]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_eap.py
1 # EAP authentication tests
2 # Copyright (c) 2019, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
9 from utils
import alloc_fail
, fail_test
, wait_fail_trigger
, HwsimSkip
10 from test_ap_eap
import check_eap_capa
, int_eap_server_params
, eap_connect
, \
13 def int_teap_server_params(eap_teap_auth
=None, eap_teap_pac_no_inner
=None,
14 eap_teap_separate_result
=None, eap_teap_id
=None):
15 params
= int_eap_server_params()
16 params
['pac_opaque_encr_key'] = "000102030405060708090a0b0c0dff00"
17 params
['eap_fast_a_id'] = "101112131415161718191a1b1c1dff00"
18 params
['eap_fast_a_id_info'] = "test server 0"
20 params
['eap_teap_auth'] = eap_teap_auth
21 if eap_teap_pac_no_inner
:
22 params
['eap_teap_pac_no_inner'] = eap_teap_pac_no_inner
23 if eap_teap_separate_result
:
24 params
['eap_teap_separate_result'] = eap_teap_separate_result
26 params
['eap_teap_id'] = eap_teap_id
29 def test_eap_teap_eap_mschapv2(dev
, apdev
):
30 """EAP-TEAP with inner EAP-MSCHAPv2"""
31 check_eap_capa(dev
[0], "TEAP")
32 check_eap_capa(dev
[0], "MSCHAPV2")
33 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
34 hapd
= hostapd
.add_ap(apdev
[0], params
)
35 eap_connect(dev
[0], hapd
, "TEAP", "user",
36 anonymous_identity
="TEAP", password
="password",
37 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
38 pac_file
="blob://teap_pac")
39 eap_reauth(dev
[0], "TEAP")
41 def test_eap_teap_eap_pwd(dev
, apdev
):
42 """EAP-TEAP with inner EAP-PWD"""
43 check_eap_capa(dev
[0], "TEAP")
44 check_eap_capa(dev
[0], "PWD")
45 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
46 hapd
= hostapd
.add_ap(apdev
[0], params
)
47 eap_connect(dev
[0], hapd
, "TEAP", "user-pwd-2",
48 anonymous_identity
="TEAP", password
="password",
49 ca_cert
="auth_serv/ca.pem", phase2
="auth=PWD",
50 pac_file
="blob://teap_pac")
52 def test_eap_teap_eap_eke(dev
, apdev
):
53 """EAP-TEAP with inner EAP-EKE"""
54 check_eap_capa(dev
[0], "TEAP")
55 check_eap_capa(dev
[0], "EKE")
56 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
57 hapd
= hostapd
.add_ap(apdev
[0], params
)
58 eap_connect(dev
[0], hapd
, "TEAP", "user-eke-2",
59 anonymous_identity
="TEAP", password
="password",
60 ca_cert
="auth_serv/ca.pem", phase2
="auth=EKE",
61 pac_file
="blob://teap_pac")
63 def test_eap_teap_basic_password_auth(dev
, apdev
):
64 """EAP-TEAP with Basic-Password-Auth"""
65 check_eap_capa(dev
[0], "TEAP")
66 params
= int_teap_server_params(eap_teap_auth
="1")
67 hapd
= hostapd
.add_ap(apdev
[0], params
)
68 eap_connect(dev
[0], hapd
, "TEAP", "user",
69 anonymous_identity
="TEAP", password
="password",
70 ca_cert
="auth_serv/ca.pem",
71 pac_file
="blob://teap_pac")
73 def test_eap_teap_basic_password_auth_failure(dev
, apdev
):
74 """EAP-TEAP with Basic-Password-Auth failure"""
75 check_eap_capa(dev
[0], "TEAP")
76 params
= int_teap_server_params(eap_teap_auth
="1")
77 hapd
= hostapd
.add_ap(apdev
[0], params
)
78 eap_connect(dev
[0], hapd
, "TEAP", "user",
79 anonymous_identity
="TEAP", password
="incorrect",
80 ca_cert
="auth_serv/ca.pem",
81 pac_file
="blob://teap_pac", expect_failure
=True)
83 def test_eap_teap_basic_password_auth_no_password(dev
, apdev
):
84 """EAP-TEAP with Basic-Password-Auth and no password configured"""
85 check_eap_capa(dev
[0], "TEAP")
86 params
= int_teap_server_params(eap_teap_auth
="1")
87 hapd
= hostapd
.add_ap(apdev
[0], params
)
88 eap_connect(dev
[0], hapd
, "TEAP", "user",
89 anonymous_identity
="TEAP",
90 ca_cert
="auth_serv/ca.pem",
91 pac_file
="blob://teap_pac", expect_failure
=True)
93 def test_eap_teap_basic_password_auth_id0(dev
, apdev
):
94 """EAP-TEAP with Basic-Password-Auth (eap_teap_id=0)"""
95 run_eap_teap_basic_password_auth_id(dev
, apdev
, 0)
97 def test_eap_teap_basic_password_auth_id1(dev
, apdev
):
98 """EAP-TEAP with Basic-Password-Auth (eap_teap_id=1)"""
99 run_eap_teap_basic_password_auth_id(dev
, apdev
, 1)
101 def test_eap_teap_basic_password_auth_id2(dev
, apdev
):
102 """EAP-TEAP with Basic-Password-Auth (eap_teap_id=2)"""
103 run_eap_teap_basic_password_auth_id(dev
, apdev
, 2, failure
=True)
105 def test_eap_teap_basic_password_auth_id3(dev
, apdev
):
106 """EAP-TEAP with Basic-Password-Auth (eap_teap_id=3)"""
107 run_eap_teap_basic_password_auth_id(dev
, apdev
, 3)
109 def test_eap_teap_basic_password_auth_id4(dev
, apdev
):
110 """EAP-TEAP with Basic-Password-Auth (eap_teap_id=4)"""
111 run_eap_teap_basic_password_auth_id(dev
, apdev
, 4)
113 def run_eap_teap_basic_password_auth_id(dev
, apdev
, eap_teap_id
, failure
=False):
114 check_eap_capa(dev
[0], "TEAP")
115 params
= int_teap_server_params(eap_teap_auth
="1",
116 eap_teap_id
=str(eap_teap_id
))
117 hapd
= hostapd
.add_ap(apdev
[0], params
)
118 eap_connect(dev
[0], hapd
, "TEAP", "user",
119 anonymous_identity
="TEAP", password
="password",
120 ca_cert
="auth_serv/ca.pem",
121 pac_file
="blob://teap_pac",
122 expect_failure
=failure
)
124 def test_eap_teap_peer_outer_tlvs(dev
, apdev
):
125 """EAP-TEAP with peer Outer TLVs"""
126 check_eap_capa(dev
[0], "TEAP")
127 check_eap_capa(dev
[0], "MSCHAPV2")
128 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
129 hapd
= hostapd
.add_ap(apdev
[0], params
)
130 eap_connect(dev
[0], hapd
, "TEAP", "user",
131 anonymous_identity
="TEAP", password
="password",
132 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
133 pac_file
="blob://teap_pac", phase1
="teap_test_outer_tlvs=1")
135 def test_eap_teap_eap_mschapv2_pac(dev
, apdev
):
136 """EAP-TEAP with inner EAP-MSCHAPv2 and PAC provisioning"""
137 check_eap_capa(dev
[0], "TEAP")
138 check_eap_capa(dev
[0], "MSCHAPV2")
139 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
140 hapd
= hostapd
.add_ap(apdev
[0], params
)
141 eap_connect(dev
[0], hapd
, "TEAP", "user",
142 anonymous_identity
="TEAP", password
="password",
143 phase1
="teap_provisioning=2",
144 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
145 pac_file
="blob://teap_pac")
146 res
= eap_reauth(dev
[0], "TEAP")
147 if res
['tls_session_reused'] != '1':
148 raise Exception("EAP-TEAP could not use PAC session ticket")
150 def test_eap_teap_eap_mschapv2_pac_no_inner_eap(dev
, apdev
):
151 """EAP-TEAP with inner EAP-MSCHAPv2 and PAC without inner EAP"""
152 check_eap_capa(dev
[0], "TEAP")
153 check_eap_capa(dev
[0], "MSCHAPV2")
154 params
= int_teap_server_params(eap_teap_pac_no_inner
="1")
155 hapd
= hostapd
.add_ap(apdev
[0], params
)
156 eap_connect(dev
[0], hapd
, "TEAP", "user",
157 anonymous_identity
="TEAP", password
="password",
158 phase1
="teap_provisioning=2",
159 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
160 pac_file
="blob://teap_pac")
161 res
= eap_reauth(dev
[0], "TEAP")
162 if res
['tls_session_reused'] != '1':
163 raise Exception("EAP-TEAP could not use PAC session ticket")
165 def test_eap_teap_eap_mschapv2_separate_result(dev
, apdev
):
166 """EAP-TEAP with inner EAP-MSCHAPv2 and separate message for Result TLV"""
167 check_eap_capa(dev
[0], "TEAP")
168 check_eap_capa(dev
[0], "MSCHAPV2")
169 params
= int_teap_server_params(eap_teap_separate_result
="1")
170 hapd
= hostapd
.add_ap(apdev
[0], params
)
171 eap_connect(dev
[0], hapd
, "TEAP", "user",
172 anonymous_identity
="TEAP", password
="password",
173 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
174 pac_file
="blob://teap_pac")
176 def test_eap_teap_eap_mschapv2_pac_no_ca_cert(dev
, apdev
):
177 """EAP-TEAP with inner EAP-MSCHAPv2 and PAC provisioning attempt without ca_cert"""
178 check_eap_capa(dev
[0], "TEAP")
179 check_eap_capa(dev
[0], "MSCHAPV2")
180 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
181 hapd
= hostapd
.add_ap(apdev
[0], params
)
182 eap_connect(dev
[0], hapd
, "TEAP", "user",
183 anonymous_identity
="TEAP", password
="password",
184 phase1
="teap_provisioning=2",
185 phase2
="auth=MSCHAPV2",
186 pac_file
="blob://teap_pac")
187 res
= eap_reauth(dev
[0], "TEAP")
188 if res
['tls_session_reused'] == '1':
189 raise Exception("Unexpected use of PAC session ticket")
191 def test_eap_teap_eap_mschapv2_id0(dev
, apdev
):
192 """EAP-TEAP with inner EAP-MSCHAPv2 (eap_teap_id=0)"""
193 run_eap_teap_eap_mschapv2_id(dev
, apdev
, 0)
195 def test_eap_teap_eap_mschapv2_id1(dev
, apdev
):
196 """EAP-TEAP with inner EAP-MSCHAPv2 (eap_teap_id=1)"""
197 run_eap_teap_eap_mschapv2_id(dev
, apdev
, 1)
199 def test_eap_teap_eap_mschapv2_id2(dev
, apdev
):
200 """EAP-TEAP with inner EAP-MSCHAPv2 (eap_teap_id=2)"""
201 run_eap_teap_eap_mschapv2_id(dev
, apdev
, 2, failure
=True)
203 def test_eap_teap_eap_mschapv2_id3(dev
, apdev
):
204 """EAP-TEAP with inner EAP-MSCHAPv2 (eap_teap_id=3)"""
205 run_eap_teap_eap_mschapv2_id(dev
, apdev
, 3)
207 def test_eap_teap_eap_mschapv2_id4(dev
, apdev
):
208 """EAP-TEAP with inner EAP-MSCHAPv2 (eap_teap_id=4)"""
209 run_eap_teap_eap_mschapv2_id(dev
, apdev
, 4)
211 def run_eap_teap_eap_mschapv2_id(dev
, apdev
, eap_teap_id
, failure
=False):
212 check_eap_capa(dev
[0], "TEAP")
213 check_eap_capa(dev
[0], "MSCHAPV2")
214 params
= int_teap_server_params(eap_teap_id
=str(eap_teap_id
))
215 hapd
= hostapd
.add_ap(apdev
[0], params
)
216 eap_connect(dev
[0], hapd
, "TEAP", "user",
217 anonymous_identity
="TEAP", password
="password",
218 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
219 pac_file
="blob://teap_pac",
220 expect_failure
=failure
)
222 def test_eap_teap_basic_password_auth_pac(dev
, apdev
):
223 """EAP-TEAP with Basic-Password-Auth and PAC"""
224 check_eap_capa(dev
[0], "TEAP")
225 params
= int_teap_server_params(eap_teap_auth
="1")
226 hapd
= hostapd
.add_ap(apdev
[0], params
)
227 eap_connect(dev
[0], hapd
, "TEAP", "user",
228 anonymous_identity
="TEAP", password
="password",
229 phase1
="teap_provisioning=2",
230 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
231 pac_file
="blob://teap_pac")
232 res
= eap_reauth(dev
[0], "TEAP")
233 if res
['tls_session_reused'] != '1':
234 raise Exception("EAP-TEAP could not use PAC session ticket")
236 def test_eap_teap_basic_password_auth_pac_binary(dev
, apdev
):
237 """EAP-TEAP with Basic-Password-Auth and PAC (binary)"""
238 check_eap_capa(dev
[0], "TEAP")
239 params
= int_teap_server_params(eap_teap_auth
="1")
240 hapd
= hostapd
.add_ap(apdev
[0], params
)
241 eap_connect(dev
[0], hapd
, "TEAP", "user",
242 anonymous_identity
="TEAP", password
="password",
243 phase1
="teap_provisioning=2 teap_max_pac_list_len=2 teap_pac_format=binary",
244 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
245 pac_file
="blob://teap_pac_bin")
246 res
= eap_reauth(dev
[0], "TEAP")
247 if res
['tls_session_reused'] != '1':
248 raise Exception("EAP-TEAP could not use PAC session ticket")
250 def test_eap_teap_basic_password_auth_pac_no_inner_eap(dev
, apdev
):
251 """EAP-TEAP with Basic-Password-Auth and PAC without inner auth"""
252 check_eap_capa(dev
[0], "TEAP")
253 params
= int_teap_server_params(eap_teap_auth
="1",
254 eap_teap_pac_no_inner
="1")
255 hapd
= hostapd
.add_ap(apdev
[0], params
)
256 eap_connect(dev
[0], hapd
, "TEAP", "user",
257 anonymous_identity
="TEAP", password
="password",
258 phase1
="teap_provisioning=2",
259 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
260 pac_file
="blob://teap_pac")
261 res
= eap_reauth(dev
[0], "TEAP")
262 if res
['tls_session_reused'] != '1':
263 raise Exception("EAP-TEAP could not use PAC session ticket")
265 def test_eap_teap_eap_eke_unauth_server_prov(dev
, apdev
):
266 """EAP-TEAP with inner EAP-EKE and unauthenticated server provisioning"""
267 check_eap_capa(dev
[0], "TEAP")
268 check_eap_capa(dev
[0], "EKE")
269 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
270 hapd
= hostapd
.add_ap(apdev
[0], params
)
271 eap_connect(dev
[0], hapd
, "TEAP", "user-eke-2",
272 anonymous_identity
="TEAP", password
="password",
273 phase1
="teap_provisioning=1",
274 phase2
="auth=EKE", pac_file
="blob://teap_pac")
275 res
= eap_reauth(dev
[0], "TEAP")
276 if res
['tls_session_reused'] != '1':
277 raise Exception("EAP-TEAP could not use PAC session ticket")
279 def test_eap_teap_fragmentation(dev
, apdev
):
280 """EAP-TEAP with fragmentation"""
281 check_eap_capa(dev
[0], "TEAP")
282 check_eap_capa(dev
[0], "MSCHAPV2")
283 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
284 hapd
= hostapd
.add_ap(apdev
[0], params
)
285 eap_connect(dev
[0], hapd
, "TEAP", "user",
286 anonymous_identity
="TEAP", password
="password",
287 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
288 pac_file
="blob://teap_pac", fragment_size
="100")
290 def test_eap_teap_tls_cs_sha1(dev
, apdev
):
291 """EAP-TEAP with TLS cipher suite that uses SHA-1"""
292 run_eap_teap_tls_cs(dev
, apdev
, "AES128-SHA")
294 def test_eap_teap_tls_cs_sha256(dev
, apdev
):
295 """EAP-TEAP with TLS cipher suite that uses SHA-256"""
296 run_eap_teap_tls_cs(dev
, apdev
, "AES128-SHA256")
298 def test_eap_teap_tls_cs_sha384(dev
, apdev
):
299 """EAP-TEAP with TLS cipher suite that uses SHA-384"""
300 run_eap_teap_tls_cs(dev
, apdev
, "AES256-GCM-SHA384")
302 def run_eap_teap_tls_cs(dev
, apdev
, cipher
):
303 check_eap_capa(dev
[0], "TEAP")
304 tls
= dev
[0].request("GET tls_library")
305 if not tls
.startswith("OpenSSL"):
306 raise HwsimSkip("TLS library not supported for TLS CS configuration: " + tls
)
307 params
= int_teap_server_params(eap_teap_auth
="1")
308 params
['openssl_ciphers'] = cipher
309 hapd
= hostapd
.add_ap(apdev
[0], params
)
310 eap_connect(dev
[0], hapd
, "TEAP", "user",
311 anonymous_identity
="TEAP", password
="password",
312 ca_cert
="auth_serv/ca.pem",
313 pac_file
="blob://teap_pac")
315 def wait_eap_proposed(dev
, wait_trigger
=None):
316 ev
= dev
.wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout
=10)
318 raise Exception("Timeout on EAP start")
320 wait_fail_trigger(dev
, wait_trigger
)
321 dev
.request("REMOVE_NETWORK all")
322 dev
.wait_disconnected()
325 def test_eap_teap_errors(dev
, apdev
):
326 """EAP-TEAP local errors"""
327 check_eap_capa(dev
[0], "TEAP")
328 check_eap_capa(dev
[0], "MSCHAPV2")
329 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
330 hapd
= hostapd
.add_ap(apdev
[0], params
)
332 dev
[0].connect("test-wpa2-eap", key_mgmt
="WPA-EAP",
334 eap
="TEAP", identity
="user", password
="password",
335 anonymous_identity
="TEAP",
336 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
338 wait_eap_proposed(dev
[0])
340 dev
[0].set("blob", "teap_broken_pac 11")
341 dev
[0].connect("test-wpa2-eap", key_mgmt
="WPA-EAP",
343 eap
="TEAP", identity
="user", password
="password",
344 anonymous_identity
="TEAP",
345 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
346 pac_file
="blob://teap_broken_pac", wait_connect
=False)
347 wait_eap_proposed(dev
[0])
348 dev
[0].connect("test-wpa2-eap", key_mgmt
="WPA-EAP",
350 eap
="TEAP", identity
="user", password
="password",
351 anonymous_identity
="TEAP",
352 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
353 phase1
="teap_pac_format=binary",
354 pac_file
="blob://teap_broken_pac", wait_connect
=False)
355 wait_eap_proposed(dev
[0])
357 tests
= [(1, "eap_teap_tlv_eap_payload"),
358 (1, "eap_teap_process_eap_payload_tlv"),
359 (1, "eap_teap_compound_mac"),
360 (1, "eap_teap_tlv_result"),
361 (1, "eap_peer_select_phase2_methods"),
362 (1, "eap_peer_tls_ssl_init"),
363 (1, "eap_teap_session_id"),
364 (1, "wpabuf_alloc;=eap_teap_process_crypto_binding"),
365 (1, "eap_peer_tls_encrypt"),
366 (1, "eap_peer_tls_decrypt"),
367 (1, "eap_teap_getKey"),
368 (1, "eap_teap_session_id"),
369 (1, "eap_teap_init")]
370 for count
, func
in tests
:
371 with
alloc_fail(dev
[0], count
, func
):
372 dev
[0].connect("test-wpa2-eap", key_mgmt
="WPA-EAP",
374 eap
="TEAP", identity
="user", password
="password",
375 anonymous_identity
="TEAP",
376 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
377 pac_file
="blob://teap_pac", wait_connect
=False)
378 wait_eap_proposed(dev
[0], wait_trigger
="GET_ALLOC_FAIL")
380 tests
= [(1, "eap_teap_derive_eap_msk"),
381 (1, "eap_teap_derive_eap_emsk"),
382 (1, "eap_teap_write_crypto_binding"),
383 (1, "eap_teap_process_crypto_binding"),
384 (1, "eap_teap_derive_msk;eap_teap_process_crypto_binding"),
385 (1, "eap_teap_compound_mac;eap_teap_process_crypto_binding"),
386 (1, "eap_teap_derive_imck")]
387 for count
, func
in tests
:
388 with
fail_test(dev
[0], count
, func
):
389 dev
[0].connect("test-wpa2-eap", key_mgmt
="WPA-EAP",
391 eap
="TEAP", identity
="user", password
="password",
392 anonymous_identity
="TEAP",
393 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
394 pac_file
="blob://teap_pac", wait_connect
=False)
395 wait_eap_proposed(dev
[0], wait_trigger
="GET_FAIL")
397 def test_eap_teap_errors2(dev
, apdev
):
398 """EAP-TEAP local errors 2 (Basic-Password-Auth specific)"""
399 check_eap_capa(dev
[0], "TEAP")
400 check_eap_capa(dev
[0], "MSCHAPV2")
401 params
= int_teap_server_params(eap_teap_auth
="1")
402 hapd
= hostapd
.add_ap(apdev
[0], params
)
404 tests
= [(1, "eap_teap_tlv_pac_ack"),
405 (1, "eap_teap_process_basic_auth_req")]
406 for count
, func
in tests
:
407 with
alloc_fail(dev
[0], count
, func
):
408 dev
[0].connect("test-wpa2-eap", key_mgmt
="WPA-EAP",
410 eap
="TEAP", identity
="user", password
="password",
411 anonymous_identity
="TEAP",
412 phase1
="teap_provisioning=2",
413 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
414 pac_file
="blob://teap_pac", wait_connect
=False)
415 wait_eap_proposed(dev
[0], wait_trigger
="GET_ALLOC_FAIL")
417 tests
= [(1, "eap_teap_derive_cmk_basic_pw_auth")]
418 for count
, func
in tests
:
419 with
fail_test(dev
[0], count
, func
):
420 dev
[0].connect("test-wpa2-eap", key_mgmt
="WPA-EAP",
422 eap
="TEAP", identity
="user", password
="password",
423 anonymous_identity
="TEAP",
424 phase1
="teap_provisioning=2",
425 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
426 pac_file
="blob://teap_pac", wait_connect
=False)
427 wait_eap_proposed(dev
[0], wait_trigger
="GET_FAIL")
429 def test_eap_teap_eap_vendor(dev
, apdev
):
430 """EAP-TEAP with inner EAP-vendor"""
431 check_eap_capa(dev
[0], "TEAP")
432 check_eap_capa(dev
[0], "VENDOR-TEST")
433 params
= hostapd
.wpa2_eap_params(ssid
="test-wpa2-eap")
434 hapd
= hostapd
.add_ap(apdev
[0], params
)
435 eap_connect(dev
[0], hapd
, "TEAP", "vendor-test-2",
436 anonymous_identity
="TEAP",
437 ca_cert
="auth_serv/ca.pem", phase2
="auth=VENDOR-TEST",
438 pac_file
="blob://teap_pac")