tests: Verify EAP-PEAP/EAP-TLS

Signed-hostap: Jouni Malinen <j@w1.fi>

tests/hwsim/auth_serv/eap_user.conf

@@ -34,3 +34,4 @@
 "hs20-test"	TTLS-MSCHAPV2	"password"	[2]
 
 "user"	MSCHAPV2,MD5,GTC	"password"	[2]
+"cert user"	TLS	[2]

tests/hwsim/test_ap_eap.py

@@ -21,7 +21,8 @@ def eap_connect(dev, ap, method, identity, anonymous_identity=None,
                 domain_suffix_match=None, password_hex=None,
                 client_cert=None, private_key=None, sha256=False,
                 fragment_size=None, expect_failure=False,
-                local_error_report=False):
+                local_error_report=False,
+                ca_cert2=None, client_cert2=None, private_key2=None):
     hapd = hostapd.Hostapd(ap['ifname'])
     id = dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP WPA-EAP-SHA256",
                      eap=method, identity=identity,
@@ -31,7 +32,9 @@ def eap_connect(dev, ap, method, identity, anonymous_identity=None,
                      wait_connect=False, scan_freq="2412",
                      password_hex=password_hex,
                      client_cert=client_cert, private_key=private_key,
-                     ieee80211w="1", fragment_size=fragment_size)
+                     ieee80211w="1", fragment_size=fragment_size,
+                     ca_cert2=ca_cert2, client_cert2=client_cert2,
+                     private_key2=private_key2)
     eap_check_auth(dev, method, True, sha256=sha256,
                    expect_failure=expect_failure,
                    local_error_report=local_error_report)
@@ -283,6 +286,17 @@ def test_ap_wpa2_eap_peap_crypto_binding(dev, apdev):
     hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
     eap_reauth(dev[0], "PEAP")
 
+def test_ap_wpa2_eap_peap_eap_tls(dev, apdev):
+    """WPA2-Enterprise connection using EAP-PEAP/EAP-TLS"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], apdev[0], "PEAP", "cert user",
+                ca_cert="auth_serv/ca.pem", phase2="auth=TLS",
+                ca_cert2="auth_serv/ca.pem",
+                client_cert2="auth_serv/user.pem",
+                private_key2="auth_serv/user.key")
+    eap_reauth(dev[0], "PEAP")
+
 def test_ap_wpa2_eap_tls(dev, apdev):
     """WPA2-Enterprise connection using EAP-TLS"""
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")

tests/hwsim/wpasupplicant.py

@@ -569,7 +569,8 @@ class WpaSupplicant:
                 domain_suffix_match=None, password_hex=None,
                 client_cert=None, private_key=None, peerkey=False, okc=False,
                 eapol_flags=None, fragment_size=None,
-                wait_connect=True, only_add_network=False):
+                wait_connect=True, only_add_network=False,
+                ca_cert2=None, client_cert2=None, private_key2=None):
         logger.info("Connect STA " + self.ifname + " to AP")
         id = self.add_network()
         if ssid:
@@ -609,6 +610,12 @@ class WpaSupplicant:
             self.set_network_quoted(id, "client_cert", client_cert)
         if private_key:
             self.set_network_quoted(id, "private_key", private_key)
+        if ca_cert2:
+            self.set_network_quoted(id, "ca_cert2", ca_cert2)
+        if client_cert2:
+            self.set_network_quoted(id, "client_cert2", client_cert2)
+        if private_key2:
+            self.set_network_quoted(id, "private_key2", private_key2)
         if phase1:
             self.set_network_quoted(id, "phase1", phase1)
         if phase2: