajIblTP0F0TsvkZu7AxNx8Ne4f6HuTluiHCLU +OHoWYlARXqsjFKenXiRKDCBUiwVWT9CMwC0Syg== +-----END CERTIFICATE----- diff --git a/tests/hwsim/test_suite_b.py b/tests/hwsim/test_suite_b.py index eed52dce5..518ef81f3 100644 --- a/tests/hwsim/test_suite_b.py +++ b/tests/hwsim/test_suite_b.py @@ -302,3 +302,130 @@ def test_suite_b_192_mic_failure(dev, apdev): pairwise="GCMP-256", group="GCMP-256", scan_freq="2412", wait_connect=False) dev[0].wait_disconnected() + +def suite_b_192_rsa_ap_params(): + params = { "ssid": "test-suite-b", + "wpa": "2", + "wpa_key_mgmt": "WPA-EAP-SUITE-B-192", + "rsn_pairwise": "GCMP-256", + "group_mgmt_cipher": "BIP-GMAC-256", + "ieee80211w": "2", + "ieee8021x": "1", + "tls_flags": "[SUITEB]", + "dh_file": "auth_serv/dh_param_3072.pem", + "eap_server": "1", + "eap_user_file": "auth_serv/eap_user.conf", + "ca_cert": "auth_serv/rsa3072-ca.pem", + "server_cert": "auth_serv/rsa3072-server.pem", + "private_key": "auth_serv/rsa3072-server.key" } + return params + +def test_suite_b_192_rsa(dev, apdev): + """WPA2/GCMP-256 connection at Suite B 192-bit level and RSA""" + run_suite_b_192_rsa(dev, apdev) + +def test_suite_b_192_rsa_ecdhe(dev, apdev): + """WPA2/GCMP-256 connection at Suite B 192-bit level and RSA (ECDHE)""" + run_suite_b_192_rsa(dev, apdev, no_dhe=True) + +def test_suite_b_192_rsa_dhe(dev, apdev): + """WPA2/GCMP-256 connection at Suite B 192-bit level and RSA (DHE)""" + run_suite_b_192_rsa(dev, apdev, no_ecdh=True) + +def run_suite_b_192_rsa(dev, apdev, no_ecdh=False, no_dhe=False): + check_suite_b_192_capa(dev) + dev[0].flush_scan_cache() + params = suite_b_192_rsa_ap_params() + if no_ecdh: + params["tls_flags"] = "[SUITEB-NO-ECDH]" + if no_dhe: + del params["dh_file"] + hapd = hostapd.add_ap(apdev[0], params) + + dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192", + ieee80211w="2", + phase1="tls_suiteb=1", + eap="TLS", identity="tls user", + ca_cert="auth_serv/rsa3072-ca.pem", + client_cert="auth_serv/rsa3072-user.pem", + private_key="auth_serv/rsa3072-user.key", + pairwise="GCMP-256", group="GCMP-256", scan_freq="2412") + tls_cipher = dev[0].get_status_field("EAP TLS cipher") + if tls_cipher != "ECDHE-RSA-AES256-GCM-SHA384" and tls_cipher != "DHE-RSA-AES256-GCM-SHA384": + raise Exception("Unexpected TLS cipher: " + tls_cipher) + cipher = dev[0].get_status_field("mgmt_group_cipher") + if cipher != "BIP-GMAC-256": + raise Exception("Unexpected mgmt_group_cipher: " + cipher) + + bss = dev[0].get_bss(apdev[0]['bssid']) + if 'flags' not in bss: + raise Exception("Could not get BSS flags from BSS table") + if "[WPA2-EAP-SUITE-B-192-GCMP-256]" not in bss['flags']: + raise Exception("Unexpected BSS flags: " + bss['flags']) + + dev[0].request("DISCONNECT") + dev[0].wait_disconnected(timeout=20) + dev[0].dump_monitor() + dev[0].request("RECONNECT") + ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED", + "CTRL-EVENT-CONNECTED"], timeout=20) + if ev is None: + raise Exception("Roaming with the AP timed out") + if "CTRL-EVENT-EAP-STARTED" in ev: + raise Exception("Unexpected EAP exchange") + + conf = hapd.get_config() + if conf['key_mgmt'] != 'WPA-EAP-SUITE-B-192': + raise Exception("Unexpected config key_mgmt: " + conf['key_mgmt']) + +def test_suite_b_192_rsa_insufficient_key(dev, apdev): + """WPA2/GCMP-256 connection at Suite B 192-bit level and RSA with insufficient key length""" + check_suite_b_192_capa(dev) + dev[0].flush_scan_cache() + params = suite_b_192_rsa_ap_params() + params["ca_cert"] = "auth_serv/ca.pem" + params["server_cert"] = "auth_serv/server.pem" + params["private_key"] = "auth_serv/server.key" + hapd = hostapd.add_ap(apdev[0], params) + + dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192", + ieee80211w="2", + phase1="tls_suiteb=1", + eap="TLS", identity="tls user", + ca_cert="auth_serv/ca.pem", + client_cert="auth_serv/user.pem", + private_key="auth_serv/user.key", + pairwise="GCMP-256", group="GCMP-256", scan_freq="2412", + wait_connect=False) + ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10) + dev[0].request("DISCONNECT") + if ev is None: + raise Exception("Certificate error not reported") + if "reason=11" not in ev or "err='Insufficient RSA modulus size'" not in ev: + raise Exception("Unexpected error reason: " + ev) + +def test_suite_b_192_rsa_insufficient_dh(dev, apdev): + """WPA2/GCMP-256 connection at Suite B 192-bit level and RSA with insufficient DH key length""" + check_suite_b_192_capa(dev) + dev[0].flush_scan_cache() + params = suite_b_192_rsa_ap_params() + params["tls_flags"] = "[SUITEB-NO-ECDH]" + params["dh_file"] = "auth_serv/dh.conf" + hapd = hostapd.add_ap(apdev[0], params) + + dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192", + ieee80211w="2", + phase1="tls_suiteb=1", + eap="TLS", identity="tls user", + ca_cert="auth_serv/rsa3072-ca.pem", + client_cert="auth_serv/rsa3072-user.pem", + private_key="auth_serv/rsa3072-user.key", + pairwise="GCMP-256", group="GCMP-256", scan_freq="2412", + wait_connect=False) + ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS status='local TLS alert'"], + timeout=10) + dev[0].request("DISCONNECT") + if ev is None: + raise Exception("DH error not reported") + if "insufficient security" not in ev and "internal error" not in ev: + raise Exception("Unexpected error reason: " + ev)