From: Jouni Malinen <jouni@codeaurora.org>
Date: Mon, 25 May 2020 13:20:33 +0000 (+0300)
Subject: tests: Suite B using PMKSA caching and roaming
X-Git-Tag: hostap_2_10~1258
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf47f0542f7dee6d3a476cf971b6c51b84a43957;p=thirdparty%2Fhostap.git

tests: Suite B using PMKSA caching and roaming

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---

diff --git a/tests/hwsim/test_suite_b.py b/tests/hwsim/test_suite_b.py
index f61947251..7065b18bd 100644
--- a/tests/hwsim/test_suite_b.py
+++ b/tests/hwsim/test_suite_b.py
@@ -672,3 +672,68 @@ def test_openssl_ecdh_curves(dev, apdev):
         raise Exception("EAP failure not reported")
     dev[0].request("REMOVE_NETWORK all")
     dev[0].wait_disconnected()
+
+def test_suite_b_192_pmksa_caching_roam(dev, apdev):
+    """WPA2/GCMP-256 connection at Suite B 192-bit level using PMKSA caching and roaming"""
+    check_suite_b_192_capa(dev)
+    dev[0].flush_scan_cache()
+    params = suite_b_192_ap_params()
+    hapd = hostapd.add_ap(apdev[0], params)
+    bssid = hapd.own_addr()
+
+    dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
+                   ieee80211w="2",
+                   openssl_ciphers="SUITEB192",
+                   eap="TLS", identity="tls user",
+                   ca_cert="auth_serv/ec2-ca.pem",
+                   client_cert="auth_serv/ec2-user.pem",
+                   private_key="auth_serv/ec2-user.key",
+                   pairwise="GCMP-256", group="GCMP-256", scan_freq="2412")
+    ev = dev[0].wait_event(["PMKSA-CACHE-ADDED"], timeout=5)
+    if ev is None:
+        raise Exception("PMKSA cache entry not added for AP1")
+    hapd.wait_sta()
+    dev[0].dump_monitor()
+
+    hapd2 = hostapd.add_ap(apdev[1], params)
+    bssid2 = hapd2.own_addr()
+    dev[0].scan_for_bss(bssid2, freq=2412)
+    dev[0].request("ROAM " + bssid2)
+    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
+                            "CTRL-EVENT-CONNECTED"], timeout=20)
+    if ev is None:
+        raise Exception("Roaming with the AP timed out")
+    if "CTRL-EVENT-EAP-STARTED" not in ev:
+        raise Exception("EAP exchange not seen")
+    ev = dev[0].wait_connected()
+    if bssid2 not in ev:
+        raise Exception("Roam to AP2 connected back to AP1")
+    ev = dev[0].wait_event(["PMKSA-CACHE-ADDED"], timeout=5)
+    if ev is None:
+        raise Exception("PMKSA cache entry not added for AP2")
+    hapd2.wait_sta()
+    dev[0].dump_monitor()
+
+    dev[0].request("ROAM " + bssid)
+    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
+                            "CTRL-EVENT-CONNECTED"], timeout=20)
+    if ev is None:
+        raise Exception("Roaming with the AP timed out")
+    if "CTRL-EVENT-EAP-STARTED" in ev:
+        raise Exception("Unexpected EAP exchange")
+    if bssid not in ev:
+        raise Exception("Roam to AP1 connected back to AP2")
+    hapd.wait_sta()
+    dev[0].dump_monitor()
+
+    dev[0].request("ROAM " + bssid2)
+    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
+                            "CTRL-EVENT-CONNECTED"], timeout=20)
+    if ev is None:
+        raise Exception("Roaming with the AP timed out")
+    if "CTRL-EVENT-EAP-STARTED" in ev:
+        raise Exception("Unexpected EAP exchange")
+    if bssid2 not in ev:
+        raise Exception("Second roam to AP2 connected back to AP1")
+    hapd2.wait_sta()
+    dev[0].dump_monitor()