diff --git a/autotests/misc/secrets/eap-user.text b/autotests/misc/secrets/eap-user.text
new file mode 100644
index 00000000..6f64b2f8
--- /dev/null
+++ b/autotests/misc/secrets/eap-user.text
@@ -0,0 +1,22 @@
+"112345678@phonesim.org"		SIM
+"012345678@phonesim.org"		AKA
+"612345678@phonesim.org"		AKA'
+"mschapv2@example.com"			MSCHAPV2	"Password"
+"pwd@example.com"			PWD		"Password"
+
+# Phase 1 users
+"tls@example.com"			TLS
+"ttls@example.com"			TTLS
+"peap@example.com"			PEAP
+"peapv0@example.com"			PEAP [ver=0]
+"peapv1@example.com"			PEAP [ver=1]
+
+# Phase 2
+"md5-phase2@example.com"		MD5		"Password" [2]
+"gtc-phase2@example.com"		GTC		"Password" [2]
+"mschapv2-phase2@example.com"		MSCHAPV2	"Password" [2]
+"ttls-chap-phase2@example.com"		TTLS-CHAP	"Password" [2]
+"ttls-mschap-phase2@example.com"	TTLS-MSCHAP	"Password" [2]
+"ttls-mschapv2-phase2@example.com"	TTLS-MSCHAPV2	"Password" [2]
+"ttls-pap-phase2@example.com"		TTLS-PAP	"Password" [2]
+"112345678@phonesim.org"		SIM [2]
diff --git a/autotests/testEAP/connection_test.py b/autotests/testEAP/connection_test.py
new file mode 100644
index 00000000..9a51bb8a
--- /dev/null
+++ b/autotests/testEAP/connection_test.py
@@ -0,0 +1,240 @@
+#!/usr/bin/python3
+
+from typing import Iterable
+import unittest
+import sys
+
+sys.path.append('../util')
+from iwd import IWD
+from iwd import NetworkType
+from iwd import PSKAgent
+from hlrauc import AuthCenter
+from ofono import Ofono
+from config import ctx
+import testutil
+import traceback
+
+class Test(unittest.TestCase):
+    def copy_network(self, name):
+        IWD.copy_to_storage(name, name='ssidEAP.8021x')
+        self.wd.wait_for_object_condition(self.wd,
+                                    '"ssidEAP" in [n.name for n in obj.list_known_networks()]')
+
+    def remove_network(self):
+        networks = self.wd.list_known_networks()
+        [n.forget() for n in networks if n.name == 'ssidEAP']
+        self.wd.wait_for_object_condition(self.wd,
+                                    '"ssidEAP" not in [n.name for n in obj.list_known_networks()]')
+
+    def validate_connection(self, wd, *secrets):
+        if secrets:
+            psk_agent = PSKAgent(*secrets)
+            wd.register_psk_agent(psk_agent)
+
+        devices = wd.list_devices(1)
+        self.assertIsNotNone(devices)
+        device = devices[0]
+
+        ordered_network = device.get_ordered_network('ssidEAP')
+
+        self.assertEqual(ordered_network.type, NetworkType.eap)
+
+        condition = 'not obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+        ordered_network.network_object.connect()
+
+        condition = 'obj.state == DeviceState.connected'
+        wd.wait_for_object_condition(device, condition)
+
+        testutil.test_iface_operstate()
+        testutil.test_ifaces_connected()
+
+        if secrets:
+            wd.unregister_psk_agent(psk_agent)
+
+        device.disconnect()
+
+        condition = 'not obj.connected'
+        wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+    #
+    # EAP-AKA
+    #
+    def test_eap_aka(self):
+        if not ctx.is_process_running('ofonod'):
+            self.skipTest("ofono not running")
+
+        ofono = Ofono()
+        ofono.enable_modem('/phonesim')
+        ofono.wait_for_sim_auth()
+
+        auth = AuthCenter('/tmp/hlrauc.sock', '/tmp/sim/aka.db')
+
+        self.copy_network('sim/ssidEAP-AKA.8021x')
+
+        try:
+            self.validate_connection(self.wd)
+        finally:
+            auth.stop()
+
+    #
+    # EAP-AKA'
+    #
+    def test_eap_aka_prime(self):
+        if not ctx.is_process_running('ofonod'):
+            self.skipTest("ofono not running")
+
+        ofono = Ofono()
+        ofono.enable_modem('/phonesim')
+        ofono.wait_for_sim_auth()
+
+        auth = AuthCenter('/tmp/hlrauc.sock', '/tmp/sim/aka.db')
+
+        self.copy_network('sim/ssidEAP-AKA-prime.8021x')
+
+        try:
+            self.validate_connection(self.wd)
+        finally:
+            auth.stop()
+
+    #
+    # EAP-SIM
+    #
+    def test_eap_sim(self):
+        if not ctx.is_process_running('ofonod'):
+            self.skipTest("ofono not running")
+
+        ofono = Ofono()
+        ofono.enable_modem('/phonesim')
+        ofono.wait_for_sim_auth()
+
+        auth = AuthCenter('/tmp/hlrauc.sock', '/tmp/sim/sim.db')
+
+        self.copy_network('sim/ssidEAP-SIM.8021x')
+
+        try:
+            self.validate_connection(self.wd)
+        finally:
+            auth.stop()
+
+    #
+    # EAP-MSCHAPv2
+    #
+    # * Credentials in 8021x file
+    # * Password-Hash in 8021x file
+    # * Agent request for password
+    # * Agent request for user + password
+    #
+    def test_eap_mschapv2(self):
+        self.copy_network('mschapv2/ssidEAP-MSCHAPV2.8021x')
+        self.validate_connection(self.wd)
+
+        self.copy_network('mschapv2/ssidEAP-MSCHAPV2-hash.8021x')
+        self.validate_connection(self.wd)
+
+        self.copy_network('mschapv2/ssidEAP-MSCHAPV2-nopass.8021x')
+        self.validate_connection(self.wd, [], ('mschapv2@example.com', 'Password'))
+
+        self.copy_network('mschapv2/ssidEAP-MSCHAPV2-nouserpass.8021x')
+        self.validate_connection(self.wd, [], ('mschapv2@example.com', 'Password'))
+
+    #
+    # EAP-PEAP
+    #
+    # * Test all combinations of PEAP, PEAPv0, PEAPv1 with MD5, GTC, SIM, MSCHAPv2
+    #
+    def test_eap_peap(self):
+        ofono = Ofono()
+        ofono.enable_modem('/phonesim')
+        ofono.wait_for_sim_auth()
+
+        auth = AuthCenter('/tmp/hlrauc.sock', '/tmp/sim/sim.db')
+
+        for ver in ['PEAP', 'PEAPv0', 'PEAPv1']:
+            for inner in ['MD5', 'GTC', 'SIM', 'MSCHAPv2']:
+                self.copy_network('peap/ssidEAP-%s-%s.8021x' % (ver, inner))
+
+                try:
+                    self.validate_connection(self.wd)
+                except Exception as e:
+                    # Catch an error here and print the actual PEAP combo that failed
+                    traceback.print_exc()
+                    auth.stop()
+                    raise Exception("%s-%s test failed" % (ver, inner))
+
+                self.remove_network()
+
+        auth.stop()
+
+    #
+    # EAP-PWD
+    #
+    def test_eap_pwd(self):
+        self.copy_network('ssidEAP-PWD.8021x')
+
+        self.validate_connection(self.wd)
+
+    #
+    # EAP-TLS
+    #
+    # * Encrypted private key, passphrase in 8021x file
+    # * Unencrypted private key
+    # * Encrypted private key, passphrase provided by agent
+    # * Embedded PEM inside 8021x file
+    # * KeyBundle
+    #
+    def test_eap_tls(self):
+        for name, secrets in [('keypass', None), ('nokeypass', None),
+                        ('des-ede3', 'abc'), ('embedded', None), ('keybundle', None)]:
+            self.copy_network('tls/ssidEAP-TLS-%s.8021x' % name)
+            try:
+                self.validate_connection(self.wd, secrets)
+            except Exception as e:
+                traceback.print_exc()
+                raise Exception('EAP-TLS (%s) failed' % name)
+
+            self.remove_network()
+
+    #
+    # EAP-TTLS
+    #
+    # * CHAP, MD5, MSCHAPV2 as phase 2
+    # * Tunneled-MSCHAP, Tunneled-MSCHAPV2, Tunneled-PAP as phase 2
+    #
+    def test_eap_ttls(self):
+        for name, secrets in [('CHAP', ('ttls@example.com', ('ttls-chap-phase2@example.com', 'Password'))),
+                              ('MD5', None),
+                              ('MSCHAPV2', ('ttls@example.com', ('mschapv2-phase2@example.com', 'Password'))),
+                              ('Tunneled-MSCHAP', ('ttls@example.com', ('ttls-mschap-phase2@example.com', 'Password'))),
+                              ('Tunneled-MSCHAPV2', ('ttls@example.com', ('ttls-mschapv2-phase2@example.com', 'Password'))),
+                              ('Tunneled-PAP', ('ttls@example.com', ('ttls-pap-phase2@example.com', 'Password')))]:
+            self.copy_network('ttls/ssidEAP-TTLS-%s.8021x' % name)
+            try:
+                if isinstance(secrets, Iterable):
+                    self.validate_connection(self.wd, *secrets)
+                else:
+                    self.validate_connection(self.wd, None)
+            except Exception as e:
+                    traceback.print_exc()
+                    raise Exception('EAP-TTLS (%s) failed' % name)
+
+            self.remove_network()
+
+    def setUp(self):
+        IWD.clear_storage()
+
+    def tearDown(self):
+        self.remove_network()
+
+    @classmethod
+    def setUpClass(cls):
+        cls.wd = IWD()
+
+    @classmethod
+    def tearDownClass(cls):
+        cls.wd = None
+        IWD.clear_storage()
+
+if __name__ == '__main__':
+    unittest.main(exit=True)
diff --git a/autotests/testEAP/hw.conf b/autotests/testEAP/hw.conf
new file mode 100644
index 00000000..8a84c611
--- /dev/null
+++ b/autotests/testEAP/hw.conf
@@ -0,0 +1,6 @@
+[SETUP]
+num_radios=2
+sim_keys=ofono
+
+[HOSTAPD]
+rad0=ssidEAP.conf
diff --git a/autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2-hash.8021x b/autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2-hash.8021x
new file mode 100644
index 00000000..2bb134d1
--- /dev/null
+++ b/autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2-hash.8021x
@@ -0,0 +1,7 @@
+[Security]
+EAP-Method=MSCHAPV2
+EAP-Identity=mschapv2@example.com
+EAP-Password-Hash=a4f49c406510bdcab6824ee7c30fd852
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2-nopass.8021x b/autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2-nopass.8021x
new file mode 100644
index 00000000..e682cf5b
--- /dev/null
+++ b/autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2-nopass.8021x
@@ -0,0 +1,6 @@
+[Security]
+EAP-Method=MSCHAPV2
+EAP-Identity=mschapv2@example.com
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2-nouserpass.8021x b/autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2-nouserpass.8021x
new file mode 100644
index 00000000..d7528b38
--- /dev/null
+++ b/autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2-nouserpass.8021x
@@ -0,0 +1,5 @@
+[Security]
+EAP-Method=MSCHAPV2
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2.8021x b/autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2.8021x
new file mode 100644
index 00000000..3aba560c
--- /dev/null
+++ b/autotests/testEAP/mschapv2/ssidEAP-MSCHAPV2.8021x
@@ -0,0 +1,7 @@
+[Security]
+EAP-Method=MSCHAPV2
+EAP-Identity=mschapv2@example.com
+EAP-Password=Password
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/peap/ssidEAP-PEAP-GTC.8021x b/autotests/testEAP/peap/ssidEAP-PEAP-GTC.8021x
new file mode 100644
index 00000000..2a1ad713
--- /dev/null
+++ b/autotests/testEAP/peap/ssidEAP-PEAP-GTC.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peap@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=GTC
+EAP-PEAP-Phase2-Identity=gtc-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/peap/ssidEAP-PEAP-MD5.8021x b/autotests/testEAP/peap/ssidEAP-PEAP-MD5.8021x
new file mode 100644
index 00000000..a13bbaaa
--- /dev/null
+++ b/autotests/testEAP/peap/ssidEAP-PEAP-MD5.8021x
@@ -0,0 +1,14 @@
+[Security]
+EAP-Method=PEAP
+
+EAP-Identity=peap@example.com
+
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MD5
+EAP-PEAP-Phase2-Identity=md5-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/peap/ssidEAP-PEAP-MSCHAPv2.8021x b/autotests/testEAP/peap/ssidEAP-PEAP-MSCHAPv2.8021x
new file mode 100644
index 00000000..3cacdfbe
--- /dev/null
+++ b/autotests/testEAP/peap/ssidEAP-PEAP-MSCHAPv2.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peap@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MSCHAPV2
+EAP-PEAP-Phase2-Identity=mschapv2-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/peap/ssidEAP-PEAP-SIM.8021x b/autotests/testEAP/peap/ssidEAP-PEAP-SIM.8021x
new file mode 100644
index 00000000..54311990
--- /dev/null
+++ b/autotests/testEAP/peap/ssidEAP-PEAP-SIM.8021x
@@ -0,0 +1,10 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peap@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=SIM
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/peap/ssidEAP-PEAPv0-GTC.8021x b/autotests/testEAP/peap/ssidEAP-PEAPv0-GTC.8021x
new file mode 100644
index 00000000..b0c02d6b
--- /dev/null
+++ b/autotests/testEAP/peap/ssidEAP-PEAPv0-GTC.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv0@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=GTC
+EAP-PEAP-Phase2-Identity=gtc-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/peap/ssidEAP-PEAPv0-MD5.8021x b/autotests/testEAP/peap/ssidEAP-PEAPv0-MD5.8021x
new file mode 100644
index 00000000..a34faca6
--- /dev/null
+++ b/autotests/testEAP/peap/ssidEAP-PEAPv0-MD5.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv0@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MD5
+EAP-PEAP-Phase2-Identity=md5-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/peap/ssidEAP-PEAPv0-MSCHAPv2.8021x b/autotests/testEAP/peap/ssidEAP-PEAPv0-MSCHAPv2.8021x
new file mode 100644
index 00000000..988661c7
--- /dev/null
+++ b/autotests/testEAP/peap/ssidEAP-PEAPv0-MSCHAPv2.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv0@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MSCHAPV2
+EAP-PEAP-Phase2-Identity=mschapv2-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/peap/ssidEAP-PEAPv0-SIM.8021x b/autotests/testEAP/peap/ssidEAP-PEAPv0-SIM.8021x
new file mode 100644
index 00000000..612bc9e9
--- /dev/null
+++ b/autotests/testEAP/peap/ssidEAP-PEAPv0-SIM.8021x
@@ -0,0 +1,10 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv0@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=SIM
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/peap/ssidEAP-PEAPv1-GTC.8021x b/autotests/testEAP/peap/ssidEAP-PEAPv1-GTC.8021x
new file mode 100644
index 00000000..775f547c
--- /dev/null
+++ b/autotests/testEAP/peap/ssidEAP-PEAPv1-GTC.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv1@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=GTC
+EAP-PEAP-Phase2-Identity=gtc-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/peap/ssidEAP-PEAPv1-MD5.8021x b/autotests/testEAP/peap/ssidEAP-PEAPv1-MD5.8021x
new file mode 100644
index 00000000..35a1329a
--- /dev/null
+++ b/autotests/testEAP/peap/ssidEAP-PEAPv1-MD5.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv1@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MD5
+EAP-PEAP-Phase2-Identity=md5-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/peap/ssidEAP-PEAPv1-MSCHAPv2.8021x b/autotests/testEAP/peap/ssidEAP-PEAPv1-MSCHAPv2.8021x
new file mode 100644
index 00000000..02290920
--- /dev/null
+++ b/autotests/testEAP/peap/ssidEAP-PEAPv1-MSCHAPv2.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv1@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=MSCHAPV2
+EAP-PEAP-Phase2-Identity=mschapv2-phase2@example.com
+EAP-PEAP-Phase2-Password=Password
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/peap/ssidEAP-PEAPv1-SIM.8021x b/autotests/testEAP/peap/ssidEAP-PEAPv1-SIM.8021x
new file mode 100644
index 00000000..2f0f6688
--- /dev/null
+++ b/autotests/testEAP/peap/ssidEAP-PEAPv1-SIM.8021x
@@ -0,0 +1,10 @@
+[Security]
+EAP-Method=PEAP
+EAP-Identity=peapv1@example.com
+EAP-PEAP-CACert=/tmp/certs/cert-ca.pem
+EAP-PEAP-ClientCert=/tmp/certs/cert-client.pem
+EAP-PEAP-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-PEAP-Phase2-Method=SIM
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/sim/aka.db b/autotests/testEAP/sim/aka.db
new file mode 100644
index 00000000..c4461ae1
--- /dev/null
+++ b/autotests/testEAP/sim/aka.db
@@ -0,0 +1,3 @@
+# IMSI K OPC AMF SQN
+
+12345678:90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:61df:000000000021
\ No newline at end of file
diff --git a/autotests/testEAP/sim/sim.db b/autotests/testEAP/sim/sim.db
new file mode 100644
index 00000000..fbf79786
--- /dev/null
+++ b/autotests/testEAP/sim/sim.db
@@ -0,0 +1 @@
+12345678:673fb8cd35f98800:1fb1e3b5:DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
diff --git a/autotests/testEAP/sim/ssidEAP-AKA-prime.8021x b/autotests/testEAP/sim/ssidEAP-AKA-prime.8021x
new file mode 100644
index 00000000..6e88da6b
--- /dev/null
+++ b/autotests/testEAP/sim/ssidEAP-AKA-prime.8021x
@@ -0,0 +1,5 @@
+[Security]
+EAP-Method=AKA'
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/sim/ssidEAP-AKA.8021x b/autotests/testEAP/sim/ssidEAP-AKA.8021x
new file mode 100644
index 00000000..1d55e17c
--- /dev/null
+++ b/autotests/testEAP/sim/ssidEAP-AKA.8021x
@@ -0,0 +1,2 @@
+[Security]
+EAP-Method=AKA
diff --git a/autotests/testEAP/sim/ssidEAP-SIM.8021x b/autotests/testEAP/sim/ssidEAP-SIM.8021x
new file mode 100644
index 00000000..1dcdbcb6
--- /dev/null
+++ b/autotests/testEAP/sim/ssidEAP-SIM.8021x
@@ -0,0 +1,5 @@
+[Security]
+EAP-Method=SIM
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/ssidEAP-PWD.8021x b/autotests/testEAP/ssidEAP-PWD.8021x
new file mode 100644
index 00000000..03fd9926
--- /dev/null
+++ b/autotests/testEAP/ssidEAP-PWD.8021x
@@ -0,0 +1,7 @@
+[Security]
+EAP-Method=PWD
+EAP-Identity=pwd@example.com
+EAP-Password=Password
+
+[Settings]
+AutoConnect=false
diff --git a/autotests/testEAP/ssidEAP.conf b/autotests/testEAP/ssidEAP.conf
new file mode 100644
index 00000000..d2536a4d
--- /dev/null
+++ b/autotests/testEAP/ssidEAP.conf
@@ -0,0 +1,14 @@
+hw_mode=g
+channel=1
+ssid=ssidEAP
+wpa=3
+wpa_key_mgmt=WPA-EAP
+ieee8021x=1
+eap_server=1
+eap_user_file=/tmp/secrets/eap-user.text
+ca_cert=/tmp/certs/cert-ca.pem
+server_cert=/tmp/certs/cert-server.pem
+private_key=/tmp/certs/cert-server-key.pem
+
+eap_sim_db=unix:/tmp/hlrauc.sock
+eap_sim_aka_result_ind=1
diff --git a/autotests/testEAP/tls/ssidEAP-TLS-des-ede3.8021x b/autotests/testEAP/tls/ssidEAP-TLS-des-ede3.8021x
new file mode 100644
index 00000000..5b4a7df8
--- /dev/null
+++ b/autotests/testEAP/tls/ssidEAP-TLS-des-ede3.8021x
@@ -0,0 +1,9 @@
+[Security]
+EAP-Method=TLS
+EAP-TLS-CACert=/tmp/certs/cert-ca.pem
+EAP-TLS-ClientCert=/tmp/certs/cert-client.crt
+EAP-TLS-ClientKey=/tmp/certs/cert-client-key-v2-des-ede3.pem
+EAP-Identity=tls@example.com
+
+[Settings]
+AutoConnect=False
diff --git a/autotests/testEAP/tls/ssidEAP-TLS-embedded.8021x b/autotests/testEAP/tls/ssidEAP-TLS-embedded.8021x
new file mode 100644
index 00000000..068d661c
--- /dev/null
+++ b/autotests/testEAP/tls/ssidEAP-TLS-embedded.8021x
@@ -0,0 +1,94 @@
+[Security]
+EAP-Method=TLS
+EAP-TLS-CACert=embed:cert_ca
+EAP-TLS-ClientCert=embed:cert_client
+EAP-TLS-ClientKey=embed:cert_client_key
+EAP-Identity=tls@example.com
+
+[@pem@cert_ca]
+-----BEGIN CERTIFICATE-----
+MIIEVDCCAzygAwIBAgIJAJmt2W7CutHvMA0GCSqGSIb3DQEBCwUAMHgxNTAzBgNV
+BAoMLEludGVybmF0aW9uYWwgVW5pb24gb2YgRXhhbXBsZSBPcmdhbml6YXRpb25z
+MR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1ZXIgZ3V5MR4wHAYJKoZIhvcNAQkB
+Fg9jYUBtYWlsLmV4YW1wbGUwHhcNMTYwNTE3MjEyMDQ2WhcNNDMxMDAzMjEyMDQ2
+WjB4MTUwMwYDVQQKDCxJbnRlcm5hdGlvbmFsIFVuaW9uIG9mIEV4YW1wbGUgT3Jn
+YW5pemF0aW9uczEfMB0GA1UEAwwWQ2VydGlmaWNhdGUgaXNzdWVyIGd1eTEeMBwG
+CSqGSIb3DQEJARYPY2FAbWFpbC5leGFtcGxlMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAo3GrGqW49h8kY2Wx/1kd5dIkYGazuWrX93ma9904hHBJNsvu
+V34QfHVln6wDpMZMwuvkfct09kl0rQpztJzA9YL4GMdmV6+6J6LiX1kMqLkNaJa+
+Ov+ECG5ypBRbSTYKpqFsc5wPOQf/N8brBiZS1v67va3fCwO6dgLeAf7dZ3Q70oUr
+mghbK8UnlC+wLShxCBAW8TUKg7B7M5Gea794CO9wH7NsFyAr963WVcLxrdL3xMHZ
+9hcscrljh35nCAc6sum1cTtWI651OGehr0Bhp2o2Exgr2mbo5TobqEW+fe4gc4ik
+0nzHGWiOVaszUcvpeeduGV3y6om93atffeKuxQIDAQABo4HgMIHdMA8GA1UdEwQI
+MAYBAf8CAQAwHQYDVR0OBBYEFO+M3tJAELTnseUqZyP4vl5X7SmUMIGqBgNVHSME
+gaIwgZ+AFO+M3tJAELTnseUqZyP4vl5X7SmUoXykejB4MTUwMwYDVQQKDCxJbnRl
+cm5hdGlvbmFsIFVuaW9uIG9mIEV4YW1wbGUgT3JnYW5pemF0aW9uczEfMB0GA1UE
+AwwWQ2VydGlmaWNhdGUgaXNzdWVyIGd1eTEeMBwGCSqGSIb3DQEJARYPY2FAbWFp
+bC5leGFtcGxlggkAma3ZbsK60e8wDQYJKoZIhvcNAQELBQADggEBAA/Yb9jB94OF
+swbyCrA6Qe53YGC4dfqrKGRThtGKTrH0XcM2x2qLIIbiNDogwhRqlUW8iNY6Dm2k
+43mJzNsYhy7Nt3IJFCguTJFilfGzQnBtK8wCr/C9qsj//BESOIlo/TDZ2Ho4ixcJ
+n+FTnN34F6JJ0DIvA6tNBe1kUFSrbubL8ygNWJ9BKMebEzokGNGCGFNr70DlQj2o
+1EOMMOkj0gWO0WegAYFLojzag3l+uvU59YE+/fbZ2iclyvbF7IutQ5M9g5TnQE6F
+f+qFKR5+bhlJwry6vLl/6ulihkvF3y1bm7zae62zbFaZRU6PJUl1DtXiA23ZTm9T
+VDivqs07R84=
+-----END CERTIFICATE-----
+
+[@pem@cert_client]
+-----BEGIN CERTIFICATE-----
+MIIEPTCCAyWgAwIBAgIJAPk7rut4SWQCMA0GCSqGSIb3DQEBCwUAMHgxNTAzBgNV
+BAoMLEludGVybmF0aW9uYWwgVW5pb24gb2YgRXhhbXBsZSBPcmdhbml6YXRpb25z
+MR8wHQYDVQQDDBZDZXJ0aWZpY2F0ZSBpc3N1ZXIgZ3V5MR4wHAYJKoZIhvcNAQkB
+Fg9jYUBtYWlsLmV4YW1wbGUwHhcNMTYwNTE3MjEyMDQ3WhcNNDMxMDAzMjEyMDQ3
+WjBnMSEwHwYDVQQKDBhCYXIgRXhhbXBsZSBPcmdhbml6YXRpb24xITAfBgNVBAMM
+GEJhciBFeGFtcGxlIE9yZ2FuaXphdGlvbjEfMB0GCSqGSIb3DQEJARYQYmFyQG1h
+aWwuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOE5D/lU
+haTC3xL281ttZPRURXlKJqLwcHGXQSuQm6wwYWtAhLyMLEHrryE0oChKdw3eV7Nn
+/IODxvk1S8uIuKfHWuNd5qX/yu7CjCWvyim2CSJHF24rQFmb9ePoddOZnDMMAIz7
+PC325JVhbr/LSBLbqhZ0smHy1HKyrzzHHzKU4YcTH/3+3H4MHZwnNZfbfG5qhRZG
+Nuu/8t+AWVcEocPRGYZpzWJNq6AAzojAHSSOxxiscBMiuQ+BdofPw9XhwpS+Fstk
+rvF8J9FfZj5U3FOm/EgOQn8efnrUL231PqB1R9PIKYv/938p3iDMIi0ETiKi5ced
+WV8m2PcykPdNOKMCAwEAAaOB2jCB1zAJBgNVHRMEAjAAMB0GA1UdDgQWBBTs9eey
+OkMw3uiPpDOa3b9KErbEfzCBqgYDVR0jBIGiMIGfgBTvjN7SQBC057HlKmcj+L5e
+V+0plKF8pHoweDE1MDMGA1UECgwsSW50ZXJuYXRpb25hbCBVbmlvbiBvZiBFeGFt
+cGxlIE9yZ2FuaXphdGlvbnMxHzAdBgNVBAMMFkNlcnRpZmljYXRlIGlzc3VlciBn
+dXkxHjAcBgkqhkiG9w0BCQEWD2NhQG1haWwuZXhhbXBsZYIJAJmt2W7CutHvMA0G
+CSqGSIb3DQEBCwUAA4IBAQA8MxPjU2h5gwntQeSs8eeaEUILMkoU6JSDS4s5Hex5
+xYMLfcSoPPI0E6ahvKtWkSM0UZThyWsulSDTI1EgAiebjms06m1Ogh9V+0VbcOlQ
+D/k3+fSRIiyY+v3J/h8ArUby+m5O2g1TgECr/nZl4avoAI0RpBi3lH6tC8GQYdbc
+SA6hpNCM/dY3LWtAo2W6mdE8+RlCuTj4VZiQ1g6GE77t6XwDFL6vQBzLLXrinvXK
+Ha+IssV5sGdpH9bVFWIJV2q3OZuv3HLhQfGmeUrGyWVcokQQ8d6kRwg65Zb1+KT2
+bNlVKhPAMBk4ayEocpqFIfqfCKDjGdPUruIh8IVDc684
+-----END CERTIFICATE-----
+
+[@pem@cert_client_key]
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDhOQ/5VIWkwt8S
+9vNbbWT0VEV5Siai8HBxl0ErkJusMGFrQIS8jCxB668hNKAoSncN3lezZ/yDg8b5
+NUvLiLinx1rjXeal/8ruwowlr8optgkiRxduK0BZm/Xj6HXTmZwzDACM+zwt9uSV
+YW6/y0gS26oWdLJh8tRysq88xx8ylOGHEx/9/tx+DB2cJzWX23xuaoUWRjbrv/Lf
+gFlXBKHD0RmGac1iTaugAM6IwB0kjscYrHATIrkPgXaHz8PV4cKUvhbLZK7xfCfR
+X2Y+VNxTpvxIDkJ/Hn561C9t9T6gdUfTyCmL//d/Kd4gzCItBE4iouXHnVlfJtj3
+MpD3TTijAgMBAAECggEBAIbg9YAL7j1NtupUmkkWqm7oSPLqRVkvRSfBvXWplJD6
+KF1itht0lsyjqK3qJj/62HGlxj/a9o6MTIzSLiImLu/Lo9KmWYrwNUfnmqa3MArq
+yW2NxapknJUNoaRrgqTGSZUIiwvjKZcdVKdhQkH6K5+fja0FFg8yrahC+k8bsMNI
+5mw8NwRdR3SvHJWHCLfKCQ31tju7On/4C6jr0siUCc2//W+SO5c+FHDY1bma02cp
+jXTEiFpw91YcyKxiADIaH9/qfxWdefxqYg1WlUeXF3jYt5xYnYr34qKW1gOZ3jy1
+QJ3esn382ZTml3TFZWy+g9tkYyOSgmDwQZbLk/ppBAECgYEA8RzLBFwP018ieMBv
+khDtwcKk6ZihkWZxEPQPuUljWzzAHn/f3dXOcrfmflAKeoDEeYDimDYDizTLDPC4
+zmWkMJHNadcM5H065BbGVFQWXo47ltccfIlB/1vzG8aywfJ/yNfHvH87wbH2eg6N
+yOr+96ZjLJszQ+Rv189BbXDzTcMCgYEA7yEbUL/A1J0l2kLoYyS0vfVa7AyBVOFW
+vPgfkF7HdNpIiFWlukMr+DWOolaoZp5iHqQXFwJsL8qCcrbZuHbaNHAI/5vDE9xG
+fh8KzrfBrjIPIyNm6EWpsBo5unXK+wTeqIAGKdzDo5Q3zEE6G5DkkHItKA7yjPOM
+gz/b/MR3W6ECgYBBv3dA3hXWrreIs/j4nLMoxfoQVPWh34xvcg4jmXaFd6Bv8LDM
+HjRopestgIgK9bgd5d5kYT5AJIpGIhJS/fZy5B9egCzc1aVMc0Vr024yJJjtPgVf
+lFIx3xIA/gLazlS4INcveIaEABJVIEjbg/E4+N9MV5n4Jn+1GqgdvtIp3wKBgQC0
+C3lFkxrc+nVFoJrYCwsK+3E5yTCXeBKWtTsOuE307WUvQU1GsMyqVajPEfA5U4cN
+Cv9Xk7thQFh3hrTm7pXcZX5g9iYrDe8FhtncSv7I6Wf8TOtudwUMUrKkcYwi88ex
+lrMNUer7ft2ELJhTqQRuvYjCYH6/IaDqMWqxJju4AQKBgQDPjOh75ykQc93SsYpt
+Tb4gQKLeqOb57pofT8D44DccatfEgk31D4fBIIQu6XKopQmCtQyX9DUDjOWFTxuo
+IMPysN6Fh1quCbC6Xt5xfKoaJG5yQYKeKtLhknwEW9SUifU2xVrOcPikLs7Iwmmp
+BkDLsu/YKwRFSfrbYZXbTlU8tQ==
+-----END PRIVATE KEY-----
+
+[Settings]
+AutoConnect=False
diff --git a/autotests/testEAP/tls/ssidEAP-TLS-keybundle.8021x b/autotests/testEAP/tls/ssidEAP-TLS-keybundle.8021x
new file mode 100644
index 00000000..30470388
--- /dev/null
+++ b/autotests/testEAP/tls/ssidEAP-TLS-keybundle.8021x
@@ -0,0 +1,9 @@
+[Security]
+EAP-Method=TLS
+EAP-TLS-CACert=/tmp/certs/cert-ca.pem
+EAP-TLS-ClientKeyBundle=/tmp/certs/cert-client.p12
+EAP-TLS-ClientKeyPassphrase=abc
+EAP-Identity=tls@example.com
+
+[Settings]
+AutoConnect=False
diff --git a/autotests/testEAP/tls/ssidEAP-TLS-keypass.8021x b/autotests/testEAP/tls/ssidEAP-TLS-keypass.8021x
new file mode 100644
index 00000000..538d2dda
--- /dev/null
+++ b/autotests/testEAP/tls/ssidEAP-TLS-keypass.8021x
@@ -0,0 +1,10 @@
+[Security]
+EAP-Method=TLS
+EAP-TLS-CACert=/tmp/certs/cert-ca.pem
+EAP-TLS-ClientCert=/tmp/certs/cert-client.pem
+EAP-TLS-ClientKey=/tmp/certs/cert-client-key-md5-des.pem
+EAP-TLS-ClientKeyPassphrase=abc
+EAP-Identity=tls@example.com
+
+[Settings]
+AutoConnect=False
diff --git a/autotests/testEAP/tls/ssidEAP-TLS-nokeypass.8021x b/autotests/testEAP/tls/ssidEAP-TLS-nokeypass.8021x
new file mode 100644
index 00000000..88c622ad
--- /dev/null
+++ b/autotests/testEAP/tls/ssidEAP-TLS-nokeypass.8021x
@@ -0,0 +1,9 @@
+[Security]
+EAP-Method=TLS
+EAP-TLS-CACert=/tmp/certs/cert-ca.pem
+EAP-TLS-ClientCert=/tmp/certs/cert-client.pem
+EAP-TLS-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-Identity=tls@example.com
+
+[Settings]
+AutoConnect=False
diff --git a/autotests/testEAP/ttls/ssidEAP-TTLS-CHAP.8021x b/autotests/testEAP/ttls/ssidEAP-TTLS-CHAP.8021x
new file mode 100644
index 00000000..4f67f540
--- /dev/null
+++ b/autotests/testEAP/ttls/ssidEAP-TTLS-CHAP.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=TTLS
+EAP-Identity=ttls@example.com
+EAP-TTLS-Phase2-Method=Tunneled-CHAP
+
+# If CHAP Identity and Password are left out, they will be requested through
+# the agent.
+#EAP-TTLS-Phase2-Identity=ttls-chap-phase2@example.com
+#EAP-TTLS-Phase2-Password=Password
+
+[Settings]
+AutoConnect=False
diff --git a/autotests/testEAP/ttls/ssidEAP-TTLS-MD5.8021x b/autotests/testEAP/ttls/ssidEAP-TTLS-MD5.8021x
new file mode 100644
index 00000000..f789fe42
--- /dev/null
+++ b/autotests/testEAP/ttls/ssidEAP-TTLS-MD5.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=TTLS
+EAP-Identity=ttls@example.com
+EAP-TTLS-CACert=/tmp/certs/cert-ca.pem
+EAP-TTLS-ClientCert=/tmp/certs/cert-client.pem
+EAP-TTLS-ClientKey=/tmp/certs/cert-client-key-pkcs8.pem
+EAP-TTLS-Phase2-Method=MD5
+EAP-TTLS-Phase2-Identity=md5-phase2@example.com
+EAP-TTLS-Phase2-Password=Password
+
+[Settings]
+AutoConnect=False
diff --git a/autotests/testEAP/ttls/ssidEAP-TTLS-MSCHAPV2.8021x b/autotests/testEAP/ttls/ssidEAP-TTLS-MSCHAPV2.8021x
new file mode 100644
index 00000000..a3733635
--- /dev/null
+++ b/autotests/testEAP/ttls/ssidEAP-TTLS-MSCHAPV2.8021x
@@ -0,0 +1,8 @@
+[Security]
+EAP-Method=TTLS
+EAP-Identity=ttls@example.com
+EAP-TTLS-CACert=/tmp/certs/cert-ca.pem
+EAP-TTLS-ClientCert=/tmp/certs/cert-client.pem
+EAP-TTLS-ClientKey=/tmp/certs/cert-client-key-v2-des-ede3.pem
+EAP-TTLS-Phase2-Method=MSCHAPV2
+EAP-TTLS-Phase2-Identity=mschapv2-phase2@example.com
diff --git a/autotests/testEAP/ttls/ssidEAP-TTLS-Tunneled-MSCHAP.8021x b/autotests/testEAP/ttls/ssidEAP-TTLS-Tunneled-MSCHAP.8021x
new file mode 100644
index 00000000..3d9e523b
--- /dev/null
+++ b/autotests/testEAP/ttls/ssidEAP-TTLS-Tunneled-MSCHAP.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=TTLS
+EAP-Identity=ttls@example.com
+EAP-TTLS-Phase2-Method=Tunneled-MSCHAP
+
+# If MSCHAP Identity and Password are left out, they will be requested through
+# the agent.
+#EAP-TTLS-Phase2-Identity=ttls-mschap-phase2@example.com
+#EAP-TTLS-Phase2-Password=Password
+
+[Settings]
+AutoConnect=False
diff --git a/autotests/testEAP/ttls/ssidEAP-TTLS-Tunneled-MSCHAPV2.8021x b/autotests/testEAP/ttls/ssidEAP-TTLS-Tunneled-MSCHAPV2.8021x
new file mode 100644
index 00000000..2a33d0d0
--- /dev/null
+++ b/autotests/testEAP/ttls/ssidEAP-TTLS-Tunneled-MSCHAPV2.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=TTLS
+EAP-Identity=ttls@example.com
+EAP-TTLS-Phase2-Method=Tunneled-MSCHAPv2
+
+# If MSCHAP Identity and Password are left out, they will be requested through
+# the agent.
+#EAP-TTLS-Phase2-Identity=ttls-mschapv2-phase2@example.com
+#EAP-TTLS-Phase2-Password=Password
+
+[Settings]
+AutoConnect=False
diff --git a/autotests/testEAP/ttls/ssidEAP-TTLS-Tunneled-PAP.8021x b/autotests/testEAP/ttls/ssidEAP-TTLS-Tunneled-PAP.8021x
new file mode 100644
index 00000000..eecb4a23
--- /dev/null
+++ b/autotests/testEAP/ttls/ssidEAP-TTLS-Tunneled-PAP.8021x
@@ -0,0 +1,12 @@
+[Security]
+EAP-Method=TTLS
+EAP-Identity=ttls@example.com
+EAP-TTLS-Phase2-Method=Tunneled-PAP
+
+# If PAP Identity and Password are left out, they will be requested through
+# the agent.
+#EAP-TTLS-Phase2-Identity=ttls-pap@example.com
+#EAP-TTLS-Phase2-Password=Password
+
+[Settings]
+AutoConnect=False