eap_connect(wpas, hapd, "SAKE", "sake user",
password_hex="ff23456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
expect_failure=True)
+
+def test_ap_wpa3_eap_transition_disable(dev, apdev):
+ """WPA3-Enterprise transition disable indication"""
+ params = hostapd.wpa2_eap_params(ssid="test-wpa3-eap")
+ params["ieee80211w"] = "1"
+ params['transition_disable'] = '0x04'
+ hapd = hostapd.add_ap(apdev[0], params)
+ id = dev[0].connect("test-wpa3-eap", key_mgmt="WPA-EAP", ieee80211w="1",
+ proto="WPA WPA2", pairwise="CCMP", group="TKIP CCMP",
+ eap="GPSK", identity="gpsk user",
+ password="abcdefghijklmnop0123456789abcdef",
+ scan_freq="2412")
+
+ val = dev[0].get_network(id, "ieee80211w")
+ if val != "2":
+ raise Exception("Unexpected ieee80211w value: " + val)
+ val = dev[0].get_network(id, "key_mgmt")
+ if val != "WPA-EAP":
+ raise Exception("Unexpected key_mgmt value: " + val)
+ val = dev[0].get_network(id, "group")
+ if val != "CCMP":
+ raise Exception("Unexpected group value: " + val)
+ val = dev[0].get_network(id, "proto")
+ if val != "RSN":
+ raise Exception("Unexpected proto value: " + val)
+
+ dev[0].request("DISCONNECT")
+ dev[0].wait_disconnected()
+ dev[0].request("RECONNECT")
+ dev[0].wait_connected()
if ev is None:
raise Exception("No PMKSA cache removal event seen")
dev[0].dump_monitor()
+
+def test_owe_transition_mode_disable(dev, apdev):
+ """Opportunistic Wireless Encryption transition mode disable"""
+ if "OWE" not in dev[0].get_capability("key_mgmt"):
+ raise HwsimSkip("OWE not supported")
+ dev[0].flush_scan_cache()
+ params = {"ssid": "owe-random",
+ "wpa": "2",
+ "wpa_key_mgmt": "OWE",
+ "rsn_pairwise": "CCMP",
+ "ieee80211w": "2",
+ "transition_disable": '0x08',
+ "owe_transition_bssid": apdev[1]['bssid'],
+ "owe_transition_ssid": '"owe-test"',
+ "ignore_broadcast_ssid": "1"}
+ hapd = hostapd.add_ap(apdev[0], params)
+ bssid = hapd.own_addr()
+
+ params = {"ssid": "owe-test",
+ "owe_transition_bssid": apdev[0]['bssid'],
+ "owe_transition_ssid": '"owe-random"'}
+ hapd2 = hostapd.add_ap(apdev[1], params)
+ bssid2 = hapd2.own_addr()
+
+ dev[0].scan_for_bss(bssid, freq="2412")
+ dev[0].scan_for_bss(bssid2, freq="2412")
+
+ id = dev[0].connect("owe-test", key_mgmt="OWE", ieee80211w="2",
+ scan_freq="2412")
+
+ ev = dev[0].wait_event(["TRANSITION-DISABLE"], timeout=1)
+ if ev is None:
+ raise Exception("Transition disable not indicated")
+ if ev.split(' ')[1] != "08":
+ raise Exception("Unexpected transition disable bitmap: " + ev)
+
+ val = dev[0].get_network(id, "owe_only")
+ if val != "1":
+ raise Exception("Unexpected owe_only value: " + val)
+
+ dev[0].request("DISCONNECT")
+ dev[0].wait_disconnected()
+ dev[0].request("RECONNECT")
+ dev[0].wait_connected()
dev[2].connect("test-sae", psk="12345678", ieee80211w="0", scan_freq="2412")
dev[2].dump_monitor()
+def test_sae_and_psk_transition_disable(dev, apdev):
+ """SAE and PSK transition disable indication"""
+ check_sae_capab(dev[0])
+ params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
+ params["ieee80211w"] = "1"
+ params['wpa_key_mgmt'] = 'SAE WPA-PSK'
+ params['transition_disable'] = '0x01'
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ dev[0].request("SET sae_groups ")
+ id = dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE WPA-PSK",
+ ieee80211w="1", scan_freq="2412")
+ ev = dev[0].wait_event(["TRANSITION-DISABLE"], timeout=1)
+ if ev is None:
+ raise Exception("Transition disable not indicated")
+ if ev.split(' ')[1] != "01":
+ raise Exception("Unexpected transition disable bitmap: " + ev)
+
+ val = dev[0].get_network(id, "ieee80211w")
+ if val != "2":
+ raise Exception("Unexpected ieee80211w value: " + val)
+ val = dev[0].get_network(id, "key_mgmt")
+ if val != "SAE":
+ raise Exception("Unexpected key_mgmt value: " + val)
+ val = dev[0].get_network(id, "group")
+ if val != "CCMP":
+ raise Exception("Unexpected group value: " + val)
+ val = dev[0].get_network(id, "proto")
+ if val != "RSN":
+ raise Exception("Unexpected proto value: " + val)
+
+ dev[0].request("DISCONNECT")
+ dev[0].wait_disconnected()
+ dev[0].request("RECONNECT")
+ dev[0].wait_connected()
+
def test_sae_mfp(dev, apdev):
"""SAE and MFP enabled without sae_require_mfp"""
check_sae_capab(dev[0])
bss = dev[0].get_bss(bssid)
if not bss:
raise Exception("AP not found in scan")
+
+def test_wpas_ap_sae(dev):
+ """wpa_supplicant AP mode - SAE using psk"""
+ run_wpas_ap_sae(dev, False)
+
+def test_wpas_ap_sae_and_psk_transition_disable(dev):
+ """wpa_supplicant AP mode - SAE+PSK transition disable indication"""
+ if "SAE" not in dev[0].get_capability("auth_alg"):
+ raise HwsimSkip("SAE not supported")
+ if "SAE" not in dev[1].get_capability("auth_alg"):
+ raise HwsimSkip("SAE not supported")
+ dev[0].set("sae_groups", "")
+ id = dev[0].add_network()
+ dev[0].set_network(id, "mode", "2")
+ dev[0].set_network_quoted(id, "ssid", "wpas-ap-sae")
+ dev[0].set_network(id, "proto", "WPA2")
+ dev[0].set_network(id, "key_mgmt", "SAE")
+ dev[0].set_network(id, "transition_disable", "1")
+ dev[0].set_network(id, "ieee80211w", "1")
+ dev[0].set_network(id, "pairwise", "CCMP")
+ dev[0].set_network(id, "group", "CCMP")
+ dev[0].set_network_quoted(id, "psk", "12345678")
+ dev[0].set_network(id, "frequency", "2412")
+ dev[0].set_network(id, "scan_freq", "2412")
+ dev[0].set_network(id, "wps_disabled", "1")
+ dev[0].select_network(id)
+ wait_ap_ready(dev[0])
+
+ dev[1].set("sae_groups", "")
+ dev[1].connect("wpas-ap-sae", key_mgmt="SAE WPA-PSK",
+ psk="12345678", ieee80211w="1",
+ scan_freq="2412")
+ ev = dev[1].wait_event(["TRANSITION-DISABLE"], timeout=1)
+ if ev is None:
+ raise Exception("Transition disable not indicated")
+ if ev.split(' ')[1] != "01":
+ raise Exception("Unexpected transition disable bitmap: " + ev)
+
+ val = dev[1].get_network(id, "ieee80211w")
+ if val != "2":
+ raise Exception("Unexpected ieee80211w value: " + val)
+ val = dev[1].get_network(id, "key_mgmt")
+ if val != "SAE":
+ raise Exception("Unexpected key_mgmt value: " + val)
+ val = dev[1].get_network(id, "group")
+ if val != "CCMP":
+ raise Exception("Unexpected group value: " + val)
+ val = dev[1].get_network(id, "proto")
+ if val != "RSN":
+ raise Exception("Unexpected proto value: " + val)
+
+ dev[1].request("DISCONNECT")
+ dev[1].wait_disconnected()
+ dev[1].request("RECONNECT")
+ dev[1].wait_connected()