@@ -60,6 +60,11 @@ radius_accept_attr=25:x:00112233445566778899
radius_accept_attr=89:s:gpsk-chargeable-user-identity
radius_accept_attr=25:x:00112233445566778899aa
+"gpsk-vlan1" GPSK "abcdefghijklmnop0123456789abcdef"
+radius_accept_attr=64:d:13
+radius_accept_attr=65:d:6
+radius_accept_attr=81:s:1
+
"gpsk-user-session-timeout" GPSK "abcdefghijklmnop0123456789abcdef"
radius_accept_attr=27:d:3
@@ -93,11 +93,12 @@ def ft_params2_r0kh_mismatch(rsn=True, ssid=None, passphrase=None):
def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
sae=False, eap=False, fail_test=False, roams=1,
- pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0"):
+ pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0",
+ eap_identity="gpsk user", conndev=False):
logger.info("Connect to first AP")
if eap:
dev.connect(ssid, key_mgmt="FT-EAP", proto="WPA2", ieee80211w="1",
- eap="GPSK", identity="gpsk user",
+ eap="GPSK", identity=eap_identity,
password="abcdefghijklmnop0123456789abcdef",
scan_freq="2412",
pairwise=pairwise_cipher, group=group_cipher,
@@ -121,11 +122,16 @@ def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
ap2 = apdev[0]
hapd1ap = hapd1
hapd2ap = hapd0
- hwsim_utils.test_connectivity(dev, hapd1ap)
+ if conndev:
+ hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
+ else:
+ hwsim_utils.test_connectivity(dev, hapd1ap)
dev.scan_for_bss(ap2['bssid'], freq="2412")
for i in range(0, roams):
+ # roaming artificially fast makes data test fail because key is setup later
+ time.sleep(0.01)
logger.info("Roam to the second AP")
if over_ds:
dev.roam_over_ds(ap2['bssid'], fail_test=fail_test)
@@ -136,8 +142,13 @@ def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
if dev.get_status_field('bssid') != ap2['bssid']:
raise Exception("Did not connect to correct AP")
if i == 0 or i == roams - 1:
- hwsim_utils.test_connectivity(dev, hapd2ap)
+ if conndev:
+ hwsim_utils.test_connectivity_iface(dev, hapd2ap, conndev)
+ else:
+ hwsim_utils.test_connectivity(dev, hapd2ap)
+ # roaming artificially fast makes data test fail because key is setup later
+ time.sleep(0.01)
logger.info("Roam back to the first AP")
if over_ds:
dev.roam_over_ds(ap1['bssid'])
@@ -146,7 +157,10 @@ def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False,
if dev.get_status_field('bssid') != ap1['bssid']:
raise Exception("Did not connect to correct AP")
if i == 0 or i == roams - 1:
- hwsim_utils.test_connectivity(dev, hapd1ap)
+ if conndev:
+ hwsim_utils.test_connectivity_iface(dev, hapd1ap, conndev)
+ else:
+ hwsim_utils.test_connectivity(dev, hapd1ap)
def test_ap_ft(dev, apdev):
"""WPA2-PSK-FT AP"""
@@ -409,15 +423,23 @@ def test_ap_ft_sae_over_ds(dev, apdev):
run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, sae=True,
over_ds=True)
-def test_ap_ft_eap(dev, apdev):
+def generic_ap_ft_eap(dev, apdev, vlan, over_ds=False):
"""WPA2-EAP-FT AP"""
ssid = "test-ft"
passphrase="12345678"
+ if vlan:
+ identity="gpsk-vlan1"
+ conndev="brvlan1"
+ else:
+ identity="gpsk user"
+ conndev=False
radius = hostapd.radius_params()
params = ft_params1(ssid=ssid, passphrase=passphrase)
params['wpa_key_mgmt'] = "FT-EAP"
params["ieee8021x"] = "1"
+ if vlan:
+ params["dynamic_vlan"] = "1"
params = dict(radius.items() + params.items())
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
key_mgmt = hapd.get_config()['key_mgmt']
@@ -426,10 +448,12 @@ def test_ap_ft_eap(dev, apdev):
params = ft_params2(ssid=ssid, passphrase=passphrase)
params['wpa_key_mgmt'] = "FT-EAP"
params["ieee8021x"] = "1"
+ if vlan:
+ params["dynamic_vlan"] = "1"
params = dict(radius.items() + params.items())
hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
- run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
+ run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True, eap_identity=identity, conndev=conndev, over_ds=over_ds)
if "[WPA2-FT/EAP-CCMP]" not in dev[0].request("SCAN_RESULTS"):
raise Exception("Scan results missing RSN element info")
check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
@@ -450,16 +474,48 @@ def test_ap_ft_eap(dev, apdev):
time.sleep(0.1)
hwsim_utils.test_connectivity(dev[0], ap)
-def test_ap_ft_eap_pull(dev, apdev):
+def test_ap_ft_eap(dev, apdev):
+ """WPA2-EAP-FT AP"""
+ generic_ap_ft_eap(dev, apdev, vlan=False)
+
+def test_ap_ft_eap_vlan(dev, apdev):
+ """WPA2-EAP-FT AP w VLAN"""
+ generic_ap_ft_eap(dev, apdev, vlan=True)
+
+def test_ap_ft_eap_vlan_multi(dev, apdev):
+ """WPA2-EAP-FT AP w VLAN"""
+ generic_ap_ft_eap(dev, apdev, vlan=True, roams=50)
+
+def test_ap_ft_eap_over_ds(dev, apdev):
+ """WPA2-EAP-FT AP w over_ds"""
+ generic_ap_ft_eap(dev, apdev, vlan=False, over_ds=True)
+
+def test_ap_ft_eap_vlan_over_ds(dev, apdev):
+ """WPA2-EAP-FT AP w VLAN + over_ds"""
+ generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True)
+
+def test_ap_ft_eap_vlan_over_ds_multi(dev, apdev):
+ """WPA2-EAP-FT AP w VLAN + over_ds"""
+ generic_ap_ft_eap(dev, apdev, vlan=True, over_ds=True, roams=50)
+
+def generic_ap_ft_eap_pull(dev, apdev, vlan):
"""WPA2-EAP-FT AP (pull PMK)"""
ssid = "test-ft"
passphrase="12345678"
+ if vlan:
+ identity="gpsk-vlan1"
+ conndev="brvlan1"
+ else:
+ identity="gpsk user"
+ conndev=False
radius = hostapd.radius_params()
params = ft_params1(ssid=ssid, passphrase=passphrase)
params['wpa_key_mgmt'] = "FT-EAP"
params["ieee8021x"] = "1"
params["pmk_r1_push"] = "0"
+ if vlan:
+ params["dynamic_vlan"] = "1"
params = dict(radius.items() + params.items())
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
key_mgmt = hapd.get_config()['key_mgmt']
@@ -469,10 +525,19 @@ def test_ap_ft_eap_pull(dev, apdev):
params['wpa_key_mgmt'] = "FT-EAP"
params["ieee8021x"] = "1"
params["pmk_r1_push"] = "0"
+ if vlan:
+ params["dynamic_vlan"] = "1"
params = dict(radius.items() + params.items())
hapd1 = hostapd.add_ap(apdev[1]['ifname'], params)
- run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True)
+ run_roams(dev[0], apdev, hapd, hapd1, ssid, passphrase, eap=True, eap_identity=identity, conndev=conndev)
+
+def test_ap_ft_eap_pull(dev, apdev):
+ """WPA2-EAP-FT AP (pull PMK)"""
+ generic_ap_ft_eap_pull(dev, apdev, vlan=False)
+
+def test_ap_ft_eap_pull_vlan(dev, apdev):
+ generic_ap_ft_eap_pull(dev, apdev, vlan=True)
def test_ap_ft_mismatching_rrb_key_push(dev, apdev):
"""WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""