diff --git a/tests/hwsim/test_sae.py b/tests/hwsim/test_sae.py index 124dded80..159678e0c 100644 --- a/tests/hwsim/test_sae.py +++ b/tests/hwsim/test_sae.py @@ -336,6 +336,61 @@ def test_sae_and_psk2(dev, apdev): dev[0].connect("test-psk", psk="12345678", key_mgmt="SAE WPA-PSK", scan_freq="2412") +def test_sae_wpa3_roam(dev, apdev): + """SAE and WPA3-Personal transition mode roaming""" + check_sae_capab(dev[0]) + + # WPA3-Personal only AP + params = hostapd.wpa2_params(ssid="test", passphrase="12345678") + params['ieee80211w'] = '2' + params['wpa_key_mgmt'] = 'SAE' + hapd0 = hostapd.add_ap(apdev[0], params) + + # WPA2-Personal only AP + params = hostapd.wpa2_params(ssid="test", passphrase="12345678") + hapd1 = hostapd.add_ap(apdev[1], params) + + dev[0].set("sae_groups", "") + dev[0].connect("test", psk="12345678", key_mgmt="SAE WPA-PSK", + ieee80211w="1", scan_freq="2412") + bssid = dev[0].get_status_field('bssid') + + # Disable the current AP to force roam to the other one + if bssid == apdev[0]['bssid']: + hapd0.disable() + else: + hapd1.disable() + dev[0].wait_connected() + + # Disable the current AP to force roam to the other (previous) one + if bssid == apdev[0]['bssid']: + hapd0.enable() + hapd1.disable() + else: + hapd1.enable() + hapd0.disable() + dev[0].wait_connected() + + # Force roam to an AP in WPA3-Personal transition mode + if bssid == apdev[0]['bssid']: + hapd1.set("ieee80211w", "1") + hapd1.set("sae_require_mfp", "1") + hapd1.set("wpa_key_mgmt", "SAE WPA-PSK") + hapd1.enable() + hapd0.disable() + else: + hapd0.set("ieee80211w", "1") + hapd0.set("sae_require_mfp", "1") + hapd0.set("wpa_key_mgmt", "SAE WPA-PSK") + hapd0.enable() + hapd1.disable() + dev[0].wait_connected() + status = dev[0].get_status() + if status['key_mgmt'] != "SAE": + raise Exception("Did not use SAE with WPA3-Personal transition mode AP") + if status['pmf'] != "1": + raise Exception("Did not use PMF with WPA3-Personal transition mode AP") + def test_sae_mixed_mfp(dev, apdev): """Mixed SAE and non-SAE network and MFP required with SAE""" check_sae_capab(dev[0])