Parcourir la source

tests: Skip EAP-MD5 and EAP-MSCHAPV2 test cases in FIPS mode

These would require MD5 or MD4 which are not allowed in FIPS mode.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen il y a 9 ans
Parent
commit
e7ac04ceaf
3 fichiers modifiés avec 75 ajouts et 1 suppressions
  1. 16 0
      tests/hwsim/test_ap_eap.py
  2. 54 0
      tests/hwsim/test_ap_hs20.py
  3. 5 1
      tests/hwsim/test_eap_proto.py

+ 16 - 0
tests/hwsim/test_ap_eap.py

@@ -993,6 +993,7 @@ def test_ap_wpa2_eap_ttls_eap_gtc_server_oom(dev, apdev):
 
 def test_ap_wpa2_eap_ttls_eap_md5(dev, apdev):
     """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5"""
+    check_eap_capa(dev[0], "MD5")
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
     eap_connect(dev[0], apdev[0], "TTLS", "user",
@@ -1003,6 +1004,7 @@ def test_ap_wpa2_eap_ttls_eap_md5(dev, apdev):
 
 def test_ap_wpa2_eap_ttls_eap_md5_incorrect_password(dev, apdev):
     """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5 - incorrect password"""
+    check_eap_capa(dev[0], "MD5")
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
     eap_connect(dev[0], apdev[0], "TTLS", "user",
@@ -1012,6 +1014,7 @@ def test_ap_wpa2_eap_ttls_eap_md5_incorrect_password(dev, apdev):
 
 def test_ap_wpa2_eap_ttls_eap_md5_no_password(dev, apdev):
     """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5 - no password"""
+    check_eap_capa(dev[0], "MD5")
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
     eap_connect(dev[0], apdev[0], "TTLS", "user-no-passwd",
@@ -1021,6 +1024,7 @@ def test_ap_wpa2_eap_ttls_eap_md5_no_password(dev, apdev):
 
 def test_ap_wpa2_eap_ttls_eap_md5_server_oom(dev, apdev):
     """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5 - server OOM"""
+    check_eap_capa(dev[0], "MD5")
     params = int_eap_server_params()
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
     with alloc_fail(hapd, 1, "eap_md5_init"):
@@ -1045,6 +1049,7 @@ def test_ap_wpa2_eap_ttls_eap_md5_server_oom(dev, apdev):
 
 def test_ap_wpa2_eap_ttls_eap_mschapv2(dev, apdev):
     """WPA2-Enterprise connection using EAP-TTLS/EAP-MSCHAPv2"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
     eap_connect(dev[0], apdev[0], "TTLS", "user",
@@ -1062,6 +1067,7 @@ def test_ap_wpa2_eap_ttls_eap_mschapv2(dev, apdev):
 
 def test_ap_wpa2_eap_ttls_eap_mschapv2_no_password(dev, apdev):
     """WPA2-Enterprise connection using EAP-TTLS/EAP-MSCHAPv2 - no password"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
     eap_connect(dev[0], apdev[0], "TTLS", "user-no-passwd",
@@ -1071,6 +1077,7 @@ def test_ap_wpa2_eap_ttls_eap_mschapv2_no_password(dev, apdev):
 
 def test_ap_wpa2_eap_ttls_eap_mschapv2_server_oom(dev, apdev):
     """WPA2-Enterprise connection using EAP-TTLS/EAP-MSCHAPv2 - server OOM"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = int_eap_server_params()
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
     with alloc_fail(hapd, 1, "eap_mschapv2_init"):
@@ -1154,6 +1161,7 @@ def test_ap_wpa2_eap_fast_eap_aka(dev, apdev):
 
 def test_ap_wpa2_eap_peap_eap_mschapv2(dev, apdev):
     """WPA2-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
     eap_connect(dev[0], apdev[0], "PEAP", "user",
@@ -1183,6 +1191,7 @@ def test_ap_wpa2_eap_peap_eap_mschapv2(dev, apdev):
 
 def test_ap_wpa2_eap_peap_eap_mschapv2_domain(dev, apdev):
     """WPA2-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2 with domain"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
     eap_connect(dev[0], apdev[0], "PEAP", "DOMAIN\user3",
@@ -1193,6 +1202,7 @@ def test_ap_wpa2_eap_peap_eap_mschapv2_domain(dev, apdev):
 
 def test_ap_wpa2_eap_peap_eap_mschapv2_incorrect_password(dev, apdev):
     """WPA2-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2 - incorrect password"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
     eap_connect(dev[0], apdev[0], "PEAP", "user",
@@ -1202,6 +1212,7 @@ def test_ap_wpa2_eap_peap_eap_mschapv2_incorrect_password(dev, apdev):
 
 def test_ap_wpa2_eap_peap_crypto_binding(dev, apdev):
     """WPA2-Enterprise connection using EAP-PEAPv0/EAP-MSCHAPv2 and crypto binding"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
     eap_connect(dev[0], apdev[0], "PEAP", "user", password="password",
@@ -1222,6 +1233,7 @@ def test_ap_wpa2_eap_peap_crypto_binding(dev, apdev):
 
 def test_ap_wpa2_eap_peap_crypto_binding_server_oom(dev, apdev):
     """WPA2-Enterprise connection using EAP-PEAPv0/EAP-MSCHAPv2 and crypto binding with server OOM"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = int_eap_server_params()
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
     with alloc_fail(hapd, 1, "eap_mschapv2_getKey"):
@@ -1233,6 +1245,7 @@ def test_ap_wpa2_eap_peap_crypto_binding_server_oom(dev, apdev):
 
 def test_ap_wpa2_eap_peap_params(dev, apdev):
     """WPA2-Enterprise connection using EAP-PEAPv0/EAP-MSCHAPv2 and various parameters"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hostapd.add_ap(apdev[0]['ifname'], params)
     eap_connect(dev[0], apdev[0], "PEAP", "user",
@@ -1345,6 +1358,7 @@ def test_ap_wpa2_eap_tls_pkcs12_blob(dev, apdev):
 
 def test_ap_wpa2_eap_tls_neg_incorrect_trust_root(dev, apdev):
     """WPA2-Enterprise negative test - incorrect trust root"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hostapd.add_ap(apdev[0]['ifname'], params)
     cert = read_pem("auth_serv/ca-incorrect.pem")
@@ -2159,6 +2173,7 @@ def test_ap_wpa2_eap_psk_oom(dev, apdev):
 
 def test_ap_wpa_eap_peap_eap_mschapv2(dev, apdev):
     """WPA-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hostapd.wpa_eap_params(ssid="test-wpa-eap")
     hapd = hostapd.add_ap(apdev[0]['ifname'], params)
     dev[0].connect("test-wpa-eap", key_mgmt="WPA-EAP", eap="PEAP",
@@ -2182,6 +2197,7 @@ def test_ap_wpa_eap_peap_eap_mschapv2(dev, apdev):
 
 def test_ap_wpa2_eap_interactive(dev, apdev):
     """WPA2-Enterprise connection using interactive identity/password entry"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
     hostapd.add_ap(apdev[0]['ifname'], params)
     hapd = hostapd.Hostapd(apdev[0]['ifname'])

+ 54 - 0
tests/hwsim/test_ap_hs20.py

@@ -160,6 +160,7 @@ def check_probe_resp(wt, bssid_unexpected, bssid_expected):
 
 def test_ap_anqp_sharing(dev, apdev):
     """ANQP sharing within ESS and explicit unshare"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     dev[0].flush_scan_cache()
 
     bssid = apdev[0]['bssid']
@@ -211,6 +212,7 @@ def test_ap_anqp_sharing(dev, apdev):
 
 def test_ap_nai_home_realm_query(dev, apdev):
     """NAI Home Realm Query"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
@@ -478,6 +480,7 @@ def test_ap_hs20_ext_sim_roaming(dev, apdev):
 
 def test_ap_hs20_username(dev, apdev):
     """Hotspot 2.0 connection in username/password credential"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['hessid'] = bssid
@@ -507,6 +510,7 @@ def test_ap_hs20_username(dev, apdev):
 
 def test_ap_hs20_connect_api(dev, apdev):
     """Hotspot 2.0 connection with connect API"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['hessid'] = bssid
@@ -534,6 +538,7 @@ def test_ap_hs20_connect_api(dev, apdev):
 
 def test_ap_hs20_auto_interworking(dev, apdev):
     """Hotspot 2.0 connection with auto_interworking=1"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['hessid'] = bssid
@@ -644,10 +649,12 @@ def test_ap_hs20_eap_unknown(dev, apdev):
 
 def test_ap_hs20_eap_peap_mschapv2(dev, apdev):
     """Hotspot 2.0 connection with PEAP/MSCHAPV2"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     eap_test(dev[0], apdev[0], "25[3:26]", "PEAP", "user")
 
 def test_ap_hs20_eap_peap_default(dev, apdev):
     """Hotspot 2.0 connection with PEAP/MSCHAPV2 (as default)"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     eap_test(dev[0], apdev[0], "25", "PEAP", "user")
 
 def test_ap_hs20_eap_peap_gtc(dev, apdev):
@@ -677,6 +684,7 @@ def test_ap_hs20_eap_ttls_mschap(dev, apdev):
 
 def test_ap_hs20_eap_ttls_eap_mschapv2(dev, apdev):
     """Hotspot 2.0 connection with TTLS/EAP-MSCHAPv2"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     eap_test(dev[0], apdev[0], "21[3:26][6:7][99:99]", "TTLS", "user")
 
 def test_ap_hs20_eap_ttls_eap_unknown(dev, apdev):
@@ -824,6 +832,7 @@ def test_ap_hs20_roaming_consortium(dev, apdev):
 
 def test_ap_hs20_username_roaming(dev, apdev):
     """Hotspot 2.0 connection in username/password credential (roaming)"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
@@ -845,6 +854,7 @@ def test_ap_hs20_username_roaming(dev, apdev):
 
 def test_ap_hs20_username_unknown(dev, apdev):
     """Hotspot 2.0 connection in username/password credential (no domain in cred)"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['hessid'] = bssid
@@ -861,6 +871,7 @@ def test_ap_hs20_username_unknown(dev, apdev):
 
 def test_ap_hs20_username_unknown2(dev, apdev):
     """Hotspot 2.0 connection in username/password credential (no domain advertized)"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['hessid'] = bssid
@@ -879,6 +890,7 @@ def test_ap_hs20_username_unknown2(dev, apdev):
 
 def test_ap_hs20_gas_while_associated(dev, apdev):
     """Hotspot 2.0 connection with GAS query while associated"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['hessid'] = bssid
@@ -902,6 +914,7 @@ def test_ap_hs20_gas_while_associated(dev, apdev):
 
 def test_ap_hs20_gas_while_associated_with_pmf(dev, apdev):
     """Hotspot 2.0 connection with GAS query while associated and using PMF"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     try:
         _test_ap_hs20_gas_while_associated_with_pmf(dev, apdev)
     finally:
@@ -938,6 +951,7 @@ def _test_ap_hs20_gas_while_associated_with_pmf(dev, apdev):
 
 def test_ap_hs20_gas_frag_while_associated(dev, apdev):
     """Hotspot 2.0 connection with fragmented GAS query while associated"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['hessid'] = bssid
@@ -963,6 +977,7 @@ def test_ap_hs20_gas_frag_while_associated(dev, apdev):
 
 def test_ap_hs20_multiple_connects(dev, apdev):
     """Hotspot 2.0 connection through multiple network selections"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['hessid'] = bssid
@@ -1100,6 +1115,7 @@ def default_cred(domain=None, user="hs20-test"):
 
 def test_ap_hs20_prefer_home(dev, apdev):
     """Hotspot 2.0 required roaming consortium"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hs20_ap_params()
     params['domain_name'] = "example.org"
     hostapd.add_ap(apdev[0]['ifname'], params)
@@ -1117,6 +1133,7 @@ def test_ap_hs20_prefer_home(dev, apdev):
 
 def test_ap_hs20_req_roaming_consortium(dev, apdev):
     """Hotspot 2.0 required roaming consortium"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hs20_ap_params()
     hostapd.add_ap(apdev[0]['ifname'], params)
 
@@ -1141,6 +1158,7 @@ def test_ap_hs20_req_roaming_consortium(dev, apdev):
 
 def test_ap_hs20_excluded_ssid(dev, apdev):
     """Hotspot 2.0 exclusion based on SSID"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hs20_ap_params()
     params['roaming_consortium'] = [ "223344" ]
     params['anqp_3gpp_cell_net'] = "555,444"
@@ -1184,6 +1202,7 @@ def test_ap_hs20_excluded_ssid(dev, apdev):
 
 def test_ap_hs20_roam_to_higher_prio(dev, apdev):
     """Hotspot 2.0 and roaming from current to higher priority network"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params(ssid="test-hs20-visited")
     params['domain_name'] = "visited.example.org"
@@ -1222,6 +1241,7 @@ def test_ap_hs20_roam_to_higher_prio(dev, apdev):
 
 def test_ap_hs20_domain_suffix_match_full(dev, apdev):
     """Hotspot 2.0 and domain_suffix_match"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     hostapd.add_ap(apdev[0]['ifname'], params)
@@ -1251,6 +1271,7 @@ def test_ap_hs20_domain_suffix_match_full(dev, apdev):
 
 def test_ap_hs20_domain_suffix_match(dev, apdev):
     """Hotspot 2.0 and domain_suffix_match"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     check_domain_match_full(dev[0])
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
@@ -1269,6 +1290,7 @@ def test_ap_hs20_domain_suffix_match(dev, apdev):
 
 def test_ap_hs20_roaming_partner_preference(dev, apdev):
     """Hotspot 2.0 and roaming partner preference"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hs20_ap_params()
     params['domain_name'] = "roaming.example.org"
     hostapd.add_ap(apdev[0]['ifname'], params)
@@ -1293,6 +1315,7 @@ def test_ap_hs20_roaming_partner_preference(dev, apdev):
 
 def test_ap_hs20_max_bss_load(dev, apdev):
     """Hotspot 2.0 and maximum BSS load"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hs20_ap_params()
     params['bss_load_test'] = "12:200:20000"
     hostapd.add_ap(apdev[0]['ifname'], params)
@@ -1328,6 +1351,7 @@ def test_ap_hs20_max_bss_load(dev, apdev):
 
 def test_ap_hs20_max_bss_load2(dev, apdev):
     """Hotspot 2.0 and maximum BSS load with one AP not advertising"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     params = hs20_ap_params()
     params['bss_load_test'] = "12:200:20000"
     hostapd.add_ap(apdev[0]['ifname'], params)
@@ -1351,6 +1375,7 @@ def test_ap_hs20_max_bss_load2(dev, apdev):
 
 def test_ap_hs20_multi_cred_sp_prio(dev, apdev):
     """Hotspot 2.0 multi-cred sp_priority"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     try:
         _test_ap_hs20_multi_cred_sp_prio(dev, apdev)
     finally:
@@ -1394,6 +1419,7 @@ def _test_ap_hs20_multi_cred_sp_prio(dev, apdev):
 
 def test_ap_hs20_multi_cred_sp_prio2(dev, apdev):
     """Hotspot 2.0 multi-cred sp_priority with two BSSes"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     try:
         _test_ap_hs20_multi_cred_sp_prio2(dev, apdev)
     finally:
@@ -1470,6 +1496,7 @@ def conn_capab_cred(domain=None, req_conn_capab=None):
 
 def test_ap_hs20_req_conn_capab(dev, apdev):
     """Hotspot 2.0 network selection with req_conn_capab"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     hostapd.add_ap(apdev[0]['ifname'], params)
@@ -1524,6 +1551,7 @@ def test_ap_hs20_req_conn_capab(dev, apdev):
 
 def test_ap_hs20_req_conn_capab_and_roaming_partner_preference(dev, apdev):
     """Hotspot 2.0 and req_conn_capab with roaming partner preference"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['domain_name'] = "roaming.example.org"
@@ -1575,6 +1603,7 @@ def bw_cred(domain=None, dl_home=None, ul_home=None, dl_roaming=None, ul_roaming
 
 def test_ap_hs20_min_bandwidth_home(dev, apdev):
     """Hotspot 2.0 network selection with min bandwidth (home)"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     hostapd.add_ap(apdev[0]['ifname'], params)
@@ -1610,6 +1639,7 @@ def test_ap_hs20_min_bandwidth_home(dev, apdev):
 
 def test_ap_hs20_min_bandwidth_home_hidden_ssid_in_scan_res(dev, apdev):
     """Hotspot 2.0 network selection with min bandwidth (home) while hidden SSID is included in scan results"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
 
     hapd = hostapd.add_ap(apdev[0]['ifname'], { "ssid": 'secret',
@@ -1656,6 +1686,7 @@ def test_ap_hs20_min_bandwidth_home_hidden_ssid_in_scan_res(dev, apdev):
 
 def test_ap_hs20_min_bandwidth_roaming(dev, apdev):
     """Hotspot 2.0 network selection with min bandwidth (roaming)"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     hostapd.add_ap(apdev[0]['ifname'], params)
@@ -1691,6 +1722,7 @@ def test_ap_hs20_min_bandwidth_roaming(dev, apdev):
 
 def test_ap_hs20_min_bandwidth_and_roaming_partner_preference(dev, apdev):
     """Hotspot 2.0 and minimum bandwidth with roaming partner preference"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['domain_name'] = "roaming.example.org"
@@ -1729,6 +1761,7 @@ def test_ap_hs20_min_bandwidth_no_wan_metrics(dev, apdev):
 
 def test_ap_hs20_deauth_req_ess(dev, apdev):
     """Hotspot 2.0 connection and deauthentication request for ESS"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     try:
         _test_ap_hs20_deauth_req_ess(dev, apdev)
     finally:
@@ -1758,6 +1791,7 @@ def _test_ap_hs20_deauth_req_ess(dev, apdev):
 
 def test_ap_hs20_deauth_req_bss(dev, apdev):
     """Hotspot 2.0 connection and deauthentication request for BSS"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     try:
         _test_ap_hs20_deauth_req_bss(dev, apdev)
     finally:
@@ -1789,6 +1823,7 @@ def _test_ap_hs20_deauth_req_bss(dev, apdev):
 
 def test_ap_hs20_deauth_req_from_radius(dev, apdev):
     """Hotspot 2.0 connection and deauthentication request from RADIUS"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     try:
         _test_ap_hs20_deauth_req_from_radius(dev, apdev)
     finally:
@@ -1817,6 +1852,7 @@ def _test_ap_hs20_deauth_req_from_radius(dev, apdev):
 
 def test_ap_hs20_remediation_required(dev, apdev):
     """Hotspot 2.0 connection and remediation required from RADIUS"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     try:
         _test_ap_hs20_remediation_required(dev, apdev)
     finally:
@@ -1843,6 +1879,7 @@ def _test_ap_hs20_remediation_required(dev, apdev):
 
 def test_ap_hs20_remediation_required_ctrl(dev, apdev):
     """Hotspot 2.0 connection and subrem from ctrl_iface"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     try:
         _test_ap_hs20_remediation_required_ctrl(dev, apdev)
     finally:
@@ -1884,6 +1921,7 @@ def _test_ap_hs20_remediation_required_ctrl(dev, apdev):
 
 def test_ap_hs20_session_info(dev, apdev):
     """Hotspot 2.0 connection and session information from RADIUS"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     try:
         _test_ap_hs20_session_info(dev, apdev)
     finally:
@@ -1953,6 +1991,7 @@ def test_ap_hs20_osen(dev, apdev):
 
 def test_ap_hs20_network_preference(dev, apdev):
     """Hotspot 2.0 network selection with preferred home network"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     hostapd.add_ap(apdev[0]['ifname'], params)
@@ -1993,6 +2032,7 @@ def test_ap_hs20_network_preference(dev, apdev):
 
 def test_ap_hs20_network_preference2(dev, apdev):
     """Hotspot 2.0 network selection with preferred credential"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid2 = apdev[1]['bssid']
     params = hostapd.wpa2_params(ssid="home", passphrase="12345678")
     hostapd.add_ap(apdev[1]['ifname'], params)
@@ -2033,6 +2073,7 @@ def test_ap_hs20_network_preference2(dev, apdev):
 
 def test_ap_hs20_network_preference3(dev, apdev):
     """Hotspot 2.0 network selection with two credential (one preferred)"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     hostapd.add_ap(apdev[0]['ifname'], params)
@@ -2073,6 +2114,7 @@ def test_ap_hs20_network_preference3(dev, apdev):
 
 def test_ap_hs20_network_preference4(dev, apdev):
     """Hotspot 2.0 network selection with username vs. SIM credential"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     hostapd.add_ap(apdev[0]['ifname'], params)
@@ -2115,6 +2157,7 @@ def test_ap_hs20_network_preference4(dev, apdev):
 
 def test_ap_hs20_interworking_select_blocking_scan(dev, apdev):
     """Ongoing INTERWORKING_SELECT blocking SCAN"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     hostapd.add_ap(apdev[0]['ifname'], params)
@@ -2310,6 +2353,7 @@ def test_ap_hs20_fetch_osu_stop(dev, apdev):
 
 def test_ap_hs20_ft(dev, apdev):
     """Hotspot 2.0 connection with FT"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['wpa_key_mgmt'] = "FT-EAP"
@@ -2331,6 +2375,7 @@ def test_ap_hs20_ft(dev, apdev):
 
 def test_ap_hs20_remediation_sql(dev, apdev, params):
     """Hotspot 2.0 connection and remediation required using SQLite for user DB"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     try:
         import sqlite3
     except ImportError:
@@ -2394,6 +2439,7 @@ def test_ap_hs20_remediation_sql(dev, apdev, params):
 
 def test_ap_hs20_external_selection(dev, apdev):
     """Hotspot 2.0 connection using external network selection and creation"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['hessid'] = bssid
@@ -2410,6 +2456,7 @@ def test_ap_hs20_external_selection(dev, apdev):
 
 def test_ap_hs20_random_mac_addr(dev, apdev):
     """Hotspot 2.0 connection with random MAC address"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['hessid'] = bssid
@@ -2445,6 +2492,7 @@ def test_ap_hs20_random_mac_addr(dev, apdev):
 
 def test_ap_hs20_multi_network_and_cred_removal(dev, apdev):
     """Multiple networks and cred removal"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['nai_realm'] = [ "0,example.com,25[3:26]"]
@@ -2480,6 +2528,7 @@ def test_ap_hs20_multi_network_and_cred_removal(dev, apdev):
 
 def test_ap_hs20_interworking_add_network(dev, apdev):
     """Hotspot 2.0 connection using INTERWORKING_ADD_NETWORK"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['nai_realm'] = [ "0,example.com,21[3:26][6:7][99:99]" ]
@@ -2580,6 +2629,7 @@ def _test_ap_hs20_proxyarp(dev, apdev):
 
 def test_ap_hs20_hidden_ssid_in_scan_res(dev, apdev):
     """Hotspot 2.0 connection with hidden SSId in scan results"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
 
     hapd = hostapd.add_ap(apdev[0]['ifname'], { "ssid": 'secret',
@@ -2612,6 +2662,7 @@ def test_ap_hs20_hidden_ssid_in_scan_res(dev, apdev):
 
 def test_ap_hs20_proxyarp(dev, apdev):
     """Hotspot 2.0 and ProxyARP"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     try:
         _test_ap_hs20_proxyarp(dev, apdev)
     finally:
@@ -2708,6 +2759,7 @@ def _test_ap_hs20_proxyarp_dgaf(dev, apdev, disabled):
 
 def test_ap_hs20_proxyarp_disable_dgaf(dev, apdev):
     """Hotspot 2.0 and ProxyARP with DGAF disabled"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     try:
         _test_ap_hs20_proxyarp_dgaf(dev, apdev, True)
     finally:
@@ -2718,6 +2770,7 @@ def test_ap_hs20_proxyarp_disable_dgaf(dev, apdev):
 
 def test_ap_hs20_proxyarp_enable_dgaf(dev, apdev):
     """Hotspot 2.0 and ProxyARP with DGAF enabled"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     try:
         _test_ap_hs20_proxyarp_dgaf(dev, apdev, False)
     finally:
@@ -3483,6 +3536,7 @@ def test_proxyarp_open_ebtables(dev, apdev, params):
 
 def test_ap_hs20_connect_deinit(dev, apdev):
     """Hotspot 2.0 connection interrupted with deinit"""
+    check_eap_capa(dev[0], "MSCHAPV2")
     bssid = apdev[0]['bssid']
     params = hs20_ap_params()
     params['hessid'] = bssid

+ 5 - 1
tests/hwsim/test_eap_proto.py

@@ -1,5 +1,5 @@
 # EAP protocol tests
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
+# Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
 #
 # This software may be distributed under the terms of the BSD license.
 # See README for more details.
@@ -14,6 +14,7 @@ import time
 
 import hostapd
 from utils import HwsimSkip
+from test_ap_eap import check_eap_capa
 
 EAP_CODE_REQUEST = 1
 EAP_CODE_RESPONSE = 2
@@ -141,6 +142,7 @@ def start_ap(ifname):
 
 def test_eap_proto(dev, apdev):
     """EAP protocol tests"""
+    check_eap_capa(dev[0], "MD5")
     def eap_handler(ctx, req):
         logger.info("eap_handler - RX " + req.encode("hex"))
         if 'num' not in ctx:
@@ -722,6 +724,8 @@ def test_eap_proto_leap(dev, apdev):
 
 def test_eap_proto_md5(dev, apdev):
     """EAP-MD5 protocol tests"""
+    check_eap_capa(dev[0], "MD5")
+
     def md5_handler(ctx, req):
         logger.info("md5_handler - RX " + req.encode("hex"))
         if 'num' not in ctx: