diff --git a/tests/hwsim/test_ap_hs20.py b/tests/hwsim/test_ap_hs20.py index d9f2e08c6..c8ba76770 100644 --- a/tests/hwsim/test_ap_hs20.py +++ b/tests/hwsim/test_ap_hs20.py @@ -727,6 +727,61 @@ def test_ap_hs20_auto_interworking(dev, apdev): if status['hs20'] != "3": raise Exception("Unexpected HS 2.0 support indication") +def test_ap_hs20_auto_interworking_global_pmf(dev, apdev): + """Hotspot 2.0 connection with auto_interworking=1 and pmf=2""" + check_eap_capa(dev[0], "MSCHAPV2") + bssid = apdev[0]['bssid'] + params = hs20_ap_params() + params['hessid'] = bssid + hostapd.add_ap(apdev[0], params) + + dev[0].hs20_enable(auto_interworking=True) + id = dev[0].add_cred_values({'realm': "example.com", + 'username': "hs20-test", + 'password': "password", + 'ca_cert': "auth_serv/ca.pem", + 'domain': "example.com", + 'update_identifier': "1234"}) + try: + dev[0].set("pmf", "2") + dev[0].request("REASSOCIATE") + dev[0].wait_connected(timeout=15) + pmf = dev[0].get_status_field("pmf") + if pmf != "1": + raise Exception("Unexpected PMF state: " + str(pmf)) + finally: + dev[0].set("pmf", "0") + +def test_ap_hs20_auto_interworking_global_pmf_fail(dev, apdev): + """Hotspot 2.0 connection with auto_interworking=1 and pmf=2 failure""" + check_eap_capa(dev[0], "MSCHAPV2") + bssid = apdev[0]['bssid'] + params = hs20_ap_params() + params['ieee80211w'] = "0" + params['hessid'] = bssid + hostapd.add_ap(apdev[0], params) + + dev[0].hs20_enable(auto_interworking=True) + id = dev[0].add_cred_values({'realm': "example.com", + 'username': "hs20-test", + 'password': "password", + 'ca_cert': "auth_serv/ca.pem", + 'domain': "example.com", + 'update_identifier': "1234"}) + try: + dev[0].set("pmf", "2") + dev[0].request("REASSOCIATE") + for i in range(2): + ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", + "INTERWORKING-SELECTED"], timeout=15) + if ev is None: + raise Exception("Connection result not reported") + if "CTRL-EVENT-CONNECTED" in ev: + raise Exception("Unexpected connection") + dev[0].request("DISCONNECT") + finally: + dev[0].set("pmf", "0") + @remote_compatible def test_ap_hs20_auto_interworking_no_match(dev, apdev): """Hotspot 2.0 connection with auto_interworking=1 and no matching network""" diff --git a/tests/hwsim/test_ap_pmf.py b/tests/hwsim/test_ap_pmf.py index 2bb4a3602..e0a6225db 100644 --- a/tests/hwsim/test_ap_pmf.py +++ b/tests/hwsim/test_ap_pmf.py @@ -1133,3 +1133,44 @@ def run_ap_pmf_beacon_protection_mismatch(dev, apdev, clear): ev = hapd.wait_event(["CTRL-EVENT-UNPROT-BEACON"], timeout=5) if ev is None: raise Exception("WNM-Notification Request frame not reported") + +def test_ap_pmf_sta_global_require(dev, apdev): + """WPA2-PSK AP with PMF optional and wpa_supplicant pmf=2""" + ssid = "test-pmf-optional" + params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678") + params["wpa_key_mgmt"] = "WPA-PSK" + params["ieee80211w"] = "1" + hapd = hostapd.add_ap(apdev[0], params) + try: + dev[0].set("pmf", "2") + dev[0].connect(ssid, psk="12345678", + key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2", + scan_freq="2412") + pmf = dev[0].get_status_field("pmf") + if pmf != "1": + raise Exception("Unexpected PMF state: " + str(pmf)) + finally: + dev[0].set("pmf", "0") + +def test_ap_pmf_sta_global_require2(dev, apdev): + """WPA2-PSK AP with PMF optional and wpa_supplicant pmf=2 (2)""" + ssid = "test-pmf-optional" + params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678") + params["wpa_key_mgmt"] = "WPA-PSK" + params["ieee80211w"] = "0" + hapd = hostapd.add_ap(apdev[0], params) + bssid = hapd.own_addr() + try: + dev[0].scan_for_bss(bssid, freq=2412) + dev[0].set("pmf", "2") + dev[0].connect(ssid, psk="12345678", + key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2", + scan_freq="2412", wait_connect=False) + ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", + "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10) + if ev is None: + raise Exception("Connection result not reported") + if "CTRL-EVENT-CONNECTED" in ev: + raise Exception("Unexpected connection") + finally: + dev[0].set("pmf", "0")