Suite B: Add ap_set_security and sta_set_security support
This adds initial support for Suite B testing into sigma_dut.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
diff --git a/sta.c b/sta.c
index 92475aa..c6d6935 100644
--- a/sta.c
+++ b/sta.c
@@ -1308,6 +1308,7 @@
{
const char *val;
int id;
+ int cipher_set = 0;
id = add_network_common(dut, conn, ifname, cmd);
if (id < 0)
@@ -1332,33 +1333,93 @@
strcasecmp(val, "wpa2-wpa-ent") == 0) {
if (set_network(ifname, id, "proto", "WPA WPA2") < 0)
return -2;
+ } else if (strcasecmp(val, "SuiteB") == 0) {
+ if (set_network(ifname, id, "proto", "WPA2") < 0)
+ return -2;
} else {
send_resp(dut, conn, SIGMA_INVALID, "errorCode,Unrecognized keyMgmtType value");
return 0;
}
val = get_param(cmd, "encpType");
- if (val == NULL) {
- send_resp(dut, conn, SIGMA_INVALID, "errorCode,Missing encpType");
+ if (val) {
+ cipher_set = 1;
+ if (strcasecmp(val, "tkip") == 0) {
+ if (set_network(ifname, id, "pairwise", "TKIP") < 0)
+ return -2;
+ } else if (strcasecmp(val, "aes-ccmp") == 0) {
+ if (set_network(ifname, id, "pairwise", "CCMP") < 0)
+ return -2;
+ } else if (strcasecmp(val, "aes-ccmp-tkip") == 0) {
+ if (set_network(ifname, id, "pairwise",
+ "CCMP TKIP") < 0)
+ return -2;
+ } else if (strcasecmp(val, "aes-gcmp") == 0) {
+ if (set_network(ifname, id, "pairwise", "GCMP") < 0)
+ return -2;
+ if (set_network(ifname, id, "group", "GCMP") < 0)
+ return -2;
+ } else {
+ send_resp(dut, conn, SIGMA_ERROR,
+ "errorCode,Unrecognized encpType value");
+ return 0;
+ }
+ }
+
+ val = get_param(cmd, "PairwiseCipher");
+ if (val) {
+ cipher_set = 1;
+ /* TODO: Support space separated list */
+ if (strcasecmp(val, "AES-GCMP-256") == 0) {
+ if (set_network(ifname, id, "pairwise", "GCMP-256") < 0)
+ return -2;
+ } else if (strcasecmp(val, "AES-CCMP-256") == 0) {
+ if (set_network(ifname, id, "pairwise",
+ "CCMP-256") < 0)
+ return -2;
+ } else if (strcasecmp(val, "AES-GCMP-128") == 0) {
+ if (set_network(ifname, id, "pairwise", "GCMP") < 0)
+ return -2;
+ } else if (strcasecmp(val, "AES-CCMP-128") == 0) {
+ if (set_network(ifname, id, "pairwise", "CCMP") < 0)
+ return -2;
+ } else {
+ send_resp(dut, conn, SIGMA_ERROR,
+ "errorCode,Unrecognized PairwiseCipher value");
+ return 0;
+ }
+ }
+
+ if (!cipher_set) {
+ send_resp(dut, conn, SIGMA_ERROR,
+ "errorCode,Missing encpType and PairwiseCipher");
return 0;
}
- if (strcasecmp(val, "tkip") == 0) {
- if (set_network(ifname, id, "pairwise", "TKIP") < 0)
- return -2;
- } else if (strcasecmp(val, "aes-ccmp") == 0) {
- if (set_network(ifname, id, "pairwise", "CCMP") < 0)
- return -2;
- } else if (strcasecmp(val, "aes-ccmp-tkip") == 0) {
- if (set_network(ifname, id, "pairwise", "CCMP TKIP") < 0)
- return -2;
- } else if (strcasecmp(val, "aes-gcmp") == 0) {
- if (set_network(ifname, id, "pairwise", "GCMP") < 0)
- return -2;
- if (set_network(ifname, id, "group", "GCMP") < 0)
- return -2;
- } else {
- send_resp(dut, conn, SIGMA_INVALID, "errorCode,Unrecognized encpType value");
- return 0;
+
+ val = get_param(cmd, "GroupCipher");
+ if (val) {
+ if (strcasecmp(val, "AES-GCMP-256") == 0) {
+ if (set_network(ifname, id, "group", "GCMP-256") < 0)
+ return -2;
+ } else if (strcasecmp(val, "AES-CCMP-256") == 0) {
+ if (set_network(ifname, id, "group", "CCMP-256") < 0)
+ return -2;
+ } else if (strcasecmp(val, "AES-GCMP-128") == 0) {
+ if (set_network(ifname, id, "group", "GCMP") < 0)
+ return -2;
+ } else if (strcasecmp(val, "AES-CCMP-128") == 0) {
+ if (set_network(ifname, id, "group", "CCMP") < 0)
+ return -2;
+ } else {
+ send_resp(dut, conn, SIGMA_ERROR,
+ "errorCode,Unrecognized GroupCipher value");
+ return 0;
+ }
+ }
+
+ val = get_param(cmd, "GroupMgmtCipher");
+ if (val) {
+ /* TODO */
}
dut->sta_pmf = STA_PMF_DISABLED;
@@ -1501,7 +1562,11 @@
val = get_param(cmd, "keyMgmtType");
alg = get_param(cmd, "micAlg");
- if (alg && strcasecmp(alg, "SHA-256") == 0) {
+ if (val && strcasecmp(val, "SuiteB") == 0) {
+ if (set_network(ifname, id, "key_mgmt", "WPA-EAP-SUITE-B-192") <
+ 0)
+ return -2;
+ } else if (alg && strcasecmp(alg, "SHA-256") == 0) {
if (set_network(ifname, id, "key_mgmt", "WPA-EAP-SHA256") < 0)
return -2;
} else if (alg && strcasecmp(alg, "SHA-1") == 0) {