From 002b49ed074e06ffdb6c7800e4976996ef069d67 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Tue, 3 Oct 2017 18:16:51 +0300
Subject: [PATCH] tests: sigma_dut Suite B station with RSA certificate

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
 tests/hwsim/test_sigma_dut.py | 43 +++++++++++++++++++++++++++++++++--
 1 file changed, 41 insertions(+), 2 deletions(-)

diff --git a/tests/hwsim/test_sigma_dut.py b/tests/hwsim/test_sigma_dut.py
index 288004d46..063e9313d 100644
--- a/tests/hwsim/test_sigma_dut.py
+++ b/tests/hwsim/test_sigma_dut.py
@@ -14,7 +14,7 @@ import time
 import hostapd
 from utils import HwsimSkip
 from hwsim import HWSimRadio
-from test_suite_b import check_suite_b_192_capa, suite_b_as_params
+from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
 
 def check_sigma_dut():
     if not os.path.exists("./sigma_dut"):
@@ -374,7 +374,7 @@ def test_sigma_dut_suite_b(dev, apdev, params):
 
     sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
     sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
-    sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,PMF,Required,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem" % (ifname, "test-suite-b"))
+    sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,PMF,Required,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname, "test-suite-b"))
     sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
     sigma_dut_wait_connected(ifname)
     sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
@@ -383,6 +383,45 @@ def test_sigma_dut_suite_b(dev, apdev, params):
 
     stop_sigma_dut(sigma)
 
+def test_sigma_dut_suite_b_rsa(dev, apdev, params):
+    """sigma_dut controlled STA Suite B (RSA)"""
+    check_suite_b_192_capa(dev)
+    logdir = params['logdir']
+
+    with open("auth_serv/rsa3072-ca.pem", "r") as f:
+        with open(os.path.join(logdir, "suite_b_ca_rsa.pem"), "w") as f2:
+            f2.write(f.read())
+
+    with open("auth_serv/rsa3072-user.pem", "r") as f:
+        with open("auth_serv/rsa3072-user.key", "r") as f2:
+            with open(os.path.join(logdir, "suite_b_rsa.pem"), "w") as f3:
+                f3.write(f.read())
+                f3.write(f2.read())
+
+    dev[0].flush_scan_cache()
+    params = suite_b_192_rsa_ap_params()
+    hapd = hostapd.add_ap(apdev[0], params)
+
+    ifname = dev[0].ifname
+    sigma = start_sigma_dut(ifname, cert_path=logdir)
+
+    cmd = "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,PMF,Required,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname, "test-suite-b")
+
+    tests = [ "",
+              ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+              ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" ]
+    for extra in tests:
+        sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
+        sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
+        sigma_dut_cmd_check(cmd + extra)
+        sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
+        sigma_dut_wait_connected(ifname)
+        sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
+        sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
+        sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
+
+    stop_sigma_dut(sigma)
+
 def test_sigma_dut_ap_suite_b(dev, apdev, params):
     """sigma_dut controlled AP Suite B"""
     check_suite_b_192_capa(dev)