test_connectivity=True, eap_identity="gpsk user", conndev=False,
force_initial_conn_to_first_ap=False, sha384=False,
group_mgmt=None, ocv=None, sae_password=None,
- sae_password_id=None, sae_and_psk=False):
+ sae_password_id=None, sae_and_psk=False, pmksa_caching=False,
+ roam_with_reassoc=False, also_non_ft=False):
logger.info("Connect to first AP")
copts = {}
if ocv:
copts["ocv"] = ocv
if eap:
- copts["key_mgmt"] = "FT-EAP-SHA384" if sha384 else "FT-EAP"
+ if also_non_ft:
+ copts["key_mgmt"] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384" if sha384 else "WPA-EAP FT-EAP"
+ else:
+ copts["key_mgmt"] = "FT-EAP-SHA384" if sha384 else "FT-EAP"
copts["eap"] = "GPSK"
copts["identity"] = eap_identity
copts["password"] = "abcdefghijklmnop0123456789abcdef"
copts["sae_password_id"] = sae_password_id
if force_initial_conn_to_first_ap:
copts["bssid"] = apdev[0]['bssid']
- dev.connect(ssid, **copts)
+ netw = dev.connect(ssid, **copts)
+ if pmksa_caching:
+ dev.request("DISCONNECT")
+ dev.wait_disconnected()
+ dev.request("RECONNECT")
+ ev = dev.wait_event(["CTRL-EVENT-CONNECTED", "CTRL-EVENT-DISCONNECTED"],
+ timeout=15)
+ if ev is None:
+ raise Exception("Reconnect timed out")
+ if "CTRL-EVENT-DISCONNECTED" in ev:
+ raise Exception("Unexpected disconnection after RECONNECT")
if dev.get_status_field('bssid') == apdev[0]['bssid']:
ap1 = apdev[0]
# set later.
time.sleep(0.01)
logger.info("Roam to the second AP")
- if over_ds:
+ if roam_with_reassoc:
+ dev.set_network(netw, "bssid", ap2['bssid'])
+ dev.request("REASSOCIATE")
+ dev.wait_connected()
+ elif over_ds:
dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
else:
dev.roam(ap2['bssid'], fail_test=fail_test)
# set later.
time.sleep(0.01)
logger.info("Roam back to the first AP")
- if over_ds:
+ if roam_with_reassoc:
+ dev.set_network(netw, "bssid", ap1['bssid'])
+ dev.request("REASSOCIATE")
+ dev.wait_connected()
+ elif over_ds:
dev.roam_over_ds(ap1['bssid'])
else:
dev.roam(ap1['bssid'])
run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True,
sae_and_psk=True)
+def test_ap_ft_sae_pmksa_caching(dev, apdev):
+ """WPA2-FT-SAE AP and PMKSA caching for initial mobility domain association"""
+ if "SAE" not in dev[0].get_capability("auth_alg"):
+ raise HwsimSkip("SAE not supported")
+ ssid = "test-ft"
+ passphrase = "12345678"
+
+ params = ft_params1(ssid=ssid, passphrase=passphrase)
+ params['wpa_key_mgmt'] = "FT-SAE"
+ hapd0 = hostapd.add_ap(apdev[0], params)
+ params = ft_params2(ssid=ssid, passphrase=passphrase)
+ params['wpa_key_mgmt'] = "FT-SAE"
+ hapd = hostapd.add_ap(apdev[1], params)
+ key_mgmt = hapd.get_config()['key_mgmt']
+ if key_mgmt.split(' ')[0] != "FT-SAE":
+ raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt)
+
+ dev[0].request("SET sae_groups ")
+ run_roams(dev[0], apdev, hapd0, hapd, ssid, passphrase, sae=True,
+ pmksa_caching=True)
+
def generic_ap_ft_eap(dev, apdev, vlan=False, cui=False, over_ds=False,
discovery=False, roams=1):
ssid = "test-ft"
run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True,
sha384=True)
+def test_ap_ft_eap_sha384_reassoc(dev, apdev):
+ """WPA2-EAP-FT with SHA384 using REASSOCIATE"""
+ ssid = "test-ft"
+ passphrase = "12345678"
+
+ radius = hostapd.radius_params()
+ params = ft_params1(ssid=ssid, passphrase=passphrase)
+ params["ieee80211w"] = "2"
+ params['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
+ params["ieee8021x"] = "1"
+ params = dict(list(radius.items()) + list(params.items()))
+ hapd0 = hostapd.add_ap(apdev[0], params)
+ params = ft_params2(ssid=ssid, passphrase=passphrase)
+ params["ieee80211w"] = "2"
+ params['wpa_key_mgmt'] = "WPA-EAP-SUITE-B-192 FT-EAP-SHA384"
+ params["ieee8021x"] = "1"
+ params = dict(list(radius.items()) + list(params.items()))
+ hapd1 = hostapd.add_ap(apdev[1], params)
+
+ run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, eap=True,
+ sha384=True, also_non_ft=True, roam_with_reassoc=True)
+
def test_ap_ft_eap_sha384_over_ds(dev, apdev):
"""WPA2-EAP-FT with SHA384 over DS"""
ssid = "test-ft"