Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / e2a4742ed7517fdb1bc608c25b464bccb1d20059 / . / src / test / utils / EapTLS.py
blob: f3cb66b007d52b76b8b1640b5b61aaddad0497f8 [file] [log] [blame]
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]1import sys, os
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]2from EapolAAA import *
3from enum import *
4import noseTlsAuthHolder as tlsAuthHolder
5from scapy_ssl_tls.ssl_tls import *
6from socket import *
7from struct import *
8import scapy
9from nose.tools import *
10from CordTestBase import CordTester
Chetan Gaonker4a25e2b2016-03-04 14:45:15 -0800[diff] [blame]11import re
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]12log.setLevel('INFO')
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]13class TLSAuthTest(EapolPacket, CordTester):
14
15 tlsStateTable = Enumeration("TLSStateTable", ("ST_EAP_SETUP",
16 "ST_EAP_START",
17 "ST_EAP_ID_REQ",
18 "ST_EAP_TLS_HELLO_REQ",
19 "ST_EAP_TLS_CERT_REQ",
Chetan Gaonkerf8f77182016-03-11 15:34:57 -0800[diff] [blame]20 "ST_EAP_TLS_CHANGE_CIPHER_SPEC",
21 "ST_EAP_TLS_FINISHED",
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]22 "ST_EAP_TLS_DONE"
23 )
24 )
25 tlsEventTable = Enumeration("TLSEventTable", ("EVT_EAP_SETUP",
26 "EVT_EAP_START",
27 "EVT_EAP_ID_REQ",
28 "EVT_EAP_TLS_HELLO_REQ",
29 "EVT_EAP_TLS_CERT_REQ",
Chetan Gaonkerf8f77182016-03-11 15:34:57 -0800[diff] [blame]30 "EVT_EAP_TLS_CHANGE_CIPHER_SPEC",
31 "EVT_EAP_TLS_FINISHED",
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]32 "EVT_EAP_TLS_DONE"
33 )
34 )
35 def __init__(self, intf = 'veth0'):
36 self.fsmTable = tlsAuthHolder.initTlsAuthHolderFsmTable(self, self.tlsStateTable, self.tlsEventTable)
37 EapolPacket.__init__(self, intf)
38 CordTester.__init__(self, self.fsmTable, self.tlsStateTable.ST_EAP_TLS_DONE)
39 #self.tlsStateTable, self.tlsEventTable)
40 self.currentState = self.tlsStateTable.ST_EAP_SETUP
41 self.currentEvent = self.tlsEventTable.EVT_EAP_SETUP
42 self.nextState = None
43 self.nextEvent = None
44
45 def _eapSetup(self):
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]46 self.setup()
47 self.nextEvent = self.tlsEventTable.EVT_EAP_START
48
49 def _eapStart(self):
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]50 self.eapol_start()
51 self.nextEvent = self.tlsEventTable.EVT_EAP_ID_REQ
52
53 def _eapIdReq(self):
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]54 log.info( 'Inside EAP ID Req' )
55 def eapol_cb(pkt):
56 log.info('Got EAPOL packet with type id and code request')
57 log.info('Packet code: %d, type: %d, id: %d', pkt[EAP].code, pkt[EAP].type, pkt[EAP].id)
58 log.info("<====== Send EAP Response with identity = %s ================>" % USER)
59 self.eapol_id_req(pkt[EAP].id, USER)
60
61 self.eapol_scapy_recv(cb = eapol_cb,
62 lfilter = lambda pkt: pkt[EAP].type == EAP.TYPE_ID and pkt[EAP].code == EAP.REQUEST)
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]63 self.nextEvent = self.tlsEventTable.EVT_EAP_TLS_HELLO_REQ
64
65 def _eapTlsHelloReq(self):
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]66
67 def eapol_cb(pkt):
68 log.info('Got hello request for id %d', pkt[EAP].id)
69 reqdata = TLSRecord(version="TLS_1_0")/TLSHandshake()/TLSClientHello(version="TLS_1_0",
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]70 gmt_unix_time=1234,
71 random_bytes="A" * 28,
72 session_id='',
73 compression_methods=(TLSCompressionMethod.NULL),
74 cipher_suites=[TLSCipherSuite.RSA_WITH_AES_128_CBC_SHA]
75 )
76
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]77 #reqdata.show()
78 log.debug("Sending Client Hello TLS payload of len %d, id %d" %(len(reqdata),pkt[EAP].id))
79 eap_payload = self.eapTLS(EAP_RESPONSE, pkt[EAP].id, TLS_LENGTH_INCLUDED, str(reqdata))
80 self.eapol_send(EAPOL_EAPPACKET, eap_payload)
81
82 self.eapol_scapy_recv(cb = eapol_cb,
83 lfilter = lambda pkt: pkt[EAP].type == EAP_TYPE_TLS and pkt[EAP].code == EAP.REQUEST)
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]84 self.nextEvent = self.tlsEventTable.EVT_EAP_TLS_CERT_REQ
85
86 def _eapTlsCertReq(self):
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]87
88 def eapol_cb(pkt):
89 log.info('Got cert request')
90 rex_pem = re.compile(r'\-+BEGIN[^\-]+\-+(.*?)\-+END[^\-]+\-+', re.DOTALL)
91 self.pem_cert = """-----BEGIN CERTIFICATE-----
Chetan Gaonkerf8f77182016-03-11 15:34:57 -0800[diff] [blame]92MIIDvTCCAqWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBizELMAkGA1UEBhMCVVMx
93CzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTb21ld2hlcmUxEzARBgNVBAoTCkNpZW5h
94IEluYy4xHjAcBgkqhkiG9w0BCQEWD2FkbWluQGNpZW5hLmNvbTEmMCQGA1UEAxMd
95RXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTYwMzExMTg1MzM2WhcN
96MTcwMzA2MTg1MzM2WjBnMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNV
97BAoTCkNpZW5hIEluYy4xFzAVBgNVBAMUDnVzZXJAY2llbmEuY29tMR0wGwYJKoZI
98hvcNAQkBFg51c2VyQGNpZW5hLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
99AQoCggEBAOxemcBsPn9tZsCa5o2JA6sQDC7A6JgCNXXl2VFzKLNNvB9PS6D7ZBsQ
1005An0zEDMNzi51q7lnrYg1XyiE4S8FzMGAFr94RlGMQJUbRD9V/oqszMX4k++iAOK
101tIA1gr3x7Zi+0tkjVSVzXTmgNnhChAamdMsjYUG5+CY9WAicXyy+VEV3zTphZZDR
102OjcjEp4m/TSXVPYPgYDXI40YZKX5BdvqykWtT/tIgZb48RS1NPyN/XkCYzl3bv21
103qx7Mc0fcEbsJBIIRYTUkfxnsilcnmLxSYO+p+DZ9uBLBzcQt+4Rd5pLSfi21WM39
1042Z2oOi3vs/OYAPAqgmi2JWOv3mePa/8CAwEAAaNPME0wEwYDVR0lBAwwCgYIKwYB
105BQUHAwIwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL3d3dy5leGFtcGxlLmNvbS9l
106eGFtcGxlX2NhLmNybDANBgkqhkiG9w0BAQUFAAOCAQEALBzMPDTIB6sLyPl0T6JV
107MjOkyldAVhXWiQsTjaGQGJUUe1cmUJyZbUZEc13MygXMPOM4x7z6VpXGuq1c/Vxn
108VzQ2fNnbJcIAHi/7G8W5/SQfPesIVDsHTEc4ZspPi5jlS/MVX3HOC+BDbOjdbwqP
109RX0JEr+uOyhjO+lRxG8ilMRACoBUbw1eDuVDoEBgErSUC44pq5ioDw2xelc+Y6hQ
110dmtYwfY0DbvwxHtA495frLyPcastDiT/zre7NL51MyUDPjjYjghNQEwvu66IKbQ3
111T1tJBrgI7/WI+dqhKBFolKGKTDWIHsZXQvZ1snGu/FRYzg1l+R/jT8cRB9BDwhUt
112yg==
Chetan Gaonker4a25e2b2016-03-04 14:45:15 -0800[diff] [blame]113-----END CERTIFICATE-----"""
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]114 self.der_cert = rex_pem.findall(self.pem_cert)[0].decode("base64")
115 reqdata = TLSRecord(version="TLS_1_0")/TLSHandshake()/TLSCertificateList(
116 certificates=[TLSCertificate(data=x509.X509Cert(self.der_cert))])
117 #reqdata.show()
118 log.info("------> Sending Client Hello TLS Certificate payload of len %d ----------->" %len(reqdata))
119 eap_payload = self.eapTLS(EAP_RESPONSE, pkt[EAP].id, TLS_LENGTH_INCLUDED, str(reqdata))
120 self.eapol_send(EAPOL_EAPPACKET, eap_payload)
121
122 self.eapol_scapy_recv(cb = eapol_cb,
123 lfilter = lambda pkt: pkt[EAP].type == EAP_TYPE_TLS and pkt[EAP].code == EAP.REQUEST)
Chetan Gaonkerf8f77182016-03-11 15:34:57 -0800[diff] [blame]124 self.nextEvent = self.tlsEventTable.EVT_EAP_TLS_CHANGE_CIPHER_SPEC
125
126 def _eapTlsChangeCipherSpec(self):
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]127 def eapol_cb(pkt):
128 log.info('Got change cipher request')
129 reqdata = TLSFinished(data="")
130 eap_payload = self.eapTLS(EAP_RESPONSE, pkt[EAP].id, TLS_LENGTH_INCLUDED, str(reqdata))
131 self.eapol_send(EAPOL_EAPPACKET, eap_payload)
132
133 self.eapol_scapy_recv(cb = eapol_cb,
134 lfilter = lambda pkt: pkt[EAP].type == EAP_TYPE_TLS and pkt[EAP].code == EAP.REQUEST)
Chetan Gaonkerf8f77182016-03-11 15:34:57 -0800[diff] [blame]135 self.nextEvent = self.tlsEventTable.EVT_EAP_TLS_FINISHED
136
137 def _eapTlsFinished(self):
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]138 def eapol_cb(pkt):
139 log.info('Got tls finished request')
140
141 self.eapol_scapy_recv(cb = eapol_cb,
142 lfilter = lambda pkt: pkt[EAP].type == EAP_TYPE_TLS and pkt[EAP].code == EAP.REQUEST)
Chetan Gaonkerf8f77182016-03-11 15:34:57 -0800[diff] [blame]143 #We stop here as certification validation success implies auth success
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]144 self.nextEvent = None