This can be used to run WPA2-Enterprise test cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
cd ../hostapd
cp ../tests/hwsim/example-hostapd.config .config
make clean
-make
+make hostapd hlr_auc_gw
cd ../wlantest
make clean
make
- tcpdump = tcpdump output
- run = debug prints from the test scripts
- trace.dat = Linux tracing record (if enabled)
+- hlr_auc_gw - hlr_auc_gw (EAP-SIM/AKA/AKA' authentication) log
+- auth_serv - hostapd as RADIUS authentication server log
For manual testing, ./start.sh can be used to initialize interfaces and
--- /dev/null
+driver=none
+radius_server_clients=auth_serv/radius_clients.conf
+eap_server=1
+eap_user_file=auth_serv/eap_user.conf
+
+ca_cert=auth_serv/ca.pem
+server_cert=auth_serv/server.pem
+private_key=auth_serv/server.key
+server_id=server.w1.fi
+eap_sim_db=unix:/tmp/hlr_auc_gw.sock
+dh_file=auth_serv/dh.conf
+pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f
+eap_fast_a_id=101112131415161718191a1b1c1d1e1f
+eap_fast_a_id_info=test server
+eap_sim_aka_result_ind=1
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 15624081837803162817 (0xd8d3e3a6cbe3ccc1)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=FI, O=w1.fi, CN=Root CA
+ Validity
+ Not Before: Jun 29 16:41:22 2013 GMT
+ Not After : Jun 27 16:41:22 2023 GMT
+ Subject: C=FI, O=w1.fi, CN=Root CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:be:1e:86:e4:79:03:c1:d1:94:d5:d4:b3:b1:28:
+ 90:76:fb:b8:a6:cd:6d:1c:d1:48:f4:08:9a:67:ff:
+ f9:a6:54:b1:19:29:df:29:1b:cd:f1:6f:66:01:e7:
+ db:79:ce:c0:39:2a:25:13:26:94:0c:2c:7b:5a:2c:
+ 81:0f:94:ee:51:d0:75:e6:46:db:17:46:a7:15:8b:
+ 0e:57:0f:b0:54:76:63:12:ca:86:18:bc:1a:c3:16:
+ c0:70:09:d6:6b:43:39:b8:98:29:46:ac:cb:6a:ad:
+ 38:88:3b:07:dc:81:cd:3a:f6:1d:f6:2f:ef:1d:d7:
+ ae:8a:b6:d1:e7:b3:15:02:b9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
+ X509v3 Authority Key Identifier:
+ keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 1a:cf:77:60:44:43:c4:55:0e:99:e0:89:aa:b9:d3:7b:32:b7:
+ 5c:9c:7c:ca:fe:8c:d4:94:c6:5e:f3:83:19:5f:29:59:68:a4:
+ 4f:dc:04:2e:b8:71:c0:6d:3b:ae:01:e4:b9:88:99:cc:ce:82:
+ be:6a:28:c2:ac:6a:94:c6:87:90:ed:85:3c:10:71:c5:ff:3c:
+ 70:64:e2:41:62:31:ea:86:7b:11:8c:93:ea:c6:f3:f3:4e:f9:
+ d4:f2:81:90:d7:f4:fa:a1:91:6e:d4:dd:15:3e:26:3b:ac:1e:
+ c3:c2:1f:ed:bb:34:bf:cb:b2:67:c6:c6:51:e8:51:22:b4:f3:
+ 92:e8
+-----BEGIN CERTIFICATE-----
+MIICLDCCAZWgAwIBAgIJANjT46bL48zBMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV
+BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xMzA2
+MjkxNjQxMjJaFw0yMzA2MjcxNjQxMjJaMC8xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
+DAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAvh6G5HkDwdGU1dSzsSiQdvu4ps1tHNFI9AiaZ//5plSxGSnfKRvN8W9m
+Aefbec7AOSolEyaUDCx7WiyBD5TuUdB15kbbF0anFYsOVw+wVHZjEsqGGLwawxbA
+cAnWa0M5uJgpRqzLaq04iDsH3IHNOvYd9i/vHdeuirbR57MVArkCAwEAAaNQME4w
+HQYDVR0OBBYEFLiS3v2KGLMww59V8zNdtMgpikEUMB8GA1UdIwQYMBaAFLiS3v2K
+GLMww59V8zNdtMgpikEUMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
+Gs93YERDxFUOmeCJqrnTezK3XJx8yv6M1JTGXvODGV8pWWikT9wELrhxwG07rgHk
+uYiZzM6CvmoowqxqlMaHkO2FPBBxxf88cGTiQWIx6oZ7EYyT6sbz80751PKBkNf0
++qGRbtTdFT4mO6wew8If7bs0v8uyZ8bGUehRIrTzkug=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAP3V8IHq3H2DUlYywsvjYNuS17eCdt0mJo6/os6PHqdhgkMrPxF9u4Gr
+qKXq9e6GqmZYdjta30N3FkXaV924BJ0xOqb2TntiKg4u50/l6hSUneWt6UFBaizd
+XrqjNFIme/5RXMZ7RglXliBpCepAaFLMcKhOS4ulUyYYHSy+oqRjAgEC
+-----END DH PARAMETERS-----
--- /dev/null
+"0"* AKA
+"1"* SIM
+"2"* AKA
+"3"* SIM
+"4"* AKA
+"5"* SIM
+"6"* AKA'
+"7"* AKA'
+"8"* AKA'
+* TTLS,TLS,PEAP,FAST,SIM,AKA',AKA
+
+"0"* AKA [2]
+"1"* SIM [2]
+"2"* AKA [2]
+"3"* SIM [2]
+"4"* AKA [2]
+"5"* SIM [2]
+"6"* AKA' [2]
+"7"* AKA' [2]
+"8"* AKA' [2]
+
+"pap user" TTLS-PAP "password" [2]
+"chap user" TTLS-CHAP "password" [2]
+"mschap user" TTLS-MSCHAP "password" [2]
+"DOMAIN\mschapv2 user" TTLS-MSCHAPV2 hash:8846f7eaee8fb117ad06bdd830b7586c [2]
+
+"user" MSCHAPV2,MD5,GTC "password" [2]
--- /dev/null
+# Parameters for Milenage (Example algorithms for AKA).
+# The example Ki, OPc, and AMF values here are from 3GPP TS 35.208 v6.0.0
+# 4.3.20 Test Set 20. SQN is the last used SQN value.
+# These values can be used for both UMTS (EAP-AKA) and GSM (EAP-SIM)
+# authentication. In case of GSM/EAP-SIM, AMF and SQN values are not used, but
+# dummy values will need to be included in this file.
+
+# IMSI Ki OPc AMF SQN
+232010000000000 90dca4eda45b53cf0f12d7c9c3bc6a89 cb9cccc4b9258e6dca4760379fb82581 61df 000000000000
+
+# These values are from Test Set 19 which has the AMF separation bit set to 1
+# and as such, is suitable for EAP-AKA' test.
+555444333222111 5122250214c33e723a5dd523fc145fc0 981d464c7c52eb6e5036234984ad0bcf c3ab 16f3b3f70fc1
--- /dev/null
+0.0.0.0/0 radius
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALqgd1UiFIVVZZtk
+LK3tm91lMcnaYFDOONY03Oi8G54w5xLjU2zJ7UgDeYFpmM6KuHdHNkXPxuDxex5x
+iVT3AcwiraBCsag1nmCqOphR0P8f7r6NCmP7ojkX8mRh9mUCMnl04Z/RiWVVqcMg
+nr9pVrP3Tz+pVMLajzyv8nVU+n6BAgMBAAECgYBH8LlvcM62QyAC0Y/DkBeINY0G
+wY5lN8mDESei83g196XriwPKqOA15Vj+QOVtoN3Q5PuP17NTXOLX7m5A+WKQVK/O
+Cl0uBCEqS9YvPN6Fp9va5VonhWxGpLdZcrxETTpxjHhVBGS9C8wBday65r2nDfo6
+uWlCebceUBuuSzwybQJBAOAwS7ZY8xY/bCNDzvfnNuPsPQDEQWVx6A9mv9BnepT/
+8bQcvfkUbXyWy5NsPN6yt/tqmjdbUEFAuNJlI23I2wsCQQDVG7poTL8KPa7UZge7
+W79FyyEoL5but1VPTAN6JJNTMpp9k2LBWFjUSmTiTkeccHfbvKxMjUuI7NQwya41
+hSQjAkApSRuYUBcsIK/kaqdhxeW44Zd2Xa4BZZGrzGtEkNnlOKElXympBhcHm6mP
+053+EQGKvl36FcnYynd+33s/y35zAkAZ5ZC1c/4TJIPGU8/EuNV5icGxvHa+85Bu
+XnJduWwdxBx5/hsWG8JPqeqwhYq2PASUs0zM0K7JKN5wP1HoNxG5AkEAlaumCfLv
+vA/b3HVZD/b0nxkl/F7g3nACPVJ48FU2BneB+bU75zqeI3B7xGd9CKamkuutH6or
+fe17ZI8ZeLCLqA==
+-----END PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 15624081837803162823 (0xd8d3e3a6cbe3ccc7)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=FI, O=w1.fi, CN=Root CA
+ Validity
+ Not Before: Sep 29 16:02:03 2013 GMT
+ Not After : Sep 29 16:02:03 2014 GMT
+ Subject: C=FI, O=w1.fi, CN=server.w1.fi
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:ba:a0:77:55:22:14:85:55:65:9b:64:2c:ad:ed:
+ 9b:dd:65:31:c9:da:60:50:ce:38:d6:34:dc:e8:bc:
+ 1b:9e:30:e7:12:e3:53:6c:c9:ed:48:03:79:81:69:
+ 98:ce:8a:b8:77:47:36:45:cf:c6:e0:f1:7b:1e:71:
+ 89:54:f7:01:cc:22:ad:a0:42:b1:a8:35:9e:60:aa:
+ 3a:98:51:d0:ff:1f:ee:be:8d:0a:63:fb:a2:39:17:
+ f2:64:61:f6:65:02:32:79:74:e1:9f:d1:89:65:55:
+ a9:c3:20:9e:bf:69:56:b3:f7:4f:3f:a9:54:c2:da:
+ 8f:3c:af:f2:75:54:fa:7e:81
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 31:4F:10:5C:67:9F:BE:4E:88:D6:DC:C5:AB:9E:12:88:86:69:02:4F
+ X509v3 Authority Key Identifier:
+ keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
+
+ Authority Information Access:
+ OCSP - URI:http://server.w1.fi:8888/
+
+ X509v3 Subject Alternative Name:
+ DNS:server.w1.fi
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ Signature Algorithm: sha1WithRSAEncryption
+ a9:b3:cc:e7:b7:5e:fa:88:46:c9:21:97:47:f5:18:9e:1d:5c:
+ 8f:d9:78:51:7f:d8:e8:9d:e4:b1:d0:74:68:67:d3:dc:84:56:
+ 21:7e:a3:ca:ba:97:e9:74:0a:b1:8f:e3:6a:7c:cc:f8:8c:cf:
+ 73:34:27:3f:f5:ac:e6:c4:13:86:b7:86:fb:d0:19:49:ff:55:
+ 28:8e:dc:56:a5:17:fa:8f:43:ef:72:d3:21:00:a2:92:74:b8:
+ b3:b8:38:4a:2a:01:98:5a:c7:a4:02:f2:43:af:e5:d9:52:3a:
+ fd:e1:24:ac:33:f4:99:e5:c0:1d:aa:29:b6:c4:a0:e9:6a:a6:
+ 99:0a
+-----BEGIN CERTIFICATE-----
+MIIClTCCAf6gAwIBAgIJANjT46bL48zHMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV
+BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xMzA5
+MjkxNjAyMDNaFw0xNDA5MjkxNjAyMDNaMDQxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
+DAV3MS5maTEVMBMGA1UEAwwMc2VydmVyLncxLmZpMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQC6oHdVIhSFVWWbZCyt7ZvdZTHJ2mBQzjjWNNzovBueMOcS41Ns
+ye1IA3mBaZjOirh3RzZFz8bg8XsecYlU9wHMIq2gQrGoNZ5gqjqYUdD/H+6+jQpj
++6I5F/JkYfZlAjJ5dOGf0YllVanDIJ6/aVaz908/qVTC2o88r/J1VPp+gQIDAQAB
+o4GzMIGwMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDFPEFxnn75OiNbcxaueEoiGaQJP
+MB8GA1UdIwQYMBaAFLiS3v2KGLMww59V8zNdtMgpikEUMDUGCCsGAQUFBwEBBCkw
+JzAlBggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzAXBgNVHREE
+EDAOggxzZXJ2ZXIudzEuZmkwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcN
+AQEFBQADgYEAqbPM57de+ohGySGXR/UYnh1cj9l4UX/Y6J3ksdB0aGfT3IRWIX6j
+yrqX6XQKsY/janzM+IzPczQnP/Ws5sQThreG+9AZSf9VKI7cVqUX+o9D73LTIQCi
+knS4s7g4SioBmFrHpALyQ6/l2VI6/eEkrDP0meXAHaoptsSg6WqmmQo=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALBoVlPcsi29gqk6
+U0WmBrfNjU9IM93x8gjxjrUAhpwTbc8TzXaoxWFL8WhD1M2MX1zhoTLhrbp1dSvC
+JRY7dPWX4BOGivgpadUvbQAkz9ZKQw0RJtkp1z8LW2eLKAI7mSzAJkut+b0QHivK
++h/s2Ld0+opxwQyUZaizXxPf2q0pAgMBAAECgYBgj2wZkWdSlDZOLWfhauSofXJJ
+IGuLpGDotlh4CSaljhkATYWc2vrXrDsi6GY2cQzOCY80C8YNlzeg0S99wOPelW/3
+VA9Frx4IBJRT5KLKELd7qHU8Bu/V8plDHcS84lw5JfrSrN/GAojSXmHCPYx7ZBfN
+h+jvTI8zDURRMyg81QJBAOZrm3YFtKqguuVACRKDIqYsDegn3SInq3Tv+iKDVS36
+JkTUk4Lk68ycJbvvlH7ak3rzAO3PLfP2aEbhOOtW+dcCQQDD/bkN9FAwHCsIxOSu
+eO1rfO+W1NWJIcWuY5Cyjgj3xriJqdG/NL0mxXKvlAN9BD/nbHuNP0hXEes/t0cU
+rLD/AkBagX3o18jlFIkUrxhhKx0bBEbaH35eghJ4tiIcGFYG3zDU7GKckWqFTfgM
+X8iGIzi2nGiLAEvefbTr0l9XISy1AkB+KXaVN/7iaU9+bpgyg595gMwN0OXAR6Aj
+2O3NMsctEJu76jgdmEpmidWAlowETtcAFwIVc3YSrnM76bP06BFrAkAJ7LK5Vn4H
+BWNwMHLUVaZoCbMXUwTfshlpnv1ctcOzUPExl/IlqbNl9cVeh/Ap2LQlSv2w5kPl
+htcvTkfc8Pr6
+-----END PRIVATE KEY-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 15624081837803162824 (0xd8d3e3a6cbe3ccc8)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=FI, O=w1.fi, CN=Root CA
+ Validity
+ Not Before: Sep 29 16:04:21 2013 GMT
+ Not After : Sep 29 16:04:21 2014 GMT
+ Subject: C=FI, O=w1.fi, CN=Test User
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:a6:96:2e:9b:22:8c:df:94:be:8b:89:49:f6:78:
+ 76:a2:60:7e:14:95:f3:96:fe:ab:19:25:03:34:64:
+ 74:01:3e:a8:9f:7c:f1:47:61:60:4c:82:92:28:7c:
+ 2b:a0:0e:cb:87:bf:59:eb:d7:f3:61:22:3b:14:f3:
+ ab:31:f6:5a:95:1f:b8:7a:b8:2c:3c:a9:61:53:78:
+ 9b:e8:3e:50:ec:c2:d6:44:e7:43:cd:bc:3e:4e:e7:
+ 46:fe:92:9e:c3:98:0f:29:58:c8:cb:89:01:75:47:
+ e9:95:57:0f:76:c5:2f:05:5e:c7:1e:0d:f2:3c:12:
+ 63:5d:b9:54:19:af:7f:40:6b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 81:DE:DF:E9:5A:00:1A:CA:67:D6:06:DD:65:B2:4E:C5:9A:04:43:7D
+ X509v3 Authority Key Identifier:
+ keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
+
+ Authority Information Access:
+ OCSP - URI:http://server.w1.fi:8888/
+
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ Signature Algorithm: sha1WithRSAEncryption
+ 6a:81:f0:61:9e:79:2f:39:cc:3a:e3:29:ed:51:35:59:64:c3:
+ 7d:f9:2d:27:83:20:eb:4a:fa:94:37:ee:9d:c2:69:47:ed:f5:
+ 91:95:e2:2a:75:f9:4c:99:5e:e0:b1:98:9b:af:fe:ba:1e:86:
+ 49:88:12:ac:26:30:81:bb:e7:61:6b:6f:b3:e3:13:06:27:35:
+ 3b:15:7a:cb:f5:83:53:cc:7f:83:ae:36:18:f2:1f:b7:b8:f4:
+ 16:e3:4c:e5:43:84:ee:b8:e5:47:02:60:37:1f:a3:41:74:8f:
+ db:0f:f8:d7:87:fa:24:65:ca:1a:54:9a:a7:d4:5c:79:7b:70:
+ de:52
+-----BEGIN CERTIFICATE-----
+MIICeTCCAeKgAwIBAgIJANjT46bL48zIMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV
+BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xMzA5
+MjkxNjA0MjFaFw0xNDA5MjkxNjA0MjFaMDExCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
+DAV3MS5maTESMBAGA1UEAwwJVGVzdCBVc2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQCmli6bIozflL6LiUn2eHaiYH4UlfOW/qsZJQM0ZHQBPqiffPFHYWBM
+gpIofCugDsuHv1nr1/NhIjsU86sx9lqVH7h6uCw8qWFTeJvoPlDswtZE50PNvD5O
+50b+kp7DmA8pWMjLiQF1R+mVVw92xS8FXsceDfI8EmNduVQZr39AawIDAQABo4Ga
+MIGXMAkGA1UdEwQCMAAwHQYDVR0OBBYEFIHe3+laABrKZ9YG3WWyTsWaBEN9MB8G
+A1UdIwQYMBaAFLiS3v2KGLMww59V8zNdtMgpikEUMDUGCCsGAQUFBwEBBCkwJzAl
+BggrBgEFBQcwAYYZaHR0cDovL3NlcnZlci53MS5maTo4ODg4LzATBgNVHSUEDDAK
+BggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOBgQBqgfBhnnkvOcw64yntUTVZZMN9
++S0ngyDrSvqUN+6dwmlH7fWRleIqdflMmV7gsZibr/66HoZJiBKsJjCBu+dha2+z
+4xMGJzU7FXrL9YNTzH+DrjYY8h+3uPQW40zlQ4TuuOVHAmA3H6NBdI/bD/jXh/ok
+ZcoaVJqn1Fx5e3DeUg==
+-----END CERTIFICATE-----
WPACLI=$DIR/../../wpa_supplicant/wpa_cli
HAPD=$DIR/../../hostapd/hostapd
WLANTEST=$DIR/../../wlantest/wlantest
+HLR_AUC_GW=$DIR/../../hostapd/hlr_auc_gw
if groups | tr ' ' "\n" | grep -q ^admin$; then
GROUP=admin
sudo chown $USER $DIR/logs/$DATE-*valgrind*
fi
+if [ -x $HLR_AUC_GW ]; then
+ $HLR_AUC_GW -m $DIR/auth_serv/hlr_auc_gw.milenage_db > $DIR/logs/$DATE-hlr_auc_gw &
+fi
+
+$HAPD -ddKt $DIR/auth_serv/as.conf > $DIR/logs/$DATE-auth_serv &
+
# wait for programs to be fully initialized
for i in 0 1 2; do
for j in `seq 1 10`; do
sudo ifconfig hwsim0 down
fi
+killall -q hlr_auc_gw
+
if [ "$RUNNING" = "yes" ]; then
# give some time for hostapd and wpa_supplicant to complete deinit
sleep 0.5
projects / mech_eap.git / commitdiff