From b092d8ee636f3c9239e546b7d9233b2c68eb968e Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 25 May 2022 20:19:52 +0300 Subject: [PATCH] tests: imsi_privacy_attr Signed-off-by: Jouni Malinen --- tests/hwsim/test_ap_eap.py | 36 ++++++++++++++++++++++++++++++++++++ tests/hwsim/test_ap_hs20.py | 11 ++++++++++- tests/hwsim/wpasupplicant.py | 5 +++-- 3 files changed, 49 insertions(+), 3 deletions(-) diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index 9eebaf53f..f5f77faa5 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -363,6 +363,24 @@ def test_ap_wpa2_eap_sim_imsi_privacy_key(dev, apdev): password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581") eap_reauth(dev[0], "SIM") +def test_ap_wpa2_eap_sim_imsi_privacy_attr(dev, apdev): + """WPA2-Enterprise connection using EAP-SIM and imsi_privacy_cert/attr""" + tls = dev[0].request("GET tls_library") + if not tls.startswith("OpenSSL"): + raise HwsimSkip("IMSI privacy not supported with this TLS library: " + tls) + check_hlr_auc_gw_support() + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hapd = hostapd.add_ap(apdev[0], params) + tls = hapd.request("GET tls_library") + if not tls.startswith("OpenSSL"): + raise HwsimSkip("IMSI privacy not supported with this TLS library: " + tls) + + eap_connect(dev[0], hapd, "SIM", + "1232010000000000@wlan.mnc232.mcc02.3gppnetwork.org", + imsi_privacy_cert="auth_serv/imsi-privacy-cert.pem", + imsi_privacy_attr="name=value", + password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581") + def test_ap_wpa2_eap_sim_sql(dev, apdev, params): """WPA2-Enterprise connection using EAP-SIM (SQL)""" check_hlr_auc_gw_support() @@ -1148,6 +1166,24 @@ def test_ap_wpa2_eap_aka_imsi_privacy_key(dev, apdev): password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123") eap_reauth(dev[0], "AKA") +def test_ap_wpa2_eap_aka_imsi_privacy_attr(dev, apdev): + """WPA2-Enterprise connection using EAP-AKA and imsi_privacy_cert/attr""" + tls = dev[0].request("GET tls_library") + if not tls.startswith("OpenSSL"): + raise HwsimSkip("IMSI privacy not supported with this TLS library: " + tls) + check_hlr_auc_gw_support() + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hapd = hostapd.add_ap(apdev[0], params) + tls = hapd.request("GET tls_library") + if not tls.startswith("OpenSSL"): + raise HwsimSkip("IMSI privacy not supported with this TLS library: " + tls) + + eap_connect(dev[0], hapd, "AKA", + "0232010000000000@wlan.mnc232.mcc02.3gppnetwork.org", + imsi_privacy_cert="auth_serv/imsi-privacy-cert.pem", + imsi_privacy_attr="Name=Value", + password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123") + def test_ap_wpa2_eap_aka_imsi_privacy_key_expired(dev, apdev): """WPA2-Enterprise connection using EAP-AKA and expired imsi_privacy_cert""" tls = dev[0].request("GET tls_library") diff --git a/tests/hwsim/test_ap_hs20.py b/tests/hwsim/test_ap_hs20.py index 7255b1c45..c981b3547 100644 --- a/tests/hwsim/test_ap_hs20.py +++ b/tests/hwsim/test_ap_hs20.py @@ -530,7 +530,8 @@ def test_ap_hs20_select(dev, apdev): 'domain': "example.org"}) interworking_select(dev[0], bssid2, "home", freq="2412") -def hs20_simulated_sim(dev, ap, method, imsi_privacy=False): +def hs20_simulated_sim(dev, ap, method, imsi_privacy=False, + imsi_privacy_attr=False): bssid = ap['bssid'] params = hs20_ap_params() params['hessid'] = bssid @@ -546,6 +547,8 @@ def hs20_simulated_sim(dev, ap, method, imsi_privacy=False): if not tls.startswith("OpenSSL"): raise HwsimSkip("IMSI privacy not supported with this TLS library: " + tls) params['imsi_privacy_cert'] = "auth_serv/imsi-privacy-cert.pem" + if imsi_privacy_attr: + params['imsi_privacy_attr'] = "Identifier=1234567" dev.add_cred_values(params) interworking_select(dev, bssid, "home", freq="2412") interworking_connect(dev, bssid, method) @@ -615,6 +618,12 @@ def test_ap_hs20_aka_imsi_privacy(dev, apdev): hlr_auc_gw_available() hs20_simulated_sim(dev[0], apdev[0], "AKA", imsi_privacy=True) +def test_ap_hs20_aka_imsi_privacy_attr(dev, apdev): + """Hotspot 2.0 with simulated USIM and EAP-AKA with IMSI privacy/attr""" + hlr_auc_gw_available() + hs20_simulated_sim(dev[0], apdev[0], "AKA", imsi_privacy=True, + imsi_privacy_attr=True) + def test_ap_hs20_aka_prime(dev, apdev): """Hotspot 2.0 with simulated USIM and EAP-AKA'""" hlr_auc_gw_available() diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py index b864db30a..f95b2a61a 100644 --- a/tests/hwsim/wpasupplicant.py +++ b/tests/hwsim/wpasupplicant.py @@ -454,7 +454,8 @@ class WpaSupplicant: "excluded_ssid", "milenage", "ca_cert", "client_cert", "private_key", "domain_suffix_match", "provisioning_sp", "roaming_partner", "phase1", "phase2", "private_key_passwd", - "roaming_consortiums", "imsi_privacy_cert"] + "roaming_consortiums", "imsi_privacy_cert", + "imsi_privacy_attr"] for field in quoted: if field in params: self.set_cred_quoted(id, field, params[field]) @@ -1083,7 +1084,7 @@ class WpaSupplicant: "sae_password_id", "check_cert_subject", "machine_ca_cert", "machine_client_cert", "machine_private_key", "machine_phase2", - "imsi_identity", "imsi_privacy_cert"] + "imsi_identity", "imsi_privacy_cert", "imsi_privacy_attr"] for field in quoted: if field in kwargs and kwargs[field]: self.set_network_quoted(id, field, kwargs[field])