tests: RADIUS/TLS with FreeRADIUS

Signed-off-by: Jouni Malinen <j@w1.fi>

tests/hwsim/test_radius.py

@@ -1,5 +1,5 @@
 # RADIUS tests
-# Copyright (c) 2013-2016, Jouni Malinen <j@w1.fi>
+# Copyright (c) 2013-2024, Jouni Malinen <j@w1.fi>
 #
 # This software may be distributed under the terms of the BSD license.
 # See README for more details.
@@ -12,6 +12,7 @@ import logging
 logger = logging.getLogger()
 import os
 import select
+import signal
 import struct
 import subprocess
 import threading
@@ -1791,3 +1792,64 @@ def test_radius_acct_failure_sta_data(dev, apdev):
         dev[0].request("DISCONNECT")
         dev[0].wait_disconnected()
         hapd.wait_event(["AP-STA-DISCONNECTED"], timeout=1)
+
+def test_radius_tls_freeradius(dev, apdev, test_params):
+    """RADIUS/TLS with FreeRADIUS"""
+    if not os.path.exists("FreeRADIUS"):
+        raise HwsimSkip("FreeRADIUS not available")
+
+    confdir = "FreeRADIUS/etc/raddb"
+    certdir = confdir + "/certs"
+    pidfile = "/tmp/radiusd.pid"
+
+    subprocess.call(['FreeRADIUS/sbin/radiusd',
+                     '-d', confdir,
+                     '-xx',
+                     '-l', test_params['prefix'] + ".freeradius"])
+    time.sleep(1)
+    if not os.path.exists(pidfile):
+        raise Exception("Could not start FreeRADIUS")
+
+    params = hostapd.wpa2_eap_params(ssid="radius-tls")
+    for s in ["auth", "acct"]:
+        params[s + '_server_addr'] = "127.0.0.1"
+        params[s + '_server_port'] = "2083"
+        params[s + '_server_type'] = "TLS"
+        params[s + '_server_shared_secret'] = "radsec"
+        params[s + '_server_ca_cert'] = certdir + "/ca.pem"
+        params[s + '_server_client_cert'] = certdir + "/client.pem"
+        params[s + '_server_private_key'] = certdir + "/client.key"
+        params[s + '_server_private_key_passwd'] = "whatever"
+
+    try:
+        hapd = hostapd.add_ap(apdev[0], params)
+        time.sleep(1)
+        dev[0].connect("radius-tls", key_mgmt="WPA-EAP", scan_freq="2412",
+                       eap="PEAP", identity="bob", password="hello")
+        time.sleep(1)
+        dev[0].request("DISCONNECT")
+        dev[0].wait_disconnected()
+        time.sleep(1)
+    finally:
+        with open(pidfile, "r") as f:
+            pid = int(f.read())
+            if pid > 0:
+                os.kill(pid, signal.SIGTERM)
+
+def foo():
+    params['auth_server_addr'] = "127.0.0.1"
+    params['auth_server_port'] = "2083"
+    params['auth_server_type'] = "TLS"
+    params['auth_server_shared_secret'] = "radsec"
+    params['auth_server_ca_cert'] = certdir + "/ca.pem"
+    params['auth_server_client_cert'] = certdir + "/client.pem"
+    params['auth_server_private_key'] = certdir + "/client.key"
+    params['auth_server_private_key_passwd'] = "whatever"
+    params['acct_server_addr'] = "127.0.0.1"
+    params['acct_server_port'] = "2083"
+    params['acct_server_type'] = "TLS"
+    params['acct_server_shared_secret'] = "radsec"
+    params['acct_server_ca_cert'] = certdir + "/ca.pem"
+    params['acct_server_client_cert'] = certdir + "/client.pem"
+    params['acct_server_private_key'] = certdir + "/client.key"
+    params['acct_server_private_key_passwd'] = "whatever"