server/site_tests/network_WiFiSecMat/019CheckWPA_1x_AES - mirrors/cros/chromiumos/third_party/autotest - Git at Google

 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 # Try 802.1x authentication.  The supplicant must be restarted between
 # trials because it is "sticky" with regards to various parameters
 # related to certificate authentication.  A thread is currently afoot
 # in the hostap mailing list about this, but for the time being we will
 # do supplicant restarts to test.

 { "name":"Check1x_AES",
   "steps":[             # Channel [any]
     [ "create",         { "type":"hostap" } ],
     [ "install_files",  { "system" : "router",
                           "files" :
                             { "/tmp/hostapd_ca_cert" :
                                 site_eap_certs.ca_cert_1,
                               "/tmp/hostapd_server_cert" :
                                 site_eap_certs.server_cert_1,
                               "/tmp/hostapd_private_key" :
                                 site_eap_certs.server_private_key_1,
                               "/tmp/hostapd_expired_server_cert" :
                                 site_eap_certs.server_expired_cert,
                               "/tmp/hostapd_expired_server_key" :
                                 site_eap_certs.server_expired_key,
                               "/tmp/hostapd_eap_user_file" :
                                 "* TLS"} } ],
     [ "config",         { "channel":"2412", "mode":"11g",
                           "wpa":"1", "wpa_key_mgmt":"WPA-EAP",
                           "wpa_pairwise":"CCMP", "ieee8021x":"1",
                           "eap_server" : "1",
                           "ca_cert" : "/tmp/hostapd_ca_cert",
                           "server_cert" : "/tmp/hostapd_server_cert",
                           "private_key" : "/tmp/hostapd_private_key",
                           "eap_user_file" : "/tmp/hostapd_eap_user_file"} ],

     [ "install_files",  { "system" : "client",
                           "files" :
                             { "/tmp/pkg-client-cert.pem" :
                                 site_eap_certs.client_cert_1,
                               "/tmp/pkg-client-key.pem" :
                                 site_eap_certs.client_private_key_1,
                               "/tmp/pkg-client-cert-other.pem" :
                                 site_eap_certs.client_cert_2,
                               "/tmp/pkg-client-key-other.pem" :
                                 site_eap_certs.client_private_key_2,
                               "/tmp/ca-cert.pem" :
                                 site_eap_certs.ca_cert_1,
                               "/tmp/ca-cert-other.pem" :
                                 site_eap_certs.ca_cert_2} } ],

     [ "connect",  {"security":"802_1x",
                           "psk" : "EAP.Identity:chromeos"
                           ":EAP.ClientCert:/tmp/pkg-client-cert.pem"
                           ":EAP.PrivateKey:/tmp/pkg-client-key.pem"
                           ":EAP.CACert:/tmp/ca-cert.pem"} ],

     [ "client_ping",    { "count":"10" } ],
     [ "disconnect" ],

     # Ensure authentication fails if server's cert is missing.
     [ "restart_supplicant" ],
     [ "config",         { "ssid_suffix":"t1" } ],
     [ "!connect",       { "security":"802_1x",
                           "psk" : "EAP.Identity:chromeos"
                           ":EAP.ClientCert:/tmp/pkg-client-cert.pem"
                           ":EAP.PrivateKey:/tmp/pkg-client-key.pem"},
                           "TLS: Certificate verification failed"],

     # Ensure authentication fails if server's cert doesn't match our CA cert.
     [ "restart_supplicant" ],
     [ "config",         { "ssid_suffix":"t2" } ],
     [ "!connect",       { "security":"802_1x",
                           "psk" : "EAP.Identity:chromeos"
                           ":EAP.ClientCert:/tmp/pkg-client-cert.pem"
                           ":EAP.PrivateKey:/tmp/pkg-client-key.pem"
                           ":EAP.CACert:/tmp/ca-cert-other.pem"},
                           "TLS: Certificate verification failed"],

     # Try authenticating using the wrong client certiificate.
     [ "restart_supplicant" ],
     [ "config",         { "ssid_suffix":"t3" } ],
     [ "!connect",       { "security":"802_1x",
                           "psk" : "EAP.Identity:chromeos"
                           ":EAP.ClientCert:/tmp/pkg-client-cert-other.pem"
                           ":EAP.PrivateKey:/tmp/pkg-client-key-other.pem"
                           ":EAP.CACert:/tmp/ca-cert.pem"},
                           "SSL: SSL3 alert: read "
                           "\(remote end reported an error\):fatal:unknown CA" ],
     [ "disconnect" ],

     # Try authenticating using an expired server certiificate.
     [ "restart_supplicant" ],
     [ "config",         { "ssid_suffix":"t4",
                           "server_cert" : "/tmp/hostapd_expired_server_cert",
                           "private_key" : "/tmp/hostapd_expired_server_key"
                         } ],
     [ "!connect", { "security":"802_1x",
                           "psk" : "EAP.Identity:chromeos"
                           ":EAP.ClientCert:/tmp/pkg-client-cert.pem"
                           ":EAP.PrivateKey:/tmp/pkg-client-key.pem"
                           ":EAP.CACert:/tmp/ca-cert.pem"},
                           "TLS: Certificate verification failed, error 10 "
                           "\(certificate has expired\)"
                           ],
     [ "destroy" ],
   ],
 }
	# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	# Try 802.1x authentication. The supplicant must be restarted between
	# trials because it is "sticky" with regards to various parameters
	# related to certificate authentication. A thread is currently afoot
	# in the hostap mailing list about this, but for the time being we will
	# do supplicant restarts to test.

	{ "name":"Check1x_AES",
	"steps":[ # Channel [any]
	[ "create", { "type":"hostap" } ],
	[ "install_files", { "system" : "router",
	"files" :
	{ "/tmp/hostapd_ca_cert" :
	site_eap_certs.ca_cert_1,
	"/tmp/hostapd_server_cert" :
	site_eap_certs.server_cert_1,
	"/tmp/hostapd_private_key" :
	site_eap_certs.server_private_key_1,
	"/tmp/hostapd_expired_server_cert" :
	site_eap_certs.server_expired_cert,
	"/tmp/hostapd_expired_server_key" :
	site_eap_certs.server_expired_key,
	"/tmp/hostapd_eap_user_file" :
	"* TLS"} } ],
	[ "config", { "channel":"2412", "mode":"11g",
	"wpa":"1", "wpa_key_mgmt":"WPA-EAP",
	"wpa_pairwise":"CCMP", "ieee8021x":"1",
	"eap_server" : "1",
	"ca_cert" : "/tmp/hostapd_ca_cert",
	"server_cert" : "/tmp/hostapd_server_cert",
	"private_key" : "/tmp/hostapd_private_key",
	"eap_user_file" : "/tmp/hostapd_eap_user_file"} ],

	[ "install_files", { "system" : "client",
	"files" :
	{ "/tmp/pkg-client-cert.pem" :
	site_eap_certs.client_cert_1,
	"/tmp/pkg-client-key.pem" :
	site_eap_certs.client_private_key_1,
	"/tmp/pkg-client-cert-other.pem" :
	site_eap_certs.client_cert_2,
	"/tmp/pkg-client-key-other.pem" :
	site_eap_certs.client_private_key_2,
	"/tmp/ca-cert.pem" :
	site_eap_certs.ca_cert_1,
	"/tmp/ca-cert-other.pem" :
	site_eap_certs.ca_cert_2} } ],

	[ "connect", {"security":"802_1x",
	"psk" : "EAP.Identity:chromeos"
	":EAP.ClientCert:/tmp/pkg-client-cert.pem"
	":EAP.PrivateKey:/tmp/pkg-client-key.pem"
	":EAP.CACert:/tmp/ca-cert.pem"} ],

	[ "client_ping", { "count":"10" } ],
	[ "disconnect" ],

	# Ensure authentication fails if server's cert is missing.
	[ "restart_supplicant" ],
	[ "config", { "ssid_suffix":"t1" } ],
	[ "!connect", { "security":"802_1x",
	"psk" : "EAP.Identity:chromeos"
	":EAP.ClientCert:/tmp/pkg-client-cert.pem"
	":EAP.PrivateKey:/tmp/pkg-client-key.pem"},
	"TLS: Certificate verification failed"],

	# Ensure authentication fails if server's cert doesn't match our CA cert.
	[ "restart_supplicant" ],
	[ "config", { "ssid_suffix":"t2" } ],
	[ "!connect", { "security":"802_1x",
	"psk" : "EAP.Identity:chromeos"
	":EAP.ClientCert:/tmp/pkg-client-cert.pem"
	":EAP.PrivateKey:/tmp/pkg-client-key.pem"
	":EAP.CACert:/tmp/ca-cert-other.pem"},
	"TLS: Certificate verification failed"],

	# Try authenticating using the wrong client certiificate.
	[ "restart_supplicant" ],
	[ "config", { "ssid_suffix":"t3" } ],
	[ "!connect", { "security":"802_1x",
	"psk" : "EAP.Identity:chromeos"
	":EAP.ClientCert:/tmp/pkg-client-cert-other.pem"
	":EAP.PrivateKey:/tmp/pkg-client-key-other.pem"
	":EAP.CACert:/tmp/ca-cert.pem"},
	"SSL: SSL3 alert: read "
	"\(remote end reported an error\):fatal:unknown CA" ],
	[ "disconnect" ],

	# Try authenticating using an expired server certiificate.
	[ "restart_supplicant" ],
	[ "config", { "ssid_suffix":"t4",
	"server_cert" : "/tmp/hostapd_expired_server_cert",
	"private_key" : "/tmp/hostapd_expired_server_key"
	} ],
	[ "!connect", { "security":"802_1x",
	"psk" : "EAP.Identity:chromeos"
	":EAP.ClientCert:/tmp/pkg-client-cert.pem"
	":EAP.PrivateKey:/tmp/pkg-client-key.pem"
	":EAP.CACert:/tmp/ca-cert.pem"},
	"TLS: Certificate verification failed, error 10 "
	"\(certificate has expired\)"
	],
	[ "destroy" ],
	],
	}