3 # WPA2-Enterprise PMKSA caching tests
4 # Copyright (c) 2013, Jouni Malinen <j@w1.fi>
6 # This software may be distributed under the terms of the BSD license.
7 # See README for more details.
10 logger = logging.getLogger()
14 def test_pmksa_cache_on_roam_back(dev, apdev):
15 """PMKSA cache to skip EAP on reassociation back to same AP"""
16 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
17 hostapd.add_ap(apdev[0]['ifname'], params)
18 bssid = apdev[0]['bssid']
19 dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
20 eap="GPSK", identity="gpsk user",
21 password="abcdefghijklmnop0123456789abcdef",
23 pmksa = dev[0].get_pmksa(bssid)
25 raise Exception("No PMKSA cache entry created")
26 if pmksa['opportunistic'] != '0':
27 raise Exception("Unexpected opportunistic PMKSA cache entry")
29 hostapd.add_ap(apdev[1]['ifname'], params)
30 bssid2 = apdev[1]['bssid']
33 logger.info("Roam to AP2")
34 dev[0].scan(freq="2412")
35 dev[0].request("ROAM " + bssid2)
36 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
38 raise Exception("EAP success timed out")
39 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=10)
41 raise Exception("Roaming with the AP timed out")
42 pmksa2 = dev[0].get_pmksa(bssid2)
44 raise Exception("No PMKSA cache entry found")
45 if pmksa2['opportunistic'] != '0':
46 raise Exception("Unexpected opportunistic PMKSA cache entry")
49 logger.info("Roam back to AP1")
50 dev[0].scan(freq="2412")
51 dev[0].request("ROAM " + bssid)
52 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
53 "CTRL-EVENT-CONNECTED"], timeout=10)
55 raise Exception("Roaming with the AP timed out")
56 if "CTRL-EVENT-EAP-STARTED" in ev:
57 raise Exception("Unexpected EAP exchange")
58 pmksa1b = dev[0].get_pmksa(bssid)
60 raise Exception("No PMKSA cache entry found")
61 if pmksa['pmkid'] != pmksa1b['pmkid']:
62 raise Exception("Unexpected PMKID change for AP1")
64 def test_pmksa_cache_opportunistic_only_on_sta(dev, apdev):
65 """Opportunistic PMKSA caching enabled only on station"""
66 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
67 hostapd.add_ap(apdev[0]['ifname'], params)
68 bssid = apdev[0]['bssid']
69 dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
70 eap="GPSK", identity="gpsk user",
71 password="abcdefghijklmnop0123456789abcdef", okc=True,
73 pmksa = dev[0].get_pmksa(bssid)
75 raise Exception("No PMKSA cache entry created")
76 if pmksa['opportunistic'] != '0':
77 raise Exception("Unexpected opportunistic PMKSA cache entry")
79 hostapd.add_ap(apdev[1]['ifname'], params)
80 bssid2 = apdev[1]['bssid']
83 logger.info("Roam to AP2")
84 dev[0].scan(freq="2412")
85 dev[0].request("ROAM " + bssid2)
86 ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=10)
88 raise Exception("EAP success timed out")
89 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=10)
91 raise Exception("Roaming with the AP timed out")
92 pmksa2 = dev[0].get_pmksa(bssid2)
94 raise Exception("No PMKSA cache entry found")
95 if pmksa2['opportunistic'] != '0':
96 raise Exception("Unexpected opportunistic PMKSA cache entry")
99 logger.info("Roam back to AP1")
100 dev[0].scan(freq="2412")
101 dev[0].request("ROAM " + bssid)
102 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
103 "CTRL-EVENT-CONNECTED"], timeout=10)
105 raise Exception("Roaming with the AP timed out")
106 if "CTRL-EVENT-EAP-STARTED" in ev:
107 raise Exception("Unexpected EAP exchange")
108 pmksa1b = dev[0].get_pmksa(bssid)
110 raise Exception("No PMKSA cache entry found")
111 if pmksa['pmkid'] != pmksa1b['pmkid']:
112 raise Exception("Unexpected PMKID change for AP1")
114 def test_pmksa_cache_opportunistic(dev, apdev):
115 """Opportunistic PMKSA caching"""
116 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
118 hostapd.add_ap(apdev[0]['ifname'], params)
119 bssid = apdev[0]['bssid']
120 dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
121 eap="GPSK", identity="gpsk user",
122 password="abcdefghijklmnop0123456789abcdef", okc=True,
124 pmksa = dev[0].get_pmksa(bssid)
126 raise Exception("No PMKSA cache entry created")
127 if pmksa['opportunistic'] != '0':
128 raise Exception("Unexpected opportunistic PMKSA cache entry")
130 hostapd.add_ap(apdev[1]['ifname'], params)
131 bssid2 = apdev[1]['bssid']
133 dev[0].dump_monitor()
134 logger.info("Roam to AP2")
135 dev[0].scan(freq="2412")
136 dev[0].request("ROAM " + bssid2)
137 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
138 "CTRL-EVENT-CONNECTED"], timeout=10)
140 raise Exception("Roaming with the AP timed out")
141 if "CTRL-EVENT-EAP-STARTED" in ev:
142 raise Exception("Unexpected EAP exchange")
143 pmksa2 = dev[0].get_pmksa(bssid2)
145 raise Exception("No PMKSA cache entry created")
147 dev[0].dump_monitor()
148 logger.info("Roam back to AP1")
149 dev[0].scan(freq="2412")
150 dev[0].request("ROAM " + bssid)
151 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
152 "CTRL-EVENT-CONNECTED"], timeout=10)
154 raise Exception("Roaming with the AP timed out")
155 if "CTRL-EVENT-EAP-STARTED" in ev:
156 raise Exception("Unexpected EAP exchange")
158 pmksa1b = dev[0].get_pmksa(bssid)
160 raise Exception("No PMKSA cache entry found")
161 if pmksa['pmkid'] != pmksa1b['pmkid']:
162 raise Exception("Unexpected PMKID change for AP1")
164 def test_pmksa_cache_expiration(dev, apdev):
165 """PMKSA cache entry expiration"""
166 params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
167 hostapd.add_ap(apdev[0]['ifname'], params)
168 bssid = apdev[0]['bssid']
169 dev[0].request("SET dot11RSNAConfigPMKLifetime 10")
170 dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
171 eap="GPSK", identity="gpsk user",
172 password="abcdefghijklmnop0123456789abcdef",
174 pmksa = dev[0].get_pmksa(bssid)
176 raise Exception("No PMKSA cache entry created")
177 logger.info("Wait for PMKSA cache entry to expire")
178 ev = dev[0].wait_event(["WPA: Key negotiation completed",
179 "CTRL-EVENT-DISCONNECTED"], timeout=15)
181 raise Exception("No EAP reauthentication seen")
182 if "CTRL-EVENT-DISCONNECTED" in ev:
183 raise Exception("Unexpected disconnection")
184 pmksa2 = dev[0].get_pmksa(bssid)
185 if pmksa['pmkid'] == pmksa2['pmkid']:
186 raise Exception("PMKID did not change")