From: James Prestwood <prestwoj@gmail.com>
To: iwd@lists.01.org
Subject: [PATCH v2 3/3] unit: add test for embedded certs to test-eapol
Date: Mon, 07 Oct 2019 11:06:04 -0700 [thread overview]
Message-ID: <20191007180604.1943-3-prestwoj@gmail.com> (raw)
In-Reply-To: <20191007180604.1943-1-prestwoj@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 6614 bytes --]
Refactored eapol_sm_test_tls to take a l_settings object rather than
a settings string. This lets the caller either load from data or
from file (the new test loads the build time generated tls-settings
file).
---
unit/test-eapol.c | 65 ++++++++++++++++++++++++++++++++++++-----------
1 file changed, 50 insertions(+), 15 deletions(-)
diff --git a/unit/test-eapol.c b/unit/test-eapol.c
index 933d9522..1fe39b0c 100644
--- a/unit/test-eapol.c
+++ b/unit/test-eapol.c
@@ -2886,7 +2886,7 @@ static void test_handshake_event(struct handshake_state *hs,
}
static void eapol_sm_test_tls(struct eapol_8021x_tls_test_state *s,
- const char *config)
+ struct l_settings *config)
{
static const unsigned char ap_wpa_ie[] = {
0xdd, 0x16, 0x00, 0x50, 0xf2, 0x01, 0x01, 0x00,
@@ -2898,7 +2898,6 @@ static void eapol_sm_test_tls(struct eapol_8021x_tls_test_state *s,
struct handshake_state *hs;
struct test_handshake_state *ths;
struct eapol_sm *sm;
- struct l_settings *settings;
uint8_t tx_buf[2000];
size_t header_len, data_len, tx_len;
bool start;
@@ -2933,13 +2932,9 @@ static void eapol_sm_test_tls(struct eapol_8021x_tls_test_state *s,
handshake_state_set_authenticator_ie(hs, ap_wpa_ie);
- settings = l_settings_new();
- l_settings_load_from_data(settings, config, strlen(config));
- handshake_state_set_8021x_config(hs, settings);
+ handshake_state_set_8021x_config(hs, config);
eapol_start(sm);
- l_settings_free(settings);
-
__eapol_set_tx_packet_func(verify_8021x_identity_resp);
s->pending_req = 1;
__eapol_rx_packet(1, ap_address, ETH_P_PAE, eap_identity_req,
@@ -3152,25 +3147,48 @@ done:
static void eapol_sm_test_eap_tls(const void *data)
{
- static const char *eapol_8021x_config = "[Security]\n"
+ static const char *config_8021x = "[Security]\n"
"EAP-Method=TLS\n"
"EAP-Identity=abc(a)example.com\n"
"EAP-TLS-CACert=" CERTDIR "cert-ca.pem\n"
"EAP-TLS-ClientCert=" CERTDIR "cert-client.pem\n"
"EAP-TLS-ClientKey=" CERTDIR "cert-client-key-pkcs8.pem";
struct eapol_8021x_tls_test_state s = {};
+ struct l_settings* config = l_settings_new();
+
+ l_settings_load_from_data(config, config_8021x, strlen(config_8021x));
s.app_data_cb = eapol_sm_test_tls_new_data;
s.ready_cb = eapol_sm_test_tls_test_ready;
s.disconnect_cb = eapol_sm_test_tls_test_disconnected;
s.method = EAP_TYPE_TLS;
- eapol_sm_test_tls(&s, eapol_8021x_config);
+ eapol_sm_test_tls(&s, config);
+
+ l_settings_free(config);
+}
+
+static void eapol_sm_test_eap_tls_embedded(const void *data)
+{
+ struct eapol_8021x_tls_test_state s = {};
+ struct l_settings *config;
+
+ config = l_settings_new();
+ l_settings_load_from_file(config, CERTDIR "tls-settings.8021x");
+
+ s.app_data_cb = eapol_sm_test_tls_new_data;
+ s.ready_cb = eapol_sm_test_tls_test_ready;
+ s.disconnect_cb = eapol_sm_test_tls_test_disconnected;
+ s.method = EAP_TYPE_TLS;
+
+ eapol_sm_test_tls(&s, config);
+
+ l_settings_free(config);
}
static void eapol_sm_test_eap_tls_subject_good(const void *data)
{
- static const char *eapol_8021x_config = "[Security]\n"
+ static const char *config_8021x = "[Security]\n"
"EAP-Method=TLS\n"
"EAP-Identity=abc(a)example.com\n"
"EAP-TLS-CACert=" CERTDIR "cert-ca.pem\n"
@@ -3178,18 +3196,23 @@ static void eapol_sm_test_eap_tls_subject_good(const void *data)
"EAP-TLS-ClientKey=" CERTDIR "cert-client-key-pkcs8.pem\n"
"EAP-TLS-ServerDomainMask=bad.example.org;*.example.org";
struct eapol_8021x_tls_test_state s = {};
+ struct l_settings* config = l_settings_new();
+
+ l_settings_load_from_data(config, config_8021x, strlen(config_8021x));
s.app_data_cb = eapol_sm_test_tls_new_data;
s.ready_cb = eapol_sm_test_tls_test_ready;
s.disconnect_cb = eapol_sm_test_tls_test_disconnected;
s.method = EAP_TYPE_TLS;
- eapol_sm_test_tls(&s, eapol_8021x_config);
+ eapol_sm_test_tls(&s, config);
+
+ l_settings_free(config);
}
static void eapol_sm_test_eap_tls_subject_bad(const void *data)
{
- static const char *eapol_8021x_config = "[Security]\n"
+ static const char *config_8021x = "[Security]\n"
"EAP-Method=TLS\n"
"EAP-Identity=abc(a)example.com\n"
"EAP-TLS-CACert=" CERTDIR "cert-ca.pem\n"
@@ -3197,6 +3220,9 @@ static void eapol_sm_test_eap_tls_subject_bad(const void *data)
"EAP-TLS-ClientKey=" CERTDIR "cert-client-key-pkcs8.pem\n"
"EAP-TLS-ServerDomainMask=bad.example.org";
struct eapol_8021x_tls_test_state s = {};
+ struct l_settings* config = l_settings_new();
+
+ l_settings_load_from_data(config, config_8021x, strlen(config_8021x));
s.app_data_cb = eapol_sm_test_tls_new_data;
s.ready_cb = eapol_sm_test_tls_test_ready;
@@ -3204,7 +3230,9 @@ static void eapol_sm_test_eap_tls_subject_bad(const void *data)
s.method = EAP_TYPE_TLS;
s.expect_handshake_fail = true;
- eapol_sm_test_tls(&s, eapol_8021x_config);
+ eapol_sm_test_tls(&s, config);
+
+ l_settings_free(config);
}
static const uint8_t eap_ttls_eap_identity_avp[] = {
@@ -3267,7 +3295,7 @@ static void eapol_sm_test_eap_ttls_test_ready(const char *peer_identity,
static void eapol_sm_test_eap_ttls_md5(const void *data)
{
- static const char *eapol_8021x_config = "[Security]\n"
+ static const char *config_8021x = "[Security]\n"
"EAP-Method=TTLS\n"
"EAP-Identity=abc(a)example.com\n"
"EAP-TTLS-CACert=" CERTDIR "cert-ca.pem\n"
@@ -3277,13 +3305,18 @@ static void eapol_sm_test_eap_ttls_md5(const void *data)
"EAP-TTLS-Phase2-Identity=abc(a)example.com\n"
"EAP-TTLS-Phase2-Password=testpasswd";
struct eapol_8021x_eap_ttls_test_state s = {};
+ struct l_settings* config = l_settings_new();
+
+ l_settings_load_from_data(config, config_8021x, strlen(config_8021x));
s.tls.app_data_cb = eapol_sm_test_eap_ttls_new_data;
s.tls.ready_cb = eapol_sm_test_eap_ttls_test_ready;
s.tls.disconnect_cb = eapol_sm_test_tls_test_disconnected;
s.tls.method = EAP_TYPE_TTLS;
- eapol_sm_test_tls(&s.tls, eapol_8021x_config);
+ eapol_sm_test_tls(&s.tls, config);
+
+ l_settings_free(config);
}
static const uint8_t eap_ttls_start_req[] = {
@@ -3605,6 +3638,8 @@ int main(int argc, char *argv[])
&eapol_sm_test_eap_tls_subject_good, NULL);
l_test_add("EAPoL/8021x EAP-TLS subject name mismatch",
&eapol_sm_test_eap_tls_subject_bad, NULL);
+ l_test_add("EAPoL/8021x EAP-TLS embedded certs",
+ &eapol_sm_test_eap_tls_embedded, NULL);
}
l_test_add("EAPoL/FT-Using-PSK 4-Way Handshake",
--
2.17.1
prev parent reply other threads:[~2019-10-07 18:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-07 18:06 [PATCH v2 1/3] eap-tls-common: allow embedded PEMs in settings James Prestwood
2019-10-07 18:06 ` [PATCH v2 2/3] build: generate tls config for unit tests James Prestwood
2019-10-07 18:06 ` James Prestwood [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191007180604.1943-3-prestwoj@gmail.com \
--to=prestwoj@gmail.com \
--cc=iwd@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox