Gitiles
Code Review Sign In
gerrit.lfbroadband.org / cord-tester / cb122ccd51ed370864270fcdb01c054421f0c2d3 / . / src / test / utils / EapTLS.py
blob: f336b92f09aa9d06b6bd704f0129bde0efe6316e [file] [log] [blame]
Chetan Gaonkercb122cc2016-05-10 10:58:34 -0700[diff] [blame^]1#!/usr/bin/env python
Chetan Gaonkercfcce782016-05-10 10:10:42 -0700[diff] [blame]2#
3# Copyright 2016-present Ciena Corporation
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16#
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]17import sys, os
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]18from EapolAAA import *
19from enum import *
20import noseTlsAuthHolder as tlsAuthHolder
21from scapy_ssl_tls.ssl_tls import *
22from socket import *
23from struct import *
24import scapy
25from nose.tools import *
26from CordTestBase import CordTester
Chetan Gaonker4a25e2b2016-03-04 14:45:15 -0800[diff] [blame]27import re
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]28log.setLevel('INFO')
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]29class TLSAuthTest(EapolPacket, CordTester):
30
31 tlsStateTable = Enumeration("TLSStateTable", ("ST_EAP_SETUP",
32 "ST_EAP_START",
33 "ST_EAP_ID_REQ",
34 "ST_EAP_TLS_HELLO_REQ",
35 "ST_EAP_TLS_CERT_REQ",
Chetan Gaonkerf8f77182016-03-11 15:34:57 -0800[diff] [blame]36 "ST_EAP_TLS_CHANGE_CIPHER_SPEC",
37 "ST_EAP_TLS_FINISHED",
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]38 "ST_EAP_TLS_DONE"
39 )
40 )
41 tlsEventTable = Enumeration("TLSEventTable", ("EVT_EAP_SETUP",
42 "EVT_EAP_START",
43 "EVT_EAP_ID_REQ",
44 "EVT_EAP_TLS_HELLO_REQ",
45 "EVT_EAP_TLS_CERT_REQ",
Chetan Gaonkerf8f77182016-03-11 15:34:57 -0800[diff] [blame]46 "EVT_EAP_TLS_CHANGE_CIPHER_SPEC",
47 "EVT_EAP_TLS_FINISHED",
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]48 "EVT_EAP_TLS_DONE"
49 )
50 )
51 def __init__(self, intf = 'veth0'):
52 self.fsmTable = tlsAuthHolder.initTlsAuthHolderFsmTable(self, self.tlsStateTable, self.tlsEventTable)
53 EapolPacket.__init__(self, intf)
54 CordTester.__init__(self, self.fsmTable, self.tlsStateTable.ST_EAP_TLS_DONE)
55 #self.tlsStateTable, self.tlsEventTable)
56 self.currentState = self.tlsStateTable.ST_EAP_SETUP
57 self.currentEvent = self.tlsEventTable.EVT_EAP_SETUP
58 self.nextState = None
59 self.nextEvent = None
60
61 def _eapSetup(self):
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]62 self.setup()
63 self.nextEvent = self.tlsEventTable.EVT_EAP_START
64
65 def _eapStart(self):
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]66 self.eapol_start()
67 self.nextEvent = self.tlsEventTable.EVT_EAP_ID_REQ
68
69 def _eapIdReq(self):
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]70 log.info( 'Inside EAP ID Req' )
71 def eapol_cb(pkt):
72 log.info('Got EAPOL packet with type id and code request')
73 log.info('Packet code: %d, type: %d, id: %d', pkt[EAP].code, pkt[EAP].type, pkt[EAP].id)
74 log.info("<====== Send EAP Response with identity = %s ================>" % USER)
75 self.eapol_id_req(pkt[EAP].id, USER)
76
77 self.eapol_scapy_recv(cb = eapol_cb,
78 lfilter = lambda pkt: pkt[EAP].type == EAP.TYPE_ID and pkt[EAP].code == EAP.REQUEST)
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]79 self.nextEvent = self.tlsEventTable.EVT_EAP_TLS_HELLO_REQ
80
81 def _eapTlsHelloReq(self):
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]82
83 def eapol_cb(pkt):
84 log.info('Got hello request for id %d', pkt[EAP].id)
85 reqdata = TLSRecord(version="TLS_1_0")/TLSHandshake()/TLSClientHello(version="TLS_1_0",
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]86 gmt_unix_time=1234,
87 random_bytes="A" * 28,
88 session_id='',
89 compression_methods=(TLSCompressionMethod.NULL),
90 cipher_suites=[TLSCipherSuite.RSA_WITH_AES_128_CBC_SHA]
91 )
92
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]93 #reqdata.show()
94 log.debug("Sending Client Hello TLS payload of len %d, id %d" %(len(reqdata),pkt[EAP].id))
95 eap_payload = self.eapTLS(EAP_RESPONSE, pkt[EAP].id, TLS_LENGTH_INCLUDED, str(reqdata))
96 self.eapol_send(EAPOL_EAPPACKET, eap_payload)
97
98 self.eapol_scapy_recv(cb = eapol_cb,
99 lfilter = lambda pkt: pkt[EAP].type == EAP_TYPE_TLS and pkt[EAP].code == EAP.REQUEST)
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]100 self.nextEvent = self.tlsEventTable.EVT_EAP_TLS_CERT_REQ
101
102 def _eapTlsCertReq(self):
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]103
104 def eapol_cb(pkt):
105 log.info('Got cert request')
106 rex_pem = re.compile(r'\-+BEGIN[^\-]+\-+(.*?)\-+END[^\-]+\-+', re.DOTALL)
107 self.pem_cert = """-----BEGIN CERTIFICATE-----
Chetan Gaonkerf8f77182016-03-11 15:34:57 -0800[diff] [blame]108MIIDvTCCAqWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBizELMAkGA1UEBhMCVVMx
109CzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTb21ld2hlcmUxEzARBgNVBAoTCkNpZW5h
110IEluYy4xHjAcBgkqhkiG9w0BCQEWD2FkbWluQGNpZW5hLmNvbTEmMCQGA1UEAxMd
111RXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTYwMzExMTg1MzM2WhcN
112MTcwMzA2MTg1MzM2WjBnMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNV
113BAoTCkNpZW5hIEluYy4xFzAVBgNVBAMUDnVzZXJAY2llbmEuY29tMR0wGwYJKoZI
114hvcNAQkBFg51c2VyQGNpZW5hLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
115AQoCggEBAOxemcBsPn9tZsCa5o2JA6sQDC7A6JgCNXXl2VFzKLNNvB9PS6D7ZBsQ
1165An0zEDMNzi51q7lnrYg1XyiE4S8FzMGAFr94RlGMQJUbRD9V/oqszMX4k++iAOK
117tIA1gr3x7Zi+0tkjVSVzXTmgNnhChAamdMsjYUG5+CY9WAicXyy+VEV3zTphZZDR
118OjcjEp4m/TSXVPYPgYDXI40YZKX5BdvqykWtT/tIgZb48RS1NPyN/XkCYzl3bv21
119qx7Mc0fcEbsJBIIRYTUkfxnsilcnmLxSYO+p+DZ9uBLBzcQt+4Rd5pLSfi21WM39
1202Z2oOi3vs/OYAPAqgmi2JWOv3mePa/8CAwEAAaNPME0wEwYDVR0lBAwwCgYIKwYB
121BQUHAwIwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL3d3dy5leGFtcGxlLmNvbS9l
122eGFtcGxlX2NhLmNybDANBgkqhkiG9w0BAQUFAAOCAQEALBzMPDTIB6sLyPl0T6JV
123MjOkyldAVhXWiQsTjaGQGJUUe1cmUJyZbUZEc13MygXMPOM4x7z6VpXGuq1c/Vxn
124VzQ2fNnbJcIAHi/7G8W5/SQfPesIVDsHTEc4ZspPi5jlS/MVX3HOC+BDbOjdbwqP
125RX0JEr+uOyhjO+lRxG8ilMRACoBUbw1eDuVDoEBgErSUC44pq5ioDw2xelc+Y6hQ
126dmtYwfY0DbvwxHtA495frLyPcastDiT/zre7NL51MyUDPjjYjghNQEwvu66IKbQ3
127T1tJBrgI7/WI+dqhKBFolKGKTDWIHsZXQvZ1snGu/FRYzg1l+R/jT8cRB9BDwhUt
128yg==
Chetan Gaonker4a25e2b2016-03-04 14:45:15 -0800[diff] [blame]129-----END CERTIFICATE-----"""
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]130 self.der_cert = rex_pem.findall(self.pem_cert)[0].decode("base64")
131 reqdata = TLSRecord(version="TLS_1_0")/TLSHandshake()/TLSCertificateList(
132 certificates=[TLSCertificate(data=x509.X509Cert(self.der_cert))])
133 #reqdata.show()
134 log.info("------> Sending Client Hello TLS Certificate payload of len %d ----------->" %len(reqdata))
135 eap_payload = self.eapTLS(EAP_RESPONSE, pkt[EAP].id, TLS_LENGTH_INCLUDED, str(reqdata))
136 self.eapol_send(EAPOL_EAPPACKET, eap_payload)
137
138 self.eapol_scapy_recv(cb = eapol_cb,
139 lfilter = lambda pkt: pkt[EAP].type == EAP_TYPE_TLS and pkt[EAP].code == EAP.REQUEST)
Chetan Gaonkerf8f77182016-03-11 15:34:57 -0800[diff] [blame]140 self.nextEvent = self.tlsEventTable.EVT_EAP_TLS_CHANGE_CIPHER_SPEC
141
142 def _eapTlsChangeCipherSpec(self):
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]143 def eapol_cb(pkt):
144 log.info('Got change cipher request')
145 reqdata = TLSFinished(data="")
146 eap_payload = self.eapTLS(EAP_RESPONSE, pkt[EAP].id, TLS_LENGTH_INCLUDED, str(reqdata))
147 self.eapol_send(EAPOL_EAPPACKET, eap_payload)
148
149 self.eapol_scapy_recv(cb = eapol_cb,
150 lfilter = lambda pkt: pkt[EAP].type == EAP_TYPE_TLS and pkt[EAP].code == EAP.REQUEST)
Chetan Gaonkerf8f77182016-03-11 15:34:57 -0800[diff] [blame]151 self.nextEvent = self.tlsEventTable.EVT_EAP_TLS_FINISHED
152
153 def _eapTlsFinished(self):
Chetan Gaonker5b366302016-03-21 16:18:21 -0700[diff] [blame]154 def eapol_cb(pkt):
155 log.info('Got tls finished request')
156
157 self.eapol_scapy_recv(cb = eapol_cb,
158 lfilter = lambda pkt: pkt[EAP].type == EAP_TYPE_TLS and pkt[EAP].code == EAP.REQUEST)
Chetan Gaonkerf8f77182016-03-11 15:34:57 -0800[diff] [blame]159 #We stop here as certification validation success implies auth success
A R Karthicka2e53d62016-02-19 17:38:30 -0800[diff] [blame]160 self.nextEvent = None