import hostapd
from utils import HwsimSkip
from hwsim import HWSimRadio
+from test_suite_b import check_suite_b_192_capa, suite_b_as_params
def check_sigma_dut():
if not os.path.exists("./sigma_dut"):
raise Exception("sigma_dut command failed: " + cmd)
return res
-def start_sigma_dut(ifname, debug=False):
+def start_sigma_dut(ifname, debug=False, hostapd_logdir=None, cert_path=None):
check_sigma_dut()
cmd = [ './sigma_dut',
'-M', ifname,
'-j', ifname ]
if debug:
cmd += [ '-d' ]
+ if hostapd_logdir:
+ cmd += [ '-H', hostapd_logdir ]
+ if cert_path:
+ cmd += [ '-C', cert_path ]
sigma = subprocess.Popen(cmd, stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
for i in range(20):
finally:
stop_sigma_dut(sigma)
+def test_sigma_dut_suite_b(dev, apdev, params):
+ """sigma_dut controlled STA Suite B"""
+ check_suite_b_192_capa(dev)
+ logdir = params['logdir']
+
+ with open("auth_serv/ec2-ca.pem", "r") as f:
+ with open(os.path.join(logdir, "suite_b_ca.pem"), "w") as f2:
+ f2.write(f.read())
+
+ with open("auth_serv/ec2-user.pem", "r") as f:
+ with open("auth_serv/ec2-user.key", "r") as f2:
+ with open(os.path.join(logdir, "suite_b.pem"), "w") as f3:
+ f3.write(f.read())
+ f3.write(f2.read())
+
+ dev[0].flush_scan_cache()
+ params = suite_b_as_params()
+ params['ca_cert'] = 'auth_serv/ec2-ca.pem'
+ params['server_cert'] = 'auth_serv/ec2-server.pem'
+ params['private_key'] = 'auth_serv/ec2-server.key'
+ params['openssl_ciphers'] = 'SUITEB192'
+ hostapd.add_ap(apdev[1], params)
+
+ params = { "ssid": "test-suite-b",
+ "wpa": "2",
+ "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
+ "rsn_pairwise": "GCMP-256",
+ "group_mgmt_cipher": "BIP-GMAC-256",
+ "ieee80211w": "2",
+ "ieee8021x": "1",
+ 'auth_server_addr': "127.0.0.1",
+ 'auth_server_port': "18129",
+ 'auth_server_shared_secret': "radius",
+ 'nas_identifier': "nas.w1.fi" }
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ ifname = dev[0].ifname
+ sigma = start_sigma_dut(ifname, cert_path=logdir)
+
+ sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
+ sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
+ sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,PMF,Required,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem" % (ifname, "test-suite-b"))
+ sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
+ sigma_dut_wait_connected(ifname)
+ sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
+ sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
+ sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
+
+ stop_sigma_dut(sigma)
+
+def test_sigma_dut_ap_suite_b(dev, apdev, params):
+ """sigma_dut controlled AP Suite B"""
+ check_suite_b_192_capa(dev)
+ logdir = os.path.join(params['logdir'],
+ "sigma_dut_ap_suite_b.sigma-hostapd")
+ params = suite_b_as_params()
+ params['ca_cert'] = 'auth_serv/ec2-ca.pem'
+ params['server_cert'] = 'auth_serv/ec2-server.pem'
+ params['private_key'] = 'auth_serv/ec2-server.key'
+ params['openssl_ciphers'] = 'SUITEB192'
+ hostapd.add_ap(apdev[1], params)
+ with HWSimRadio() as (radio, iface):
+ sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
+ try:
+ sigma_dut_cmd_check("ap_reset_default")
+ sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
+ sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
+ sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required")
+ sigma_dut_cmd_check("ap_config_commit,NAME,AP")
+
+ dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
+ ieee80211w="2",
+ openssl_ciphers="SUITEB192",
+ eap="TLS", identity="tls user",
+ ca_cert="auth_serv/ec2-ca.pem",
+ client_cert="auth_serv/ec2-user.pem",
+ private_key="auth_serv/ec2-user.key",
+ pairwise="GCMP-256", group="GCMP-256",
+ scan_freq="2412")
+
+ sigma_dut_cmd_check("ap_reset_default")
+ finally:
+ stop_sigma_dut(sigma)
+
+def test_sigma_dut_ap_cipher_gcmp_128(dev, apdev, params):
+ """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
+ run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-128", "BIP-GMAC-128",
+ "GCMP")
+
+def test_sigma_dut_ap_cipher_gcmp_256(dev, apdev, params):
+ """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
+ run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
+ "GCMP-256")
+
+def test_sigma_dut_ap_cipher_ccmp_128(dev, apdev, params):
+ """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
+ run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128", "BIP-CMAC-128",
+ "CCMP")
+
+def test_sigma_dut_ap_cipher_ccmp_256(dev, apdev, params):
+ """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
+ run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-256", "BIP-CMAC-256",
+ "CCMP-256")
+
+def run_sigma_dut_ap_cipher(dev, apdev, params, ap_pairwise, ap_group_mgmt,
+ sta_cipher):
+ check_suite_b_192_capa(dev)
+ logdir = os.path.join(params['logdir'],
+ "sigma_dut_ap_cipher.sigma-hostapd")
+ params = suite_b_as_params()
+ params['ca_cert'] = 'auth_serv/ec2-ca.pem'
+ params['server_cert'] = 'auth_serv/ec2-server.pem'
+ params['private_key'] = 'auth_serv/ec2-server.key'
+ params['openssl_ciphers'] = 'SUITEB192'
+ hostapd.add_ap(apdev[1], params)
+ with HWSimRadio() as (radio, iface):
+ sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
+ try:
+ sigma_dut_cmd_check("ap_reset_default")
+ sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
+ sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
+ sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise, ap_group_mgmt))
+ sigma_dut_cmd_check("ap_config_commit,NAME,AP")
+
+ dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
+ ieee80211w="2",
+ openssl_ciphers="SUITEB192",
+ eap="TLS", identity="tls user",
+ ca_cert="auth_serv/ec2-ca.pem",
+ client_cert="auth_serv/ec2-user.pem",
+ private_key="auth_serv/ec2-user.key",
+ pairwise=sta_cipher, group=sta_cipher,
+ scan_freq="2412")
+
+ sigma_dut_cmd_check("ap_reset_default")
+ finally:
+ stop_sigma_dut(sigma)
+
def test_sigma_dut_ap_override_rsne(dev, apdev):
"""sigma_dut controlled AP overriding RSNE"""
with HWSimRadio() as (radio, iface):
projects / thirdparty / hostap.git / commitdiff
