From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Fri, 27 Sep 2024 20:02:26 +0000 (+0300)
Subject: tests: FT with RSNXE only from STA
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64d60bb4270745646d7405c05a06523e84b66893;p=thirdparty%2Fhostap.git

tests: FT with RSNXE only from STA

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---

diff --git a/tests/hwsim/test_ap_ft.py b/tests/hwsim/test_ap_ft.py
index 5b890b4b6..bbbe8cf22 100644
--- a/tests/hwsim/test_ap_ft.py
+++ b/tests/hwsim/test_ap_ft.py
@@ -1222,6 +1222,55 @@ def test_ap_ft_sae_h2e_and_loop2(dev, apdev):
     finally:
         dev[0].set("sae_pwe", "0")
 
+def test_ap_ft_rsnxe_only_from_sta(dev, apdev):
+    """FT with RSNXE only from STA"""
+    hapd0, hapd1 = start_ft_sae(dev[0], apdev, sae_pwe="0")
+    hapd1.disable()
+    dev[0].scan_for_bss(hapd0.own_addr(), freq=2412)
+    hapd0.set("ext_mgmt_frame_handling", "1")
+    dev[0].connect("test-ft", key_mgmt="FT-SAE", sae_password="12345678",
+                   sae_pwe="2", wait_connect=False)
+
+    for j in range(2):
+        for i in range(0, 10):
+            req = hapd0.mgmt_rx()
+            if req is None:
+                raise Exception("MGMT RX wait timed out (authentication)")
+            if req['subtype'] == 11:
+                break
+            req = None
+        if not req:
+            raise Exception("Authentication frame not received")
+
+        hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
+
+    for i in range(0, 10):
+        req = hapd0.mgmt_rx()
+        if req is None:
+            raise Exception("MGMT RX wait timed out (association)")
+        if req['subtype'] == 0:
+            break
+        req = None
+    if not req:
+        raise Exception("Association Request frame not received")
+
+    hapd0.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(req['frame']).decode())
+    ev = hapd0.wait_event(["MGMT-TX-STATUS"], timeout=5)
+    if ev is None:
+        raise Exception("Management frame TX status not reported (1)")
+    if "stype=1 ok=1" not in ev:
+        raise Exception("Unexpected management frame TX status (1): " + ev)
+    cmd = "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev.split(' ')[1:4]))
+    if "OK" not in hapd0.request(cmd):
+        raise Exception("MGMT_TX_STATUS_PROCESS failed")
+
+    dev[0].wait_connected()
+    hapd0.set("ext_mgmt_frame_handling", "0")
+
+    ies = parse_ie(binascii.hexlify(req['payload'][4:]))
+    if 244 not in ies:
+        raise Exception("RSNXE not included in Association Request frame for initial mobility domain association")
+
 def test_ap_ft_sae_h2e_downgrade_attack(dev, apdev):
     """WPA2-PSK-FT-SAE AP (H2E downgrade attack)"""
     try:
diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py
index 8d4da761d..c6fb1d9a4 100644
--- a/tests/hwsim/wpasupplicant.py
+++ b/tests/hwsim/wpasupplicant.py
@@ -1135,6 +1135,7 @@ class WpaSupplicant:
                       "wpa_deny_ptk0_rekey",
                       "max_idle",
                       "ssid_protection",
+                      "sae_pwe",
                       "enable_4addr_mode"]
         for field in not_quoted:
             if field in kwargs and kwargs[field]: