From e114c49cfc431b93046b1ad1d8a85991242672dd Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 3 Nov 2013 12:25:44 +0200
Subject: [PATCH] tests: Add an EAP-TLS test case

This fixes the user.key file (incorrect key was copied previously) and
adds a test case for EAP-TLS with WPA2-Enterprise.

Signed-hostap: Jouni Malinen <j@w1.fi>
---
 tests/hwsim/auth_serv/user.key | 28 ++++++++++++++--------------
 tests/hwsim/test_ap_eap.py     | 14 ++++++++++++--
 tests/hwsim/wpasupplicant.py   |  5 +++++
 3 files changed, 31 insertions(+), 16 deletions(-)

diff --git a/tests/hwsim/auth_serv/user.key b/tests/hwsim/auth_serv/user.key
index 89a456e92..b9fd702d5 100644
--- a/tests/hwsim/auth_serv/user.key
+++ b/tests/hwsim/auth_serv/user.key
@@ -1,16 +1,16 @@
 -----BEGIN PRIVATE KEY-----
-MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALBoVlPcsi29gqk6
-U0WmBrfNjU9IM93x8gjxjrUAhpwTbc8TzXaoxWFL8WhD1M2MX1zhoTLhrbp1dSvC
-JRY7dPWX4BOGivgpadUvbQAkz9ZKQw0RJtkp1z8LW2eLKAI7mSzAJkut+b0QHivK
-+h/s2Ld0+opxwQyUZaizXxPf2q0pAgMBAAECgYBgj2wZkWdSlDZOLWfhauSofXJJ
-IGuLpGDotlh4CSaljhkATYWc2vrXrDsi6GY2cQzOCY80C8YNlzeg0S99wOPelW/3
-VA9Frx4IBJRT5KLKELd7qHU8Bu/V8plDHcS84lw5JfrSrN/GAojSXmHCPYx7ZBfN
-h+jvTI8zDURRMyg81QJBAOZrm3YFtKqguuVACRKDIqYsDegn3SInq3Tv+iKDVS36
-JkTUk4Lk68ycJbvvlH7ak3rzAO3PLfP2aEbhOOtW+dcCQQDD/bkN9FAwHCsIxOSu
-eO1rfO+W1NWJIcWuY5Cyjgj3xriJqdG/NL0mxXKvlAN9BD/nbHuNP0hXEes/t0cU
-rLD/AkBagX3o18jlFIkUrxhhKx0bBEbaH35eghJ4tiIcGFYG3zDU7GKckWqFTfgM
-X8iGIzi2nGiLAEvefbTr0l9XISy1AkB+KXaVN/7iaU9+bpgyg595gMwN0OXAR6Aj
-2O3NMsctEJu76jgdmEpmidWAlowETtcAFwIVc3YSrnM76bP06BFrAkAJ7LK5Vn4H
-BWNwMHLUVaZoCbMXUwTfshlpnv1ctcOzUPExl/IlqbNl9cVeh/Ap2LQlSv2w5kPl
-htcvTkfc8Pr6
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAKaWLpsijN+UvouJ
+SfZ4dqJgfhSV85b+qxklAzRkdAE+qJ988UdhYEyCkih8K6AOy4e/WevX82EiOxTz
+qzH2WpUfuHq4LDypYVN4m+g+UOzC1kTnQ828Pk7nRv6SnsOYDylYyMuJAXVH6ZVX
+D3bFLwVexx4N8jwSY125VBmvf0BrAgMBAAECgYEAkEoS0kKJ3Hqc1IW0r6xFrX2A
+l1oOpCGvl1bswKuloxJfwczZu+cHHx4VdMWgj8Fg3xKJ03K4FtEsdYhdJyhn6c6G
+YsKF7HHGo2WA61VHxgqRB/CZzALy2JR/3rzElvrVQ5ZVh15DipNpwfwP9bW6P99A
+omPQVnZ3p1HgU5WK68kCQQDXHbFUYX3I9SYlR4JhPy5ov2Q8WHu4p9rWXGBO75uS
+7f3FZCbGULKZEOsiVFbloyUdpvLId7wvb343a1EAOnC9AkEAxj9UqsKMAdlXTDrT
+9NcQmJKWt568gEV4/45fjpTzbdndEOtCMwWBWEv/SyiWgWdwPeBViRGEyPrkLV/S
+teesRwJBAIfN6QuaWKyrh591W6xFFOlwGrm2KrVS0ucNfoeW4SKLOPCK36fHflj/
+w1Hy6MEkk+P6Z7+DR7yyqH4YNBTu0AkCQA7uZioWTQU2oWSUabJfIFjdcYyS4A+p
+K9vTlU7f2RXE+ulzTqEZIQzNbIT0oaFNcR637rlMIHwiqVzhgrVApbECQQDK5QqX
+E6Z2VHTNEnCki9YvkgjPhLxSihQMDSaR0ENkre0OctFUufbwzH7DEhzV6CQ1Uw+9
+Au5AOFzcb1tfGczP
 -----END PRIVATE KEY-----
diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index 58a3abc44..f29d9d97a 100644
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -17,12 +17,14 @@ import hostapd
 
 def eap_connect(dev, method, identity, anonymous_identity=None, password=None,
                 phase1=None, phase2=None, ca_cert=None,
-                domain_suffix_match=None, password_hex=None):
+                domain_suffix_match=None, password_hex=None,
+                client_cert=None, private_key=None):
     dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap=method,
                 identity=identity, anonymous_identity=anonymous_identity,
                 password=password, phase1=phase1, phase2=phase2,
                 ca_cert=ca_cert, domain_suffix_match=domain_suffix_match,
-                wait_connect=False, scan_freq="2412", password_hex=password_hex)
+                wait_connect=False, scan_freq="2412", password_hex=password_hex,
+                client_cert=client_cert, private_key=private_key)
     ev = dev.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10)
     if ev is None:
         raise Exception("Association and EAP start timed out")
@@ -155,6 +157,14 @@ def test_ap_wpa2_eap_peap_eap_mschapv2(dev, apdev):
                 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2")
     hwsim_utils.test_connectivity(dev[0].ifname, apdev[0]['ifname'])
 
+def test_ap_wpa2_eap_tls(dev, apdev):
+    """WPA2-Enterprise connection using EAP-TLS"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], "TLS", "tls user", ca_cert="auth_serv/ca.pem",
+                client_cert="auth_serv/user.pem",
+                private_key="auth_serv/user.key")
+
 def test_ap_wpa2_eap_tls_neg_incorrect_trust_root(dev, apdev):
     """WPA2-Enterprise negative test - incorrect trust root"""
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py
index af38a15bb..8259f869f 100644
--- a/tests/hwsim/wpasupplicant.py
+++ b/tests/hwsim/wpasupplicant.py
@@ -511,6 +511,7 @@ class WpaSupplicant:
                 eap=None, identity=None, anonymous_identity=None,
                 password=None, phase1=None, phase2=None, ca_cert=None,
                 domain_suffix_match=None, password_hex=None,
+                client_cert=None, private_key=None,
                 wait_connect=True):
         logger.info("Connect STA " + self.ifname + " to AP")
         id = self.add_network()
@@ -544,6 +545,10 @@ class WpaSupplicant:
             self.set_network(id, "password", password_hex)
         if ca_cert:
             self.set_network_quoted(id, "ca_cert", ca_cert)
+        if client_cert:
+            self.set_network_quoted(id, "client_cert", client_cert)
+        if private_key:
+            self.set_network_quoted(id, "private_key", private_key)
         if phase1:
             self.set_network_quoted(id, "phase1", phase1)
         if phase2: