diff --git a/tests/hwsim/test_ap_ft.py b/tests/hwsim/test_ap_ft.py index b00126269..648f123e4 100644 --- a/tests/hwsim/test_ap_ft.py +++ b/tests/hwsim/test_ap_ft.py @@ -267,6 +267,8 @@ def test_ap_ft_over_ds_pull(dev, apdev): def test_ap_ft_sae(dev, apdev): """WPA2-PSK-FT-SAE AP""" + if "SAE" not in dev[0].get_capability("auth_alg"): + raise HwsimSkip("SAE not supported") ssid = "test-ft" passphrase="12345678" @@ -285,6 +287,8 @@ def test_ap_ft_sae(dev, apdev): def test_ap_ft_sae_over_ds(dev, apdev): """WPA2-PSK-FT-SAE AP over DS""" + if "SAE" not in dev[0].get_capability("auth_alg"): + raise HwsimSkip("SAE not supported") ssid = "test-ft" passphrase="12345678" diff --git a/tests/hwsim/test_ap_mixed.py b/tests/hwsim/test_ap_mixed.py index 0173f5141..4121f02d3 100644 --- a/tests/hwsim/test_ap_mixed.py +++ b/tests/hwsim/test_ap_mixed.py @@ -12,6 +12,7 @@ import hwsim_utils def test_ap_mixed_security(dev, apdev): """WPA/WPA2 with PSK, EAP, SAE, FT in a single BSS""" + sae = "SAE" in dev[0].get_capability("auth_alg") ssid = "test-mixed" passphrase = 'qwertyuiop' params = hostapd.wpa_mixed_params(ssid=ssid, passphrase=passphrase) @@ -28,12 +29,13 @@ def test_ap_mixed_security(dev, apdev): identity="gpsk user", password="abcdefghijklmnop0123456789abcdef", scan_freq="2412") - dev[2].connect(ssid, psk=passphrase, key_mgmt="SAE", scan_freq="2412") + if sae: + dev[2].connect(ssid, psk=passphrase, key_mgmt="SAE", scan_freq="2412") bss = dev[0].get_bss(apdev[0]['bssid']) if "[WPA-EAP+PSK-TKIP]" not in bss['flags']: raise Exception("Unexpected flags (WPA): " + bss['flags']) - if "[WPA2-EAP+PSK+SAE+FT/EAP+FT/PSK+FT/SAE+EAP-SHA256+PSK-SHA256-CCMP]" not in bss['flags']: + if sae and "[WPA2-EAP+PSK+SAE+FT/EAP+FT/PSK+FT/SAE+EAP-SHA256+PSK-SHA256-CCMP]" not in bss['flags']: raise Exception("Unexpected flags (WPA2): " + bss['flags']) if dev[0].get_status_field("key_mgmt") != "WPA-PSK": @@ -42,14 +44,16 @@ def test_ap_mixed_security(dev, apdev): raise Exception("Unexpected pairwise(1)") if dev[1].get_status_field("key_mgmt") != "WPA2-EAP-SHA256": raise Exception("Unexpected key_mgmt(2)") - if dev[2].get_status_field("key_mgmt") != "SAE": + if sae and dev[2].get_status_field("key_mgmt") != "SAE": raise Exception("Unexpected key_mgmt(3)") hwsim_utils.test_connectivity(dev[0], dev[1]) - hwsim_utils.test_connectivity(dev[1], dev[2]) - hwsim_utils.test_connectivity(dev[0], dev[2]) + if sae: + hwsim_utils.test_connectivity(dev[1], dev[2]) + hwsim_utils.test_connectivity(dev[0], dev[2]) for i in range(3): - hwsim_utils.test_connectivity(dev[i], hapd) + if i < 2 or sae: + hwsim_utils.test_connectivity(dev[i], hapd) dev[i].request("DISCONNECT") dev[0].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256", psk=passphrase, @@ -58,8 +62,9 @@ def test_ap_mixed_security(dev, apdev): identity="gpsk user", password="abcdefghijklmnop0123456789abcdef", scan_freq="2412") - dev[2].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256 SAE", psk=passphrase, - scan_freq="2412") + if sae: + dev[2].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256 SAE", + psk=passphrase, scan_freq="2412") if dev[0].get_status_field("key_mgmt") != "WPA2-PSK-SHA256": raise Exception("Unexpected key_mgmt(1b)") @@ -67,7 +72,7 @@ def test_ap_mixed_security(dev, apdev): raise Exception("Unexpected pairwise(1b)") if dev[1].get_status_field("key_mgmt") != "WPA/IEEE 802.1X/EAP": raise Exception("Unexpected key_mgmt(2b)") - if dev[2].get_status_field("key_mgmt") != "SAE": + if sae and dev[2].get_status_field("key_mgmt") != "SAE": raise Exception("Unexpected key_mgmt(3b)") for i in range(3): @@ -77,11 +82,13 @@ def test_ap_mixed_security(dev, apdev): dev[1].connect(ssid, key_mgmt="FT-EAP", eap="GPSK", identity="gpsk user", password="abcdefghijklmnop0123456789abcdef", scan_freq="2412") - dev[2].connect(ssid, psk=passphrase, key_mgmt="FT-SAE", scan_freq="2412") + if sae: + dev[2].connect(ssid, psk=passphrase, key_mgmt="FT-SAE", + scan_freq="2412") if dev[0].get_status_field("key_mgmt") != "FT-PSK": raise Exception("Unexpected key_mgmt(1c)") if dev[1].get_status_field("key_mgmt") != "FT-EAP": raise Exception("Unexpected key_mgmt(2c)") - if dev[2].get_status_field("key_mgmt") != "FT-SAE": + if sae and dev[2].get_status_field("key_mgmt") != "FT-SAE": raise Exception("Unexpected key_mgmt(3c)") diff --git a/tests/hwsim/test_sae.py b/tests/hwsim/test_sae.py index da694da15..473473a44 100644 --- a/tests/hwsim/test_sae.py +++ b/tests/hwsim/test_sae.py @@ -18,6 +18,8 @@ from test_ap_psk import find_wpas_process, read_process_memory, verify_not_prese def test_sae(dev, apdev): """SAE with default group""" + if "SAE" not in dev[0].get_capability("auth_alg"): + raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE' @@ -39,6 +41,8 @@ def test_sae(dev, apdev): def test_sae_pmksa_caching(dev, apdev): """SAE and PMKSA caching""" + if "SAE" not in dev[0].get_capability("auth_alg"): + raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE' @@ -55,6 +59,8 @@ def test_sae_pmksa_caching(dev, apdev): def test_sae_pmksa_caching_disabled(dev, apdev): """SAE and PMKSA caching disabled""" + if "SAE" not in dev[0].get_capability("auth_alg"): + raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE' @@ -72,6 +78,8 @@ def test_sae_pmksa_caching_disabled(dev, apdev): def test_sae_groups(dev, apdev): """SAE with all supported groups""" + if "SAE" not in dev[0].get_capability("auth_alg"): + raise HwsimSkip("SAE not supported") # This would be the full list of supported groups, but groups 14-16 # (2048-4096 bit MODP) are a bit too slow on some VMs and can result in # hitting mac80211 authentication timeout, so skip them for now. @@ -95,6 +103,8 @@ def test_sae_groups(dev, apdev): def test_sae_group_nego(dev, apdev): """SAE group negotiation""" + if "SAE" not in dev[0].get_capability("auth_alg"): + raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae-group-nego", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE' @@ -109,6 +119,8 @@ def test_sae_group_nego(dev, apdev): def test_sae_anti_clogging(dev, apdev): """SAE anti clogging""" + if "SAE" not in dev[0].get_capability("auth_alg"): + raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE' params['sae_anti_clogging_threshold'] = '1' @@ -128,6 +140,8 @@ def test_sae_anti_clogging(dev, apdev): def test_sae_forced_anti_clogging(dev, apdev): """SAE anti clogging (forced)""" + if "SAE" not in dev[0].get_capability("auth_alg"): + raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE WPA-PSK' params['sae_anti_clogging_threshold'] = '0' @@ -140,6 +154,8 @@ def test_sae_forced_anti_clogging(dev, apdev): def test_sae_mixed(dev, apdev): """Mixed SAE and non-SAE network""" + if "SAE" not in dev[0].get_capability("auth_alg"): + raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE WPA-PSK' params['sae_anti_clogging_threshold'] = '0' @@ -153,6 +169,8 @@ def test_sae_mixed(dev, apdev): def test_sae_missing_password(dev, apdev): """SAE and missing password""" + if "SAE" not in dev[0].get_capability("auth_alg"): + raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") params['wpa_key_mgmt'] = 'SAE' @@ -169,6 +187,8 @@ def test_sae_missing_password(dev, apdev): def test_sae_key_lifetime_in_memory(dev, apdev, params): """SAE and key lifetime in memory""" + if "SAE" not in dev[0].get_capability("auth_alg"): + raise HwsimSkip("SAE not supported") password = "5ad144a7c1f5a5503baa6fa01dabc15b1843e8c01662d78d16b70b5cd23cf8b" p = hostapd.wpa2_params(ssid="test-sae", passphrase=password) p['wpa_key_mgmt'] = 'SAE' diff --git a/tests/hwsim/test_wpas_mesh.py b/tests/hwsim/test_wpas_mesh.py index d1de8d8e2..9140ef7c7 100644 --- a/tests/hwsim/test_wpas_mesh.py +++ b/tests/hwsim/test_wpas_mesh.py @@ -14,10 +14,12 @@ import hwsim_utils from wpasupplicant import WpaSupplicant from utils import HwsimSkip -def check_mesh_support(dev): +def check_mesh_support(dev, secure=False): flags = int(dev.get_driver_status_field('capa.flags'), 16) if flags & 0x100000000 == 0: raise HwsimSkip("Driver does not support mesh") + if secure and "SAE" not in dev.get_capability("auth_alg"): + raise HwsimSkip("SAE not supported") def check_mesh_scan(dev, params, other_started=False, beacon_int=0): if not other_started: @@ -232,7 +234,7 @@ def add_mesh_secure_net(dev, psk=True): def test_wpas_mesh_secure(dev, apdev): """wpa_supplicant secure MESH network connectivity""" - check_mesh_support(dev[0]) + check_mesh_support(dev[0], secure=True) dev[0].request("SET sae_groups ") id = add_mesh_secure_net(dev[0]) dev[0].mesh_group_add(id) @@ -254,7 +256,7 @@ def test_wpas_mesh_secure(dev, apdev): def test_wpas_mesh_secure_sae_group_mismatch(dev, apdev): """wpa_supplicant secure MESH and SAE group mismatch""" - check_mesh_support(dev[0]) + check_mesh_support(dev[0], secure=True) addr0 = dev[0].p2p_interface_addr() addr1 = dev[1].p2p_interface_addr() addr2 = dev[2].p2p_interface_addr() @@ -305,7 +307,7 @@ def test_wpas_mesh_secure_sae_group_mismatch(dev, apdev): def test_wpas_mesh_secure_sae_missing_password(dev, apdev): """wpa_supplicant secure MESH and missing SAE password""" - check_mesh_support(dev[0]) + check_mesh_support(dev[0], secure=True) id = add_mesh_secure_net(dev[0], psk=False) dev[0].set_network(id, "psk", "8f20b381f9b84371d61b5080ad85cac3c61ab3ca9525be5b2d0f4da3d979187a") dev[0].mesh_group_add(id) @@ -321,7 +323,7 @@ def test_wpas_mesh_secure_sae_missing_password(dev, apdev): def test_wpas_mesh_secure_no_auto(dev, apdev): """wpa_supplicant secure MESH network connectivity""" - check_mesh_support(dev[0]) + check_mesh_support(dev[0], secure=True) dev[0].request("SET sae_groups 19") id = add_mesh_secure_net(dev[0]) dev[0].mesh_group_add(id)