diff options
Diffstat (limited to 'smoketest/scripts/cli/test_interfaces_wireguard.py')
| -rwxr-xr-x | smoketest/scripts/cli/test_interfaces_wireguard.py | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_wireguard.py b/smoketest/scripts/cli/test_interfaces_wireguard.py index 5562a697d..222a659aa 100755 --- a/smoketest/scripts/cli/test_interfaces_wireguard.py +++ b/smoketest/scripts/cli/test_interfaces_wireguard.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020-2021 VyOS maintainers and contributors +# Copyright (C) 2020-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -91,5 +91,39 @@ class WireGuardInterfaceTest(VyOSUnitTestSHIM.TestCase): self.cli_delete(base_path + [interface, 'peer', 'PEER01']) self.cli_commit() + def test_wireguard_same_public_key(self): + # T5413: Test prevention of using peer own public key. + interface = 'wg0' + port = '12345' + pubkey_ok = 'ebFx/1G0ti8tvuZd94sEIosAZZIznX+dBAKG/8DFm0I=' + + public_key_path = f'/config/auth/wireguard/default/public.key' + with open(public_key_path, 'r') as file: + pubkey_fail = file.read().rstrip() + + self.cli_set(base_path + [interface, 'address', '172.16.0.1/24']) + self.cli_set(base_path + [interface, 'private-key', 'default']) + + self.cli_set( + base_path + [interface, 'peer', 'PEER01', 'pubkey', pubkey_fail]) + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'port', port]) + self.cli_set(base_path + [interface, 'peer', 'PEER01', 'allowed-ips', + '10.205.212.10/32']) + self.cli_set( + base_path + [interface, 'peer', 'PEER01', 'address', '192.0.2.1']) + + # The same pubkey as the interface wg0 + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + self.cli_set( + base_path + [interface, 'peer', 'PEER01', 'pubkey', pubkey_ok]) + + # Commit peers + self.cli_commit() + + self.assertTrue(os.path.isdir(f'/sys/class/net/{interface}')) + + if __name__ == '__main__': unittest.main(verbosity=2) |