tests: EAP-TEAP with machine username/password credential

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/tests/hwsim/auth_serv/eap_user.conf b/tests/hwsim/auth_serv/eap_user.conf
index a75bc3d1d5a80e1cadd87b2e08b4addce25645ce..7343f40a3656739c1cf88e33491018f794d313db 100644 (file)
--- a/tests/hwsim/auth_serv/eap_user.conf
+++ b/tests/hwsim/auth_serv/eap_user.conf
@@ -141,6 +141,7 @@ radius_accept_attr=56:x:32000011
 "user2"        MSCHAPV2,MD5,GTC        "password"      [2]
 "DOMAIN\user3" MSCHAPV2        "password"      [2]
 "user-no-passwd"       MSCHAPV2,MD5,GTC        [2]
+"machine"      MSCHAPV2,MD5,GTC        "machine-password"      [2]
 "cert user"    TLS     [2]
 "user-secret"  GTC     "63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25"      [2]
 "user-pwd-2"   PWD     "password"      [2]

diff --git a/tests/hwsim/test_eap.py b/tests/hwsim/test_eap.py
index 2d267f9a18a58ea4600c7e5987a983087d0ff062..0d0ea273a691c584459758d3aae4349a532b3b9b 100644 (file)
--- a/tests/hwsim/test_eap.py
+++ b/tests/hwsim/test_eap.py
@@ -121,6 +121,17 @@ def run_eap_teap_basic_password_auth_id(dev, apdev, eap_teap_id, failure=False):
                 pac_file="blob://teap_pac",
                 expect_failure=failure)
 
+def test_eap_teap_basic_password_auth_machine(dev, apdev):
+    """EAP-TEAP with Basic-Password-Auth using machine credential"""
+    check_eap_capa(dev[0], "TEAP")
+    params = int_teap_server_params(eap_teap_auth="1", eap_teap_id="2")
+    hapd = hostapd.add_ap(apdev[0], params)
+    eap_connect(dev[0], hapd, "TEAP", "",
+                anonymous_identity="TEAP",
+                machine_identity="machine", machine_password="machine-password",
+                ca_cert="auth_serv/ca.pem",
+                pac_file="blob://teap_pac")
+
 def test_eap_teap_peer_outer_tlvs(dev, apdev):
     """EAP-TEAP with peer Outer TLVs"""
     check_eap_capa(dev[0], "TEAP")
@@ -219,6 +230,18 @@ def run_eap_teap_eap_mschapv2_id(dev, apdev, eap_teap_id, failure=False):
                 pac_file="blob://teap_pac",
                 expect_failure=failure)
 
+def test_eap_teap_eap_mschapv2_machine(dev, apdev):
+    """EAP-TEAP with inner EAP-MSCHAPv2 using machine credential"""
+    check_eap_capa(dev[0], "TEAP")
+    check_eap_capa(dev[0], "MSCHAPV2")
+    params = int_teap_server_params(eap_teap_id="2")
+    hapd = hostapd.add_ap(apdev[0], params)
+    eap_connect(dev[0], hapd, "TEAP", "",
+                anonymous_identity="TEAP",
+                machine_identity="machine", machine_password="machine-password",
+                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
+                pac_file="blob://teap_pac")
+
 def test_eap_teap_basic_password_auth_pac(dev, apdev):
     """EAP-TEAP with Basic-Password-Auth and PAC"""
     check_eap_capa(dev[0], "TEAP")

diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py
index 8c7e13d02c771f4baa503563ab5fcc23a9353a4d..af36081eeb2078c400bf7541a3b1bc629918c30c 100644 (file)
--- a/tests/hwsim/wpasupplicant.py
+++ b/tests/hwsim/wpasupplicant.py
@@ -1062,6 +1062,7 @@ class WpaSupplicant:
             self.set_network(id, "ssid", ssid2)
 
         quoted = ["psk", "identity", "anonymous_identity", "password",
+                  "machine_identity", "machine_password",
                   "ca_cert", "client_cert", "private_key",
                   "private_key_passwd", "ca_cert2", "client_cert2",
                   "private_key2", "phase1", "phase2", "domain_suffix_match",