tests: EAP-TEAP with machine username/password credentialHEADpendingmaster

Signed-off-by: Jouni Malinen <j@w1.fi>

3 files changed, 25 insertions, 0 deletions

diff --git a/tests/hwsim/auth_serv/eap_user.conf b/tests/hwsim/auth_serv/eap_user.conf
index a75bc3d..7343f40 100644
--- a/tests/hwsim/auth_serv/eap_user.conf
+++ b/tests/hwsim/auth_serv/eap_user.conf
@@ -141,6 +141,7 @@ radius_accept_attr=56:x:32000011
 "user2"	MSCHAPV2,MD5,GTC	"password"	[2]
 "DOMAIN\user3"	MSCHAPV2	"password"	[2]
 "user-no-passwd"	MSCHAPV2,MD5,GTC	[2]
+"machine"	MSCHAPV2,MD5,GTC	"machine-password"	[2]
 "cert user"	TLS	[2]
 "user-secret"	GTC	"63d2d21ac3c09ed567ee004a34490f1d16e7fa5835edf17ddba70a63f1a90a25"	[2]
 "user-pwd-2"	PWD	"password"	[2]
diff --git a/tests/hwsim/test_eap.py b/tests/hwsim/test_eap.py
index 2d267f9..0d0ea27 100644
--- a/tests/hwsim/test_eap.py
+++ b/tests/hwsim/test_eap.py
@@ -121,6 +121,17 @@ def run_eap_teap_basic_password_auth_id(dev, apdev, eap_teap_id, failure=False):
                 pac_file="blob://teap_pac",
                 expect_failure=failure)
 
+def test_eap_teap_basic_password_auth_machine(dev, apdev):
+    """EAP-TEAP with Basic-Password-Auth using machine credential"""
+    check_eap_capa(dev[0], "TEAP")
+    params = int_teap_server_params(eap_teap_auth="1", eap_teap_id="2")
+    hapd = hostapd.add_ap(apdev[0], params)
+    eap_connect(dev[0], hapd, "TEAP", "",
+                anonymous_identity="TEAP",
+                machine_identity="machine", machine_password="machine-password",
+                ca_cert="auth_serv/ca.pem",
+                pac_file="blob://teap_pac")
+
 def test_eap_teap_peer_outer_tlvs(dev, apdev):
     """EAP-TEAP with peer Outer TLVs"""
     check_eap_capa(dev[0], "TEAP")
@@ -219,6 +230,18 @@ def run_eap_teap_eap_mschapv2_id(dev, apdev, eap_teap_id, failure=False):
                 pac_file="blob://teap_pac",
                 expect_failure=failure)
 
+def test_eap_teap_eap_mschapv2_machine(dev, apdev):
+    """EAP-TEAP with inner EAP-MSCHAPv2 using machine credential"""
+    check_eap_capa(dev[0], "TEAP")
+    check_eap_capa(dev[0], "MSCHAPV2")
+    params = int_teap_server_params(eap_teap_id="2")
+    hapd = hostapd.add_ap(apdev[0], params)
+    eap_connect(dev[0], hapd, "TEAP", "",
+                anonymous_identity="TEAP",
+                machine_identity="machine", machine_password="machine-password",
+                ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
+                pac_file="blob://teap_pac")
+
 def test_eap_teap_basic_password_auth_pac(dev, apdev):
     """EAP-TEAP with Basic-Password-Auth and PAC"""
     check_eap_capa(dev[0], "TEAP")
diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py
index 8c7e13d..af36081 100644
--- a/tests/hwsim/wpasupplicant.py
+++ b/tests/hwsim/wpasupplicant.py
@@ -1062,6 +1062,7 @@ class WpaSupplicant:
             self.set_network(id, "ssid", ssid2)
 
         quoted = ["psk", "identity", "anonymous_identity", "password",
+                  "machine_identity", "machine_password",
                   "ca_cert", "client_cert", "private_key",
                   "private_key_passwd", "ca_cert2", "client_cert2",
                   "private_key2", "phase1", "phase2", "domain_suffix_match",