tests: Skip EAP-MD5 and EAP-MSCHAPV2 test cases in FIPS mode

These would require MD5 or MD4 which are not allowed in FIPS mode. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 18:56:06 +03:00 · 2015-08-01 18:56:06 +03:00 · e7ac04ceaf
commit e7ac04ceaf
parent ca158ea621
3 changed files with 75 additions and 1 deletions
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@ -993,6 +993,7 @@ def test_ap_wpa2_eap_ttls_eap_gtc_server_oom(dev, apdev):

 def test_ap_wpa2_eap_ttls_eap_md5(dev, apdev):
    """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5"""
+    check_eap_capa(dev[0], "MD5")
    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    eap_connect(dev[0], apdev[0], "TTLS", "user",
@ -1003,6 +1004,7 @@ def test_ap_wpa2_eap_ttls_eap_md5(dev, apdev):

 def test_ap_wpa2_eap_ttls_eap_md5_incorrect_password(dev, apdev):
    """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5 - incorrect password"""
+    check_eap_capa(dev[0], "MD5")
    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    eap_connect(dev[0], apdev[0], "TTLS", "user",
@ -1012,6 +1014,7 @@ def test_ap_wpa2_eap_ttls_eap_md5_incorrect_password(dev, apdev):

 def test_ap_wpa2_eap_ttls_eap_md5_no_password(dev, apdev):
    """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5 - no password"""
+    check_eap_capa(dev[0], "MD5")
    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    eap_connect(dev[0], apdev[0], "TTLS", "user-no-passwd",
@ -1021,6 +1024,7 @@ def test_ap_wpa2_eap_ttls_eap_md5_no_password(dev, apdev):

 def test_ap_wpa2_eap_ttls_eap_md5_server_oom(dev, apdev):
    """WPA2-Enterprise connection using EAP-TTLS/EAP-MD5 - server OOM"""
+    check_eap_capa(dev[0], "MD5")
    params = int_eap_server_params()
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    with alloc_fail(hapd, 1, "eap_md5_init"):
@ -1045,6 +1049,7 @@ def test_ap_wpa2_eap_ttls_eap_md5_server_oom(dev, apdev):

 def test_ap_wpa2_eap_ttls_eap_mschapv2(dev, apdev):
    """WPA2-Enterprise connection using EAP-TTLS/EAP-MSCHAPv2"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    eap_connect(dev[0], apdev[0], "TTLS", "user",
@ -1062,6 +1067,7 @@ def test_ap_wpa2_eap_ttls_eap_mschapv2(dev, apdev):

 def test_ap_wpa2_eap_ttls_eap_mschapv2_no_password(dev, apdev):
    """WPA2-Enterprise connection using EAP-TTLS/EAP-MSCHAPv2 - no password"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    eap_connect(dev[0], apdev[0], "TTLS", "user-no-passwd",
@ -1071,6 +1077,7 @@ def test_ap_wpa2_eap_ttls_eap_mschapv2_no_password(dev, apdev):

 def test_ap_wpa2_eap_ttls_eap_mschapv2_server_oom(dev, apdev):
    """WPA2-Enterprise connection using EAP-TTLS/EAP-MSCHAPv2 - server OOM"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = int_eap_server_params()
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    with alloc_fail(hapd, 1, "eap_mschapv2_init"):
@ -1154,6 +1161,7 @@ def test_ap_wpa2_eap_fast_eap_aka(dev, apdev):

 def test_ap_wpa2_eap_peap_eap_mschapv2(dev, apdev):
    """WPA2-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    eap_connect(dev[0], apdev[0], "PEAP", "user",
@ -1183,6 +1191,7 @@ def test_ap_wpa2_eap_peap_eap_mschapv2(dev, apdev):

 def test_ap_wpa2_eap_peap_eap_mschapv2_domain(dev, apdev):
    """WPA2-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2 with domain"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    eap_connect(dev[0], apdev[0], "PEAP", "DOMAIN\user3",
@ -1193,6 +1202,7 @@ def test_ap_wpa2_eap_peap_eap_mschapv2_domain(dev, apdev):

 def test_ap_wpa2_eap_peap_eap_mschapv2_incorrect_password(dev, apdev):
    """WPA2-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2 - incorrect password"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    eap_connect(dev[0], apdev[0], "PEAP", "user",
@ -1202,6 +1212,7 @@ def test_ap_wpa2_eap_peap_eap_mschapv2_incorrect_password(dev, apdev):

 def test_ap_wpa2_eap_peap_crypto_binding(dev, apdev):
    """WPA2-Enterprise connection using EAP-PEAPv0/EAP-MSCHAPv2 and crypto binding"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    eap_connect(dev[0], apdev[0], "PEAP", "user", password="password",
@ -1222,6 +1233,7 @@ def test_ap_wpa2_eap_peap_crypto_binding(dev, apdev):

 def test_ap_wpa2_eap_peap_crypto_binding_server_oom(dev, apdev):
    """WPA2-Enterprise connection using EAP-PEAPv0/EAP-MSCHAPv2 and crypto binding with server OOM"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = int_eap_server_params()
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    with alloc_fail(hapd, 1, "eap_mschapv2_getKey"):
@ -1233,6 +1245,7 @@ def test_ap_wpa2_eap_peap_crypto_binding_server_oom(dev, apdev):

 def test_ap_wpa2_eap_peap_params(dev, apdev):
    """WPA2-Enterprise connection using EAP-PEAPv0/EAP-MSCHAPv2 and various parameters"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
    hostapd.add_ap(apdev[0]['ifname'], params)
    eap_connect(dev[0], apdev[0], "PEAP", "user",
@ -1345,6 +1358,7 @@ def test_ap_wpa2_eap_tls_pkcs12_blob(dev, apdev):

 def test_ap_wpa2_eap_tls_neg_incorrect_trust_root(dev, apdev):
    """WPA2-Enterprise negative test - incorrect trust root"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
    hostapd.add_ap(apdev[0]['ifname'], params)
    cert = read_pem("auth_serv/ca-incorrect.pem")
@ -2159,6 +2173,7 @@ def test_ap_wpa2_eap_psk_oom(dev, apdev):

 def test_ap_wpa_eap_peap_eap_mschapv2(dev, apdev):
    """WPA-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hostapd.wpa_eap_params(ssid="test-wpa-eap")
    hapd = hostapd.add_ap(apdev[0]['ifname'], params)
    dev[0].connect("test-wpa-eap", key_mgmt="WPA-EAP", eap="PEAP",
@ -2182,6 +2197,7 @@ def test_ap_wpa_eap_peap_eap_mschapv2(dev, apdev):

 def test_ap_wpa2_eap_interactive(dev, apdev):
    """WPA2-Enterprise connection using interactive identity/password entry"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
    hostapd.add_ap(apdev[0]['ifname'], params)
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
--- a/tests/hwsim/test_ap_hs20.py
+++ b/tests/hwsim/test_ap_hs20.py
@ -160,6 +160,7 @@ def check_probe_resp(wt, bssid_unexpected, bssid_expected):

 def test_ap_anqp_sharing(dev, apdev):
    """ANQP sharing within ESS and explicit unshare"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    dev[0].flush_scan_cache()

    bssid = apdev[0]['bssid']
@ -211,6 +212,7 @@ def test_ap_anqp_sharing(dev, apdev):

 def test_ap_nai_home_realm_query(dev, apdev):
    """NAI Home Realm Query"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
@ -478,6 +480,7 @@ def test_ap_hs20_ext_sim_roaming(dev, apdev):

 def test_ap_hs20_username(dev, apdev):
    """Hotspot 2.0 connection in username/password credential"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
@ -507,6 +510,7 @@ def test_ap_hs20_username(dev, apdev):

 def test_ap_hs20_connect_api(dev, apdev):
    """Hotspot 2.0 connection with connect API"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
@ -534,6 +538,7 @@ def test_ap_hs20_connect_api(dev, apdev):

 def test_ap_hs20_auto_interworking(dev, apdev):
    """Hotspot 2.0 connection with auto_interworking=1"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
@ -644,10 +649,12 @@ def test_ap_hs20_eap_unknown(dev, apdev):

 def test_ap_hs20_eap_peap_mschapv2(dev, apdev):
    """Hotspot 2.0 connection with PEAP/MSCHAPV2"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    eap_test(dev[0], apdev[0], "25[3:26]", "PEAP", "user")

 def test_ap_hs20_eap_peap_default(dev, apdev):
    """Hotspot 2.0 connection with PEAP/MSCHAPV2 (as default)"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    eap_test(dev[0], apdev[0], "25", "PEAP", "user")

 def test_ap_hs20_eap_peap_gtc(dev, apdev):
@ -677,6 +684,7 @@ def test_ap_hs20_eap_ttls_mschap(dev, apdev):

 def test_ap_hs20_eap_ttls_eap_mschapv2(dev, apdev):
    """Hotspot 2.0 connection with TTLS/EAP-MSCHAPv2"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    eap_test(dev[0], apdev[0], "21[3:26][6:7][99:99]", "TTLS", "user")

 def test_ap_hs20_eap_ttls_eap_unknown(dev, apdev):
@ -824,6 +832,7 @@ def test_ap_hs20_roaming_consortium(dev, apdev):

 def test_ap_hs20_username_roaming(dev, apdev):
    """Hotspot 2.0 connection in username/password credential (roaming)"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
@ -845,6 +854,7 @@ def test_ap_hs20_username_roaming(dev, apdev):

 def test_ap_hs20_username_unknown(dev, apdev):
    """Hotspot 2.0 connection in username/password credential (no domain in cred)"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
@ -861,6 +871,7 @@ def test_ap_hs20_username_unknown(dev, apdev):

 def test_ap_hs20_username_unknown2(dev, apdev):
    """Hotspot 2.0 connection in username/password credential (no domain advertized)"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
@ -879,6 +890,7 @@ def test_ap_hs20_username_unknown2(dev, apdev):

 def test_ap_hs20_gas_while_associated(dev, apdev):
    """Hotspot 2.0 connection with GAS query while associated"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
@ -902,6 +914,7 @@ def test_ap_hs20_gas_while_associated(dev, apdev):

 def test_ap_hs20_gas_while_associated_with_pmf(dev, apdev):
    """Hotspot 2.0 connection with GAS query while associated and using PMF"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    try:
        _test_ap_hs20_gas_while_associated_with_pmf(dev, apdev)
    finally:
@ -938,6 +951,7 @@ def _test_ap_hs20_gas_while_associated_with_pmf(dev, apdev):

 def test_ap_hs20_gas_frag_while_associated(dev, apdev):
    """Hotspot 2.0 connection with fragmented GAS query while associated"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
@ -963,6 +977,7 @@ def test_ap_hs20_gas_frag_while_associated(dev, apdev):

 def test_ap_hs20_multiple_connects(dev, apdev):
    """Hotspot 2.0 connection through multiple network selections"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
@ -1100,6 +1115,7 @@ def default_cred(domain=None, user="hs20-test"):

 def test_ap_hs20_prefer_home(dev, apdev):
    """Hotspot 2.0 required roaming consortium"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hs20_ap_params()
    params['domain_name'] = "example.org"
    hostapd.add_ap(apdev[0]['ifname'], params)
@ -1117,6 +1133,7 @@ def test_ap_hs20_prefer_home(dev, apdev):

 def test_ap_hs20_req_roaming_consortium(dev, apdev):
    """Hotspot 2.0 required roaming consortium"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hs20_ap_params()
    hostapd.add_ap(apdev[0]['ifname'], params)

@ -1141,6 +1158,7 @@ def test_ap_hs20_req_roaming_consortium(dev, apdev):

 def test_ap_hs20_excluded_ssid(dev, apdev):
    """Hotspot 2.0 exclusion based on SSID"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hs20_ap_params()
    params['roaming_consortium'] = [ "223344" ]
    params['anqp_3gpp_cell_net'] = "555,444"
@ -1184,6 +1202,7 @@ def test_ap_hs20_excluded_ssid(dev, apdev):

 def test_ap_hs20_roam_to_higher_prio(dev, apdev):
    """Hotspot 2.0 and roaming from current to higher priority network"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params(ssid="test-hs20-visited")
    params['domain_name'] = "visited.example.org"
@ -1222,6 +1241,7 @@ def test_ap_hs20_roam_to_higher_prio(dev, apdev):

 def test_ap_hs20_domain_suffix_match_full(dev, apdev):
    """Hotspot 2.0 and domain_suffix_match"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    hostapd.add_ap(apdev[0]['ifname'], params)
@ -1251,6 +1271,7 @@ def test_ap_hs20_domain_suffix_match_full(dev, apdev):

 def test_ap_hs20_domain_suffix_match(dev, apdev):
    """Hotspot 2.0 and domain_suffix_match"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    check_domain_match_full(dev[0])
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
@ -1269,6 +1290,7 @@ def test_ap_hs20_domain_suffix_match(dev, apdev):

 def test_ap_hs20_roaming_partner_preference(dev, apdev):
    """Hotspot 2.0 and roaming partner preference"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hs20_ap_params()
    params['domain_name'] = "roaming.example.org"
    hostapd.add_ap(apdev[0]['ifname'], params)
@ -1293,6 +1315,7 @@ def test_ap_hs20_roaming_partner_preference(dev, apdev):

 def test_ap_hs20_max_bss_load(dev, apdev):
    """Hotspot 2.0 and maximum BSS load"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hs20_ap_params()
    params['bss_load_test'] = "12:200:20000"
    hostapd.add_ap(apdev[0]['ifname'], params)
@ -1328,6 +1351,7 @@ def test_ap_hs20_max_bss_load(dev, apdev):

 def test_ap_hs20_max_bss_load2(dev, apdev):
    """Hotspot 2.0 and maximum BSS load with one AP not advertising"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    params = hs20_ap_params()
    params['bss_load_test'] = "12:200:20000"
    hostapd.add_ap(apdev[0]['ifname'], params)
@ -1351,6 +1375,7 @@ def test_ap_hs20_max_bss_load2(dev, apdev):

 def test_ap_hs20_multi_cred_sp_prio(dev, apdev):
    """Hotspot 2.0 multi-cred sp_priority"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    try:
        _test_ap_hs20_multi_cred_sp_prio(dev, apdev)
    finally:
@ -1394,6 +1419,7 @@ def _test_ap_hs20_multi_cred_sp_prio(dev, apdev):

 def test_ap_hs20_multi_cred_sp_prio2(dev, apdev):
    """Hotspot 2.0 multi-cred sp_priority with two BSSes"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    try:
        _test_ap_hs20_multi_cred_sp_prio2(dev, apdev)
    finally:
@ -1470,6 +1496,7 @@ def conn_capab_cred(domain=None, req_conn_capab=None):

 def test_ap_hs20_req_conn_capab(dev, apdev):
    """Hotspot 2.0 network selection with req_conn_capab"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    hostapd.add_ap(apdev[0]['ifname'], params)
@ -1524,6 +1551,7 @@ def test_ap_hs20_req_conn_capab(dev, apdev):

 def test_ap_hs20_req_conn_capab_and_roaming_partner_preference(dev, apdev):
    """Hotspot 2.0 and req_conn_capab with roaming partner preference"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['domain_name'] = "roaming.example.org"
@ -1575,6 +1603,7 @@ def bw_cred(domain=None, dl_home=None, ul_home=None, dl_roaming=None, ul_roaming

 def test_ap_hs20_min_bandwidth_home(dev, apdev):
    """Hotspot 2.0 network selection with min bandwidth (home)"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    hostapd.add_ap(apdev[0]['ifname'], params)
@ -1610,6 +1639,7 @@ def test_ap_hs20_min_bandwidth_home(dev, apdev):

 def test_ap_hs20_min_bandwidth_home_hidden_ssid_in_scan_res(dev, apdev):
    """Hotspot 2.0 network selection with min bandwidth (home) while hidden SSID is included in scan results"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']

    hapd = hostapd.add_ap(apdev[0]['ifname'], { "ssid": 'secret',
@ -1656,6 +1686,7 @@ def test_ap_hs20_min_bandwidth_home_hidden_ssid_in_scan_res(dev, apdev):

 def test_ap_hs20_min_bandwidth_roaming(dev, apdev):
    """Hotspot 2.0 network selection with min bandwidth (roaming)"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    hostapd.add_ap(apdev[0]['ifname'], params)
@ -1691,6 +1722,7 @@ def test_ap_hs20_min_bandwidth_roaming(dev, apdev):

 def test_ap_hs20_min_bandwidth_and_roaming_partner_preference(dev, apdev):
    """Hotspot 2.0 and minimum bandwidth with roaming partner preference"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['domain_name'] = "roaming.example.org"
@ -1729,6 +1761,7 @@ def test_ap_hs20_min_bandwidth_no_wan_metrics(dev, apdev):

 def test_ap_hs20_deauth_req_ess(dev, apdev):
    """Hotspot 2.0 connection and deauthentication request for ESS"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    try:
        _test_ap_hs20_deauth_req_ess(dev, apdev)
    finally:
@ -1758,6 +1791,7 @@ def _test_ap_hs20_deauth_req_ess(dev, apdev):

 def test_ap_hs20_deauth_req_bss(dev, apdev):
    """Hotspot 2.0 connection and deauthentication request for BSS"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    try:
        _test_ap_hs20_deauth_req_bss(dev, apdev)
    finally:
@ -1789,6 +1823,7 @@ def _test_ap_hs20_deauth_req_bss(dev, apdev):

 def test_ap_hs20_deauth_req_from_radius(dev, apdev):
    """Hotspot 2.0 connection and deauthentication request from RADIUS"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    try:
        _test_ap_hs20_deauth_req_from_radius(dev, apdev)
    finally:
@ -1817,6 +1852,7 @@ def _test_ap_hs20_deauth_req_from_radius(dev, apdev):

 def test_ap_hs20_remediation_required(dev, apdev):
    """Hotspot 2.0 connection and remediation required from RADIUS"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    try:
        _test_ap_hs20_remediation_required(dev, apdev)
    finally:
@ -1843,6 +1879,7 @@ def _test_ap_hs20_remediation_required(dev, apdev):

 def test_ap_hs20_remediation_required_ctrl(dev, apdev):
    """Hotspot 2.0 connection and subrem from ctrl_iface"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    try:
        _test_ap_hs20_remediation_required_ctrl(dev, apdev)
    finally:
@ -1884,6 +1921,7 @@ def _test_ap_hs20_remediation_required_ctrl(dev, apdev):

 def test_ap_hs20_session_info(dev, apdev):
    """Hotspot 2.0 connection and session information from RADIUS"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    try:
        _test_ap_hs20_session_info(dev, apdev)
    finally:
@ -1953,6 +1991,7 @@ def test_ap_hs20_osen(dev, apdev):

 def test_ap_hs20_network_preference(dev, apdev):
    """Hotspot 2.0 network selection with preferred home network"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    hostapd.add_ap(apdev[0]['ifname'], params)
@ -1993,6 +2032,7 @@ def test_ap_hs20_network_preference(dev, apdev):

 def test_ap_hs20_network_preference2(dev, apdev):
    """Hotspot 2.0 network selection with preferred credential"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid2 = apdev[1]['bssid']
    params = hostapd.wpa2_params(ssid="home", passphrase="12345678")
    hostapd.add_ap(apdev[1]['ifname'], params)
@ -2033,6 +2073,7 @@ def test_ap_hs20_network_preference2(dev, apdev):

 def test_ap_hs20_network_preference3(dev, apdev):
    """Hotspot 2.0 network selection with two credential (one preferred)"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    hostapd.add_ap(apdev[0]['ifname'], params)
@ -2073,6 +2114,7 @@ def test_ap_hs20_network_preference3(dev, apdev):

 def test_ap_hs20_network_preference4(dev, apdev):
    """Hotspot 2.0 network selection with username vs. SIM credential"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    hostapd.add_ap(apdev[0]['ifname'], params)
@ -2115,6 +2157,7 @@ def test_ap_hs20_network_preference4(dev, apdev):

 def test_ap_hs20_interworking_select_blocking_scan(dev, apdev):
    """Ongoing INTERWORKING_SELECT blocking SCAN"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    hostapd.add_ap(apdev[0]['ifname'], params)
@ -2310,6 +2353,7 @@ def test_ap_hs20_fetch_osu_stop(dev, apdev):

 def test_ap_hs20_ft(dev, apdev):
    """Hotspot 2.0 connection with FT"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['wpa_key_mgmt'] = "FT-EAP"
@ -2331,6 +2375,7 @@ def test_ap_hs20_ft(dev, apdev):

 def test_ap_hs20_remediation_sql(dev, apdev, params):
    """Hotspot 2.0 connection and remediation required using SQLite for user DB"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    try:
        import sqlite3
    except ImportError:
@ -2394,6 +2439,7 @@ def test_ap_hs20_remediation_sql(dev, apdev, params):

 def test_ap_hs20_external_selection(dev, apdev):
    """Hotspot 2.0 connection using external network selection and creation"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
@ -2410,6 +2456,7 @@ def test_ap_hs20_external_selection(dev, apdev):

 def test_ap_hs20_random_mac_addr(dev, apdev):
    """Hotspot 2.0 connection with random MAC address"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
@ -2445,6 +2492,7 @@ def test_ap_hs20_random_mac_addr(dev, apdev):

 def test_ap_hs20_multi_network_and_cred_removal(dev, apdev):
    """Multiple networks and cred removal"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['nai_realm'] = [ "0,example.com,25[3:26]"]
@ -2480,6 +2528,7 @@ def test_ap_hs20_multi_network_and_cred_removal(dev, apdev):

 def test_ap_hs20_interworking_add_network(dev, apdev):
    """Hotspot 2.0 connection using INTERWORKING_ADD_NETWORK"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['nai_realm'] = [ "0,example.com,21[3:26][6:7][99:99]" ]
@ -2580,6 +2629,7 @@ def _test_ap_hs20_proxyarp(dev, apdev):

 def test_ap_hs20_hidden_ssid_in_scan_res(dev, apdev):
    """Hotspot 2.0 connection with hidden SSId in scan results"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']

    hapd = hostapd.add_ap(apdev[0]['ifname'], { "ssid": 'secret',
@ -2612,6 +2662,7 @@ def test_ap_hs20_hidden_ssid_in_scan_res(dev, apdev):

 def test_ap_hs20_proxyarp(dev, apdev):
    """Hotspot 2.0 and ProxyARP"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    try:
        _test_ap_hs20_proxyarp(dev, apdev)
    finally:
@ -2708,6 +2759,7 @@ def _test_ap_hs20_proxyarp_dgaf(dev, apdev, disabled):

 def test_ap_hs20_proxyarp_disable_dgaf(dev, apdev):
    """Hotspot 2.0 and ProxyARP with DGAF disabled"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    try:
        _test_ap_hs20_proxyarp_dgaf(dev, apdev, True)
    finally:
@ -2718,6 +2770,7 @@ def test_ap_hs20_proxyarp_disable_dgaf(dev, apdev):

 def test_ap_hs20_proxyarp_enable_dgaf(dev, apdev):
    """Hotspot 2.0 and ProxyARP with DGAF enabled"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    try:
        _test_ap_hs20_proxyarp_dgaf(dev, apdev, False)
    finally:
@ -3483,6 +3536,7 @@ def test_proxyarp_open_ebtables(dev, apdev, params):

 def test_ap_hs20_connect_deinit(dev, apdev):
    """Hotspot 2.0 connection interrupted with deinit"""
+    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hs20_ap_params()
    params['hessid'] = bssid
--- a/tests/hwsim/test_eap_proto.py
+++ b/tests/hwsim/test_eap_proto.py
@ -1,5 +1,5 @@
 # EAP protocol tests
-# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
+# Copyright (c) 2014-2015, Jouni Malinen <j@w1.fi>
 #
 # This software may be distributed under the terms of the BSD license.
 # See README for more details.
@ -14,6 +14,7 @@ import time

 import hostapd
 from utils import HwsimSkip
+from test_ap_eap import check_eap_capa

 EAP_CODE_REQUEST = 1
 EAP_CODE_RESPONSE = 2
@ -141,6 +142,7 @@ def start_ap(ifname):

 def test_eap_proto(dev, apdev):
    """EAP protocol tests"""
+    check_eap_capa(dev[0], "MD5")
    def eap_handler(ctx, req):
        logger.info("eap_handler - RX " + req.encode("hex"))
        if 'num' not in ctx:
@ -722,6 +724,8 @@ def test_eap_proto_leap(dev, apdev):

 def test_eap_proto_md5(dev, apdev):
    """EAP-MD5 protocol tests"""
+    check_eap_capa(dev[0], "MD5")
+
    def md5_handler(ctx, req):
        logger.info("md5_handler - RX " + req.encode("hex"))
        if 'num' not in ctx: