From 2cde175a9374e2caafa1513798fb0979ec32458b Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 4 Oct 2014 19:38:55 +0300
Subject: [PATCH] tests: PMKSA cache entry timeout based on Session-Timeout

This verifies that hostapd uses Session-Timeout value from Access-Accept
as the lifetime for the PMKSA cache entries and expires entries both
while the station is disconnected and during an association.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 tests/hwsim/auth_serv/eap_user.conf |  3 +++
 tests/hwsim/test_pmksa_cache.py     | 30 +++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/tests/hwsim/auth_serv/eap_user.conf b/tests/hwsim/auth_serv/eap_user.conf
index 2bbfae83d..0dce2fa51 100644
--- a/tests/hwsim/auth_serv/eap_user.conf
+++ b/tests/hwsim/auth_serv/eap_user.conf
@@ -27,6 +27,9 @@ radius_accept_attr=25:x:00112233445566778899
 radius_accept_attr=89:s:gpsk-chargeable-user-identity
 radius_accept_attr=25:x:00112233445566778899aa
 
+"gpsk-user-session-timeout"	GPSK	"abcdefghijklmnop0123456789abcdef"
+radius_accept_attr=27:d:3
+
 "020000000000"	MACACL	"020000000000"
 
 "0232010000000000@ttls"	TTLS,AKA
diff --git a/tests/hwsim/test_pmksa_cache.py b/tests/hwsim/test_pmksa_cache.py
index 9ef291d43..95491d0b1 100644
--- a/tests/hwsim/test_pmksa_cache.py
+++ b/tests/hwsim/test_pmksa_cache.py
@@ -427,3 +427,33 @@ def test_pmksa_cache_disabled(dev, apdev):
     ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=20)
     if ev is None:
         raise Exception("Roaming with the AP timed out")
+
+def test_pmksa_cache_ap_expiration(dev, apdev):
+    """PMKSA cache entry expiring on AP"""
+    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    bssid = apdev[0]['bssid']
+    dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
+                   eap="GPSK", identity="gpsk-user-session-timeout",
+                   password="abcdefghijklmnop0123456789abcdef",
+                   scan_freq="2412")
+    dev[0].request("DISCONNECT")
+    time.sleep(5)
+    dev[0].dump_monitor()
+    dev[0].request("RECONNECT")
+    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
+                            "CTRL-EVENT-CONNECTED"], timeout=20)
+    if ev is None:
+        raise Exception("Roaming with the AP timed out")
+    if "CTRL-EVENT-CONNECTED" in ev:
+        raise Exception("EAP exchange missing")
+    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=20)
+    if ev is None:
+        raise Exception("Reassociation with the AP timed out")
+    dev[0].dump_monitor()
+    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=20)
+    if ev is None:
+        raise Exception("Disconnection event timed out")
+    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=20)
+    if ev is None:
+        raise Exception("Reassociation with the AP timed out")