def test_eap_teap_eap_mschapv2(dev, apdev):
"""EAP-TEAP with inner EAP-MSCHAPv2"""
check_eap_capa(dev[0], "TEAP")
check_eap_capa(dev[0], "MSCHAPV2")
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hapd = hostapd.add_ap(apdev[0], params)
eap_connect(dev[0], hapd, "TEAP", "user",
anonymous_identity="TEAP", password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
pac_file="blob://teap_pac")
eap_reauth(dev[0], "TEAP")
def test_eap_teap_client_cert(dev, apdev):
"""EAP-TEAP with client certificate in Phase 1"""
check_eap_capa(dev[0], "TEAP")
params = int_teap_server_params(eap_teap_auth="2")
hapd = hostapd.add_ap(apdev[0], params)
# verify server accept a client with certificate, but no Phase 2
# configuration
eap_connect(dev[0], hapd, "TEAP", "user",
anonymous_identity="TEAP",
phase1="teap_provisioning=2",
client_cert="auth_serv/user.pem",
private_key="auth_serv/user.key",
ca_cert="auth_serv/ca.pem",
pac_file="blob://teap_pac")
dev[0].dump_monitor()
res = eap_reauth(dev[0], "TEAP")
if res['tls_session_reused'] != '1':
raise Exception("EAP-TEAP could not use PAC session ticket")
# verify server accepts a client without certificate
eap_connect(dev[1], hapd, "TEAP", "user",
anonymous_identity="TEAP", password="******",
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
pac_file="blob://teap_pac")
def test_eap_teap_eap_eke_unauth_server_prov(dev, apdev):
"""EAP-TEAP with inner EAP-EKE and unauthenticated server provisioning"""
check_eap_capa(dev[0], "TEAP")
check_eap_capa(dev[0], "EKE")
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hapd = hostapd.add_ap(apdev[0], params)
eap_connect(dev[0], hapd, "TEAP", "user-eke-2",
anonymous_identity="TEAP", password="******",
phase1="teap_provisioning=1",
phase2="auth=EKE", pac_file="blob://teap_pac")
res = eap_reauth(dev[0], "TEAP")
if res['tls_session_reused'] != '1':
raise Exception("EAP-TEAP could not use PAC session ticket")
def test_eap_teap_basic_password_auth_pac_binary(dev, apdev):
"""EAP-TEAP with Basic-Password-Auth and PAC (binary)"""
check_eap_capa(dev[0], "TEAP")
params = int_teap_server_params(eap_teap_auth="1")
hapd = hostapd.add_ap(apdev[0], params)
eap_connect(dev[0], hapd, "TEAP", "user",
anonymous_identity="TEAP", password="******",
phase1="teap_provisioning=2 teap_max_pac_list_len=2 teap_pac_format=binary",
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
pac_file="blob://teap_pac_bin")
res = eap_reauth(dev[0], "TEAP")
if res['tls_session_reused'] != '1':
raise Exception("EAP-TEAP could not use PAC session ticket")
def test_eap_teap_eap_mschapv2_pac_no_ca_cert(dev, apdev):
"""EAP-TEAP with inner EAP-MSCHAPv2 and PAC provisioning attempt without ca_cert"""
check_eap_capa(dev[0], "TEAP")
check_eap_capa(dev[0], "MSCHAPV2")
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
hapd = hostapd.add_ap(apdev[0], params)
eap_connect(dev[0], hapd, "TEAP", "user",
anonymous_identity="TEAP", password="******",
phase1="teap_provisioning=2",
phase2="auth=MSCHAPV2",
pac_file="blob://teap_pac")
res = eap_reauth(dev[0], "TEAP")
if res['tls_session_reused'] == '1':
raise Exception("Unexpected use of PAC session ticket")
def test_eap_teap_eap_mschapv2_pac_no_inner_eap(dev, apdev):
"""EAP-TEAP with inner EAP-MSCHAPv2 and PAC without inner EAP"""
check_eap_capa(dev[0], "TEAP")
check_eap_capa(dev[0], "MSCHAPV2")
params = int_teap_server_params(eap_teap_pac_no_inner="1")
hapd = hostapd.add_ap(apdev[0], params)
eap_connect(dev[0], hapd, "TEAP", "user",
anonymous_identity="TEAP", password="******",
phase1="teap_provisioning=2",
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
pac_file="blob://teap_pac")
res = eap_reauth(dev[0], "TEAP")
if res['tls_session_reused'] != '1':
raise Exception("EAP-TEAP could not use PAC session ticket")
