tests: Skip more tests based on missing TKIP support

This makes it more convenient to run tests with builds that disable TKIP/WPA(v1) support completely. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 16:07:24 +03:00 · 2020-04-17 16:07:24 +03:00 · 21cf2c5baf
commit 21cf2c5baf
parent de5bf2d199
20 changed files with 80 additions and 17 deletions
--- a/tests/hwsim/test_ap_ciphers.py
+++ b/tests/hwsim/test_ap_ciphers.py
@ -13,7 +13,7 @@ import subprocess

 import hwsim_utils
 import hostapd
-from utils import HwsimSkip, skip_with_fips, require_under_vm
+from utils import *
 from wlantest import Wlantest
 from wpasupplicant import WpaSupplicant

@ -78,12 +78,14 @@ def check_group_mgmt_cipher(dev, ap, cipher, sta_req_cipher=None):
 def test_ap_cipher_tkip(dev, apdev):
    """WPA2-PSK/TKIP connection"""
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
    check_cipher(dev[0], apdev[0], "TKIP")

@remote_compatible
 def test_ap_cipher_tkip_countermeasures_ap(dev, apdev):
    """WPA-PSK/TKIP countermeasures (detected by AP)"""
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
    testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (dev[0].get_driver_status_field("phyname"), dev[0].ifname)
    if dev[0].cmd_execute(["ls", testfile])[0] != 0:
        raise HwsimSkip("tkip_mic_test not supported in mac80211")
@ -118,6 +120,7 @@ def test_ap_cipher_tkip_countermeasures_ap(dev, apdev):
 def test_ap_cipher_tkip_countermeasures_ap_mixed_mode(dev, apdev):
    """WPA+WPA2-PSK/TKIP countermeasures (detected by mixed mode AP)"""
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
    testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (dev[0].get_driver_status_field("phyname"), dev[0].ifname)
    if dev[0].cmd_execute(["ls", testfile])[0] != 0:
        raise HwsimSkip("tkip_mic_test not supported in mac80211")
@ -166,6 +169,7 @@ def test_ap_cipher_tkip_countermeasures_ap_mixed_mode(dev, apdev):
 def test_ap_cipher_tkip_countermeasures_sta(dev, apdev):
    """WPA-PSK/TKIP countermeasures (detected by STA)"""
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
    params = {"ssid": "tkip-countermeasures",
              "wpa_passphrase": "12345678",
              "wpa": "1",
@ -202,6 +206,7 @@ def test_ap_cipher_tkip_countermeasures_sta2(dev, apdev, params):
    if not params['long']:
        raise HwsimSkip("Skip test case with long duration due to --long not specified")
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
    params = {"ssid": "tkip-countermeasures",
              "wpa_passphrase": "12345678",
              "wpa": "1",
@ -365,6 +370,7 @@ def test_ap_cipher_gcmp_ccmp(dev, apdev, params):
 def test_ap_cipher_mixed_wpa_wpa2(dev, apdev):
    """WPA2-PSK/CCMP/ and WPA-PSK/TKIP mixed configuration"""
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
    ssid = "test-wpa-wpa2-psk"
    passphrase = "12345678"
    params = {"ssid": ssid,
@ -516,6 +522,7 @@ def test_ap_cipher_replay_protection_ap_ccmp(dev, apdev):

 def test_ap_cipher_replay_protection_ap_tkip(dev, apdev):
    """TKIP replay protection on AP"""
+    skip_without_tkip(dev[0])
    run_ap_cipher_replay_protection_ap(dev, apdev, "TKIP")

 def test_ap_cipher_replay_protection_ap_gcmp(dev, apdev):
@ -572,6 +579,7 @@ def test_ap_cipher_replay_protection_sta_ccmp(dev, apdev):

 def test_ap_cipher_replay_protection_sta_tkip(dev, apdev):
    """TKIP replay protection on STA (TK)"""
+    skip_without_tkip(dev[0])
    run_ap_cipher_replay_protection_sta(dev, apdev, "TKIP")

 def test_ap_cipher_replay_protection_sta_gcmp(dev, apdev):
@ -586,6 +594,7 @@ def test_ap_cipher_replay_protection_sta_gtk_ccmp(dev, apdev):

 def test_ap_cipher_replay_protection_sta_gtk_tkip(dev, apdev):
    """TKIP replay protection on STA (GTK)"""
+    skip_without_tkip(dev[0])
    run_ap_cipher_replay_protection_sta(dev, apdev, "TKIP", gtk=True)

 def test_ap_cipher_replay_protection_sta_gtk_gcmp(dev, apdev):
@ -987,6 +996,7 @@ def test_ap_wpa2_plaintext_group_m1_pmf(dev, apdev):

 def test_ap_wpa2_gtk_initial_rsc_tkip(dev, apdev):
    """Initial group cipher RSC (TKIP)"""
+    skip_without_tkip(dev[0])
    run_ap_wpa2_gtk_initial_rsc(dev, apdev, "TKIP")

 def test_ap_wpa2_gtk_initial_rsc_ccmp(dev, apdev):
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@ -24,7 +24,7 @@ import tempfile
 import hwsim_utils
 from hwsim import HWSimRadio
 import hostapd
-from utils import HwsimSkip, alloc_fail, fail_test, skip_with_fips, wait_fail_trigger, require_under_vm
+from utils import *
 from wpasupplicant import WpaSupplicant
 from test_ap_psk import check_mib, find_wpas_process, read_process_memory, verify_not_present, get_key_locations, set_test_assoc_ie

@ -3304,6 +3304,7 @@ def test_ap_wpa2_eap_psk_oom(dev, apdev):

 def test_ap_wpa_eap_peap_eap_mschapv2(dev, apdev):
    """WPA-Enterprise connection using EAP-PEAP/EAP-MSCHAPv2"""
+    skip_without_tkip(dev[0])
    check_eap_capa(dev[0], "MSCHAPV2")
    params = hostapd.wpa_eap_params(ssid="test-wpa-eap")
    hapd = hostapd.add_ap(apdev[0], params)
@ -7317,6 +7318,7 @@ def test_ap_wpa2_eap_sake_no_control_port(dev, apdev):

 def test_ap_wpa3_eap_transition_disable(dev, apdev):
    """WPA3-Enterprise transition disable indication"""
+    skip_without_tkip(dev[0])
    params = hostapd.wpa2_eap_params(ssid="test-wpa3-eap")
    params["ieee80211w"] = "1"
    params['transition_disable'] = '0x04'
--- a/tests/hwsim/test_ap_ft.py
+++ b/tests/hwsim/test_ap_ft.py
@ -442,6 +442,7 @@ def test_ap_ft_many_vlan(dev, apdev):

 def test_ap_ft_mixed(dev, apdev):
    """WPA2-PSK-FT mixed-mode AP"""
+    skip_without_tkip(dev[0])
    ssid = "test-ft-mixed"
    passphrase = "12345678"

--- a/tests/hwsim/test_ap_hs20.py
+++ b/tests/hwsim/test_ap_hs20.py
@ -17,7 +17,7 @@ import socket
 import subprocess

 import hostapd
-from utils import HwsimSkip, skip_with_fips, alloc_fail, fail_test, wait_fail_trigger
+from utils import *
 import hwsim_utils
 from tshark import run_tshark
 from wlantest import Wlantest
@ -5989,6 +5989,9 @@ def test_ap_hs20_set_profile_failures(dev, apdev):

 def test_ap_hs20_unexpected(dev, apdev):
    """Unexpected Hotspot 2.0 AP configuration"""
+    skip_without_tkip(dev[0])
+    skip_without_tkip(dev[1])
+    skip_without_tkip(dev[2])
    check_eap_capa(dev[0], "MSCHAPV2")
    bssid = apdev[0]['bssid']
    params = hostapd.wpa_eap_params(ssid="test-hs20-fake")
--- a/tests/hwsim/test_ap_mixed.py
+++ b/tests/hwsim/test_ap_mixed.py
@ -9,11 +9,12 @@ logger = logging.getLogger()

 import hostapd
 import hwsim_utils
-from utils import skip_with_fips
+from utils import *

 def test_ap_mixed_security(dev, apdev):
    """WPA/WPA2 with PSK, EAP, SAE, FT in a single BSS"""
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
    dev[0].flush_scan_cache()
    sae = "SAE" in dev[2].get_capability("auth_alg")
    ssid = "test-mixed"
--- a/tests/hwsim/test_ap_pmf.py
+++ b/tests/hwsim/test_ap_pmf.py
@ -13,8 +13,7 @@ logger = logging.getLogger()

 import hwsim_utils
 import hostapd
-from utils import alloc_fail, fail_test, wait_fail_trigger, HwsimSkip, \
-    radiotap_build, start_monitor, stop_monitor
+from utils import *
 from wlantest import Wlantest
 from wpasupplicant import WpaSupplicant

@ -854,6 +853,7 @@ def run_ap_pmf_inject_data(dev, apdev):

 def test_ap_pmf_tkip_reject(dev, apdev):
    """Mixed mode BSS and MFP-enabled AP rejecting TKIP"""
+    skip_without_tkip(dev[0])
    params = hostapd.wpa2_params(ssid="test-pmf", passphrase="12345678")
    params['wpa'] = '3'
    params["ieee80211w"] = "1"
--- a/tests/hwsim/test_ap_psk.py
+++ b/tests/hwsim/test_ap_psk.py
@ -333,6 +333,7 @@ def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
 def test_ap_wpa_ptk_rekey(dev, apdev):
    """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
    ssid = "test-wpa-psk"
    passphrase = 'qwertyuiop'
    params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
@ -349,6 +350,7 @@ def test_ap_wpa_ptk_rekey(dev, apdev):
 def test_ap_wpa_ptk_rekey_ap(dev, apdev):
    """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
    ssid = "test-wpa-psk"
    passphrase = 'qwertyuiop'
    params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
@ -494,6 +496,7 @@ def test_ap_wpa2_gtk_rekey_request(dev, apdev):
 def test_ap_wpa_gtk_rekey(dev, apdev):
    """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
    ssid = "test-wpa-psk"
    passphrase = 'qwertyuiop'
    params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
@ -1565,6 +1568,7 @@ def test_ap_wpa2_psk_ext_eapol_type_diff(dev, apdev):
@remote_compatible
 def test_ap_wpa_psk_ext_eapol(dev, apdev):
    """WPA2-PSK AP using external EAPOL supplicant"""
+    skip_without_tkip(dev[0])
    (bssid, ssid, hapd, snonce, pmk, addr, wpae) = eapol_test(apdev[0], dev[0],
                                                              wpa2=False)

@ -2803,6 +2807,7 @@ def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev):
 def test_ap_wpa_ie_parsing(dev, apdev):
    """WPA IE parsing"""
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
    ssid = "test-wpa-psk"
    passphrase = 'qwertyuiop'
    params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
@ -3034,6 +3039,7 @@ def test_ap_wpa2_psk_assoc_rsn_pmkid(dev, apdev):

 def test_ap_wpa_psk_rsn_pairwise(dev, apdev):
    """WPA-PSK AP and only rsn_pairwise set"""
+    skip_without_tkip(dev[0])
    params = {"ssid": "wpapsk", "wpa": "1", "wpa_key_mgmt": "WPA-PSK",
              "rsn_pairwise": "TKIP", "wpa_passphrase": "1234567890"}
    hapd = hostapd.add_ap(apdev[0], params)
@ -3154,6 +3160,7 @@ def test_ap_wpa2_disable_eapol_retry_group(dev, apdev):

 def test_ap_wpa2_psk_mic_0(dev, apdev):
    """WPA2-PSK/TKIP and MIC=0 in EAPOL-Key msg 3/4"""
+    skip_without_tkip(dev[0])
    bssid = apdev[0]['bssid']
    ssid = "test-wpa2-psk"
    passphrase = 'qwertyuiop'
--- a/tests/hwsim/test_ap_tdls.py
+++ b/tests/hwsim/test_ap_tdls.py
@ -14,7 +14,7 @@ import hwsim_utils
 from hostapd import HostapdGlobal
 from hostapd import Hostapd
 import hostapd
-from utils import HwsimSkip, skip_with_fips
+from utils import *
 from wlantest import Wlantest
 from test_ap_vht import vht_supported
 from test_wep import check_wep_capa
@ -291,6 +291,8 @@ def test_ap_wpa2_tdls_double_tpk_m2(dev, apdev):
 def test_ap_wpa_tdls(dev, apdev):
    """WPA-PSK AP and two stations using TDLS"""
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
+    skip_without_tkip(dev[1])
    hapd = hostapd.add_ap(apdev[0],
                          hostapd.wpa_params(ssid="test-wpa-psk",
                                             passphrase="12345678"))
@ -303,6 +305,7 @@ def test_ap_wpa_tdls(dev, apdev):
 def test_ap_wpa_mixed_tdls(dev, apdev):
    """WPA+WPA2-PSK AP and two stations using TDLS"""
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
    hapd = hostapd.add_ap(apdev[0],
                          hostapd.wpa_mixed_params(ssid="test-wpa-mixed-psk",
                                                   passphrase="12345678"))
--- a/tests/hwsim/test_ap_vht.py
+++ b/tests/hwsim/test_ap_vht.py
@ -1117,6 +1117,7 @@ def test_ap_vht_use_sta_nsts(dev, apdev):

 def test_ap_vht_tkip(dev, apdev):
    """VHT and TKIP"""
+    skip_without_tkip(dev[0])
    try:
        hapd = None
        params = {"ssid": "vht",
--- a/tests/hwsim/test_ap_wps.py
+++ b/tests/hwsim/test_ap_wps.py
@ -41,8 +41,7 @@ import xml.etree.ElementTree as ET
 import hwsim_utils
 import hostapd
 from wpasupplicant import WpaSupplicant
-from utils import HwsimSkip, alloc_fail, fail_test, skip_with_fips
-from utils import wait_fail_trigger, clear_regdom
+from utils import *
 from test_ap_eap import int_eap_server_params
 from test_sae import check_sae_capab
 from test_wep import check_wep_capa
@ -56,6 +55,7 @@ def wps_start_ap(apdev, ssid="test-wps-conf"):
@remote_compatible
 def test_ap_wps_init(dev, apdev):
    """Initial AP configuration with first WPS Enrollee"""
+    skip_without_tkip(dev[0])
    ssid = "test-wps"
    hapd = hostapd.add_ap(apdev[0],
                          {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
@ -111,6 +111,7 @@ def test_ap_wps_init(dev, apdev):

 def test_ap_wps_init_2ap_pbc(dev, apdev):
    """Initial two-radio AP configuration with first WPS PBC Enrollee"""
+    skip_without_tkip(dev[0])
    ssid = "test-wps"
    params = {"ssid": ssid, "eap_server": "1", "wps_state": "1"}
    hapd = hostapd.add_ap(apdev[0], params)
@ -147,6 +148,7 @@ def test_ap_wps_init_2ap_pbc(dev, apdev):

 def test_ap_wps_init_2ap_pin(dev, apdev):
    """Initial two-radio AP configuration with first WPS PIN Enrollee"""
+    skip_without_tkip(dev[0])
    ssid = "test-wps"
    params = {"ssid": ssid, "eap_server": "1", "wps_state": "1"}
    hapd = hostapd.add_ap(apdev[0], params)
@ -411,6 +413,7 @@ def test_ap_wps_conf_pin(dev, apdev):

 def test_ap_wps_conf_pin_mixed_mode(dev, apdev):
    """WPS PIN provisioning with configured AP (WPA+WPA2)"""
+    skip_without_tkip(dev[0])
    ssid = "test-wps-conf-pin-mixed"
    hapd = hostapd.add_ap(apdev[0],
                          {"ssid": ssid, "eap_server": "1", "wps_state": "2",
@ -588,6 +591,7 @@ def test_ap_wps_reg_connect_zero_len_ap_pin(dev, apdev):

 def test_ap_wps_reg_connect_mixed_mode(dev, apdev):
    """WPS registrar using AP PIN to connect (WPA+WPA2)"""
+    skip_without_tkip(dev[0])
    ssid = "test-wps-reg-ap-pin"
    appin = "12345670"
    hostapd.add_ap(apdev[0],
@ -786,6 +790,7 @@ def test_ap_wps_reg_config_ext_processing(dev, apdev):
 def test_ap_wps_reg_config_tkip(dev, apdev):
    """WPS registrar configuring AP to use TKIP and AP upgrading to TKIP+CCMP"""
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
    ssid = "test-wps-init-ap"
    appin = "12345670"
    hostapd.add_ap(apdev[0],
@ -1985,6 +1990,7 @@ def _test_ap_wps_er_learn_oom(dev, apdev):

 def test_ap_wps_fragmentation(dev, apdev):
    """WPS with fragmentation in EAP-WSC and mixed mode WPA+WPA2"""
+    skip_without_tkip(dev[0])
    ssid = "test-wps-fragmentation"
    appin = "12345670"
    hapd = hostapd.add_ap(apdev[0],
@ -2458,6 +2464,7 @@ def test_ap_wps_pin_request_file(dev, apdev):

 def test_ap_wps_auto_setup_with_config_file(dev, apdev):
    """WPS auto-setup with configuration file"""
+    skip_without_tkip(dev[0])
    conffile = "/tmp/ap_wps_auto_setup_with_config_file.conf"
    ifname = apdev[0]['ifname']
    try:
@ -3642,6 +3649,7 @@ def test_ap_wps_disabled(dev, apdev):

 def test_ap_wps_mixed_cred(dev, apdev):
    """WPS 2.0 STA merging mixed mode WPA/WPA2 credentials"""
+    skip_without_tkip(dev[0])
    ssid = "test-wps-wep"
    params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
              "skip_cred_build": "1", "extra_cred": "wps-mixed-cred"}
@ -10134,6 +10142,7 @@ def test_ap_wps_pbc_in_m1(dev, apdev):

 def test_ap_wps_pbc_mac_addr_change(dev, apdev, params):
    """WPS M1 with MAC address change"""
+    skip_without_tkip(dev[0])
    ssid = "test-wps-mac-addr-change"
    hapd = hostapd.add_ap(apdev[0],
                          {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
@ -10284,6 +10293,8 @@ def run_ap_wps_conf_pin_cipher(dev, apdev, cipher):

 def test_ap_wps_and_sae(dev, apdev):
    """Initial AP configuration with first WPS Enrollee and adding SAE"""
+    skip_without_tkip(dev[0])
+    skip_without_tkip(dev[1])
    try:
        run_ap_wps_and_sae(dev, apdev)
    finally:
--- a/tests/hwsim/test_dbus.py
+++ b/tests/hwsim/test_dbus.py
@ -24,7 +24,7 @@ except ImportError:

 import hostapd
 from wpasupplicant import WpaSupplicant
-from utils import HwsimSkip, alloc_fail, fail_test
+from utils import *
 from p2p_utils import *
 from test_ap_tdls import connect_2sta_open
 from test_ap_eap import check_altsubject_match_support
@ -5553,6 +5553,7 @@ def test_dbus_ap_scan(dev, apdev):

 def test_dbus_connect_wpa_eap(dev, apdev):
    """D-Bus AddNetwork and connection with WPA+WPA2-Enterprise AP"""
+    skip_without_tkip(dev[0])
    (bus, wpas_obj, path, if_obj) = prepare_dbus(dev[0])
    iface = dbus.Interface(if_obj, WPAS_DBUS_IFACE)

--- a/tests/hwsim/test_hapd_ctrl.py
+++ b/tests/hwsim/test_hapd_ctrl.py
@ -10,7 +10,7 @@ import os
 from remotehost import remote_compatible
 import hostapd
 import hwsim_utils
-from utils import skip_with_fips, alloc_fail, fail_test, HwsimSkip
+from utils import *

@remote_compatible
 def test_hapd_ctrl_status(dev, apdev):
@ -613,6 +613,7 @@ def test_hapd_dup_network_global_wpa2(dev, apdev):
 def test_hapd_dup_network_global_wpa(dev, apdev):
    """hostapd and DUP_NETWORK command (WPA)"""
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
    psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
    src_ssid = "hapd-ctrl-src"
    dst_ssid = "hapd-ctrl-dst"
--- a/tests/hwsim/test_he.py
+++ b/tests/hwsim/test_he.py
@ -956,6 +956,7 @@ def test_he_use_sta_nsts(dev, apdev):

 def test_he_tkip(dev, apdev):
    """HE and TKIP"""
+    skip_without_tkip(dev[0])
    try:
        hapd = None
        params = {"ssid": "he",
--- a/tests/hwsim/test_ibss.py
+++ b/tests/hwsim/test_ibss.py
@ -12,7 +12,7 @@ import re
 import subprocess

 import hwsim_utils
-from utils import alloc_fail, wait_fail_trigger
+from utils import *
 from test_wep import check_wep_capa

 def connect_ibss_cmd(dev, id, freq=2412):
@ -190,6 +190,9 @@ def test_ibss_rsn_group_rekey(dev):

 def test_ibss_wpa_none(dev):
    """IBSS WPA-None"""
+    skip_without_tkip(dev[0])
+    skip_without_tkip(dev[1])
+    skip_without_tkip(dev[2])
    ssid = "ibss-wpa-none"

    logger.info("Start IBSS on the first STA")
@ -258,6 +261,8 @@ def test_ibss_wpa_none(dev):

 def test_ibss_wpa_none_ccmp(dev):
    """IBSS WPA-None/CCMP"""
+    skip_without_tkip(dev[0])
+    skip_without_tkip(dev[1])
    ssid = "ibss-wpa-none"

    logger.info("Start IBSS on the first STA")
@ -378,6 +383,8 @@ def test_ibss_open_retry(dev):

 def test_ibss_rsn_tkip(dev):
    """IBSS RSN with TKIP as the cipher"""
+    skip_without_tkip(dev[0])
+    skip_without_tkip(dev[1])
    ssid = "ibss-rsn-tkip"

    id = add_ibss_rsn_tkip(dev[0], ssid)
--- a/tests/hwsim/test_multi_ap.py
+++ b/tests/hwsim/test_multi_ap.py
@ -5,6 +5,7 @@
 # See README for more details.

 import hostapd
+from utils import *

 def test_multi_ap_association(dev, apdev):
    """Multi-AP association in backhaul BSS"""
@ -183,6 +184,7 @@ def test_multi_ap_wps_split_psk(dev, apdev):

 def test_multi_ap_wps_split_mixed(dev, apdev):
    """WPS on split fronthaul and backhaul AP with mixed-mode fronthaul"""
+    skip_without_tkip(dev[0])
    backhaul_ssid = "multi-ap-backhaul-wps"
    backhaul_passphrase = "87654321"
    params = hostapd.wpa_mixed_params(ssid="multi-ap-fronthaul-wps",
--- a/tests/hwsim/test_nfc_wps.py
+++ b/tests/hwsim/test_nfc_wps.py
@ -13,7 +13,7 @@ logger = logging.getLogger()

 import hwsim_utils
 import hostapd
-from utils import alloc_fail, fail_test, clear_regdom
+from utils import *

 def check_wpa2_connection(sta, ap, hapd, ssid, mixed=False):
    status = sta.get_status()
@ -104,6 +104,7 @@ def test_nfc_wps_config_token(dev, apdev):

 def test_nfc_wps_config_token_init(dev, apdev):
    """NFC tag with configuration token from AP with auto configuration"""
+    skip_without_tkip(dev[0])
    ssid = "test-wps-nfc-conf-token-init"
    hapd = hostapd.add_ap(apdev[0],
                          {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
@ -122,6 +123,7 @@ def test_nfc_wps_config_token_init(dev, apdev):
@remote_compatible
 def test_nfc_wps_password_token_sta_init(dev, apdev):
    """Initial AP configuration with first WPS NFC Enrollee"""
+    skip_without_tkip(dev[0])
    ssid = "test-wps-nfc-pw-token-init"
    hapd = hostapd.add_ap(apdev[0],
                          {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
@ -216,6 +218,7 @@ def test_nfc_wps_password_token_ap_preconf(dev, apdev):

 def test_nfc_wps_handover_init(dev, apdev):
    """Connect to WPS AP with NFC connection handover and move to configured state"""
+    skip_without_tkip(dev[0])
    try:
        _test_nfc_wps_handover_init(dev, apdev)
    finally:
--- a/tests/hwsim/test_wext.py
+++ b/tests/hwsim/test_wext.py
@ -11,7 +11,7 @@ import os
 import hostapd
 import hwsim_utils
 from wpasupplicant import WpaSupplicant
-from utils import HwsimSkip, skip_with_fips
+from utils import *
 from test_rfkill import get_rfkill
 from test_wep import check_wep_capa

@ -56,6 +56,7 @@ def test_wext_wpa2_psk(dev, apdev):
 def test_wext_wpa_psk(dev, apdev):
    """WEXT driver interface with WPA-PSK"""
    skip_with_fips(dev[0])
+    skip_without_tkip(dev[0])
    wpas = get_wext_interface()

    params = hostapd.wpa_params(ssid="wext-wpa-psk", passphrase="12345678")
--- a/tests/hwsim/test_wpas_ctrl.py
+++ b/tests/hwsim/test_wpas_ctrl.py
@ -17,12 +17,13 @@ import hostapd
 import hwsim_utils
 from hwsim import HWSimRadio
 from wpasupplicant import WpaSupplicant
-from utils import alloc_fail, fail_test
+from utils import *
 from test_wpas_ap import wait_ap_ready

@remote_compatible
 def test_wpas_ctrl_network(dev):
    """wpa_supplicant ctrl_iface network set/get"""
+    skip_without_tkip(dev[0])
    id = dev[0].add_network()

    if "FAIL" not in dev[0].request("SET_NETWORK " + str(id)):
--- a/tests/hwsim/test_wpas_mesh.py
+++ b/tests/hwsim/test_wpas_mesh.py
@ -16,8 +16,7 @@ import binascii
 import hwsim_utils
 import hostapd
 from wpasupplicant import WpaSupplicant
-from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger, \
-    radiotap_build, start_monitor, stop_monitor
+from utils import *
 from tshark import run_tshark, run_tshark_json
 from test_ap_ht import set_world_reg
 from test_sae import build_sae_commit, sae_rx_commit_token_req
@ -514,6 +513,7 @@ def test_mesh_secure_gcmp_256_gmac_256(dev, apdev):
 def test_mesh_secure_invalid_pairwise_cipher(dev, apdev):
    """Secure mesh and invalid group cipher"""
    check_mesh_support(dev[0], secure=True)
+    skip_without_tkip(dev[0])
    dev[0].request("SET sae_groups ")
    id = add_mesh_secure_net(dev[0], pairwise="TKIP", group="CCMP")
    if dev[0].mesh_group_add(id) != None:
@ -524,6 +524,7 @@ def test_mesh_secure_invalid_pairwise_cipher(dev, apdev):

 def test_mesh_secure_invalid_group_cipher(dev, apdev):
    """Secure mesh and invalid group cipher"""
+    skip_without_tkip(dev[0])
    check_mesh_support(dev[0], secure=True)
    dev[0].request("SET sae_groups ")
    id = add_mesh_secure_net(dev[0], pairwise="CCMP", group="TKIP")
--- a/tests/hwsim/utils.py
+++ b/tests/hwsim/utils.py
@ -94,6 +94,12 @@ def check_ext_key_id_capa(dev):
    if (int(res, 0) & 0x8000000000000000) == 0:
        raise HwsimSkip("Extended Key ID not supported")

+def skip_without_tkip(dev):
+    res = dev.get_capability("fips")
+    if "TKIP" not in dev.get_capability("pairwise") or \
+       "TKIP" not in dev.get_capability("group"):
+        raise HwsimSkip("Cipher TKIP not supported")
+
 def get_phy(ap, ifname=None):
    phy = "phy3"
    try: