From 202842b8b3f8fc25d230490dfe44e48141c1c865 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Tue, 5 Apr 2022 23:50:56 +0300
Subject: [PATCH] tests: EAP-TLSv1.3 and missing protected success indication

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---
 tests/hwsim/test_ap_eap.py | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index a9715eec1..490b2d649 100644
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -206,7 +206,7 @@ def eap_check_auth(dev, method, initial, rsn=True, sha256=False,
             return
         if not local_error_report:
             if "reason=23" not in ev:
-                raise Exception("Proper reason code for disconnection not reported")
+                raise Exception("Proper reason code for disconnection not reported: " + ev)
         return
     if report_failure:
         ev = dev.wait_event(["CTRL-EVENT-EAP-SUCCESS",
@@ -5959,6 +5959,21 @@ def test_ap_wpa2_eap_tls_13(dev, apdev):
     dev[0].request("RECONNECT")
     dev[0].wait_connected()
 
+def test_ap_wpa2_eap_tls_13_missing_prot_success(dev, apdev):
+    """EAP-TLSv1.3 and missing protected success indication"""
+    params = int_eap_server_params()
+    params['tls_flags'] = '[ENABLE-TLSv1.3]'
+    params['eap_skip_prot_success'] = '1'
+    hapd = hostapd.add_ap(apdev[0], params)
+
+    check_tls13_support(dev[0])
+    id = eap_connect(dev[0], hapd, "TLS", "tls user",
+                     ca_cert="auth_serv/ca.pem",
+                     client_cert="auth_serv/user.pem",
+                     private_key="auth_serv/user.key",
+                     phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0",
+                     expect_failure=True, local_error_report=True)
+
 def test_ap_wpa2_eap_ttls_13(dev, apdev):
     """EAP-TTLS and TLS 1.3"""
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")