From b9749b6aaa1373b936000843c943c6f46226e9ba Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 11 Jan 2015 19:42:57 +0200
Subject: [PATCH] tests: Verify that SAE is supported for test cases requiring
 it

This makes it more convenient to run tests with wpa_supplicant builds
that do not support SAE (e.g., due to crypto library not providing
sufficient functionality for this).

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 tests/hwsim/test_ap_ft.py     |  4 ++++
 tests/hwsim/test_ap_mixed.py  | 29 ++++++++++++++++++-----------
 tests/hwsim/test_sae.py       | 20 ++++++++++++++++++++
 tests/hwsim/test_wpas_mesh.py | 12 +++++++-----
 4 files changed, 49 insertions(+), 16 deletions(-)

diff --git a/tests/hwsim/test_ap_ft.py b/tests/hwsim/test_ap_ft.py
index b001262..648f123 100644
--- a/tests/hwsim/test_ap_ft.py
+++ b/tests/hwsim/test_ap_ft.py
@@ -267,6 +267,8 @@ def test_ap_ft_over_ds_pull(dev, apdev):
 
 def test_ap_ft_sae(dev, apdev):
     """WPA2-PSK-FT-SAE AP"""
+    if "SAE" not in dev[0].get_capability("auth_alg"):
+        raise HwsimSkip("SAE not supported")
     ssid = "test-ft"
     passphrase="12345678"
 
@@ -285,6 +287,8 @@ def test_ap_ft_sae(dev, apdev):
 
 def test_ap_ft_sae_over_ds(dev, apdev):
     """WPA2-PSK-FT-SAE AP over DS"""
+    if "SAE" not in dev[0].get_capability("auth_alg"):
+        raise HwsimSkip("SAE not supported")
     ssid = "test-ft"
     passphrase="12345678"
 
diff --git a/tests/hwsim/test_ap_mixed.py b/tests/hwsim/test_ap_mixed.py
index 0173f51..4121f02 100644
--- a/tests/hwsim/test_ap_mixed.py
+++ b/tests/hwsim/test_ap_mixed.py
@@ -12,6 +12,7 @@ import hwsim_utils
 
 def test_ap_mixed_security(dev, apdev):
     """WPA/WPA2 with PSK, EAP, SAE, FT in a single BSS"""
+    sae = "SAE" in dev[0].get_capability("auth_alg")
     ssid = "test-mixed"
     passphrase = 'qwertyuiop'
     params = hostapd.wpa_mixed_params(ssid=ssid, passphrase=passphrase)
@@ -28,12 +29,13 @@ def test_ap_mixed_security(dev, apdev):
                    identity="gpsk user",
                    password="abcdefghijklmnop0123456789abcdef",
                    scan_freq="2412")
-    dev[2].connect(ssid, psk=passphrase, key_mgmt="SAE", scan_freq="2412")
+    if sae:
+        dev[2].connect(ssid, psk=passphrase, key_mgmt="SAE", scan_freq="2412")
 
     bss = dev[0].get_bss(apdev[0]['bssid'])
     if "[WPA-EAP+PSK-TKIP]" not in bss['flags']:
         raise Exception("Unexpected flags (WPA): " + bss['flags'])
-    if "[WPA2-EAP+PSK+SAE+FT/EAP+FT/PSK+FT/SAE+EAP-SHA256+PSK-SHA256-CCMP]" not in bss['flags']:
+    if sae and "[WPA2-EAP+PSK+SAE+FT/EAP+FT/PSK+FT/SAE+EAP-SHA256+PSK-SHA256-CCMP]" not in bss['flags']:
         raise Exception("Unexpected flags (WPA2): " + bss['flags'])
 
     if dev[0].get_status_field("key_mgmt") != "WPA-PSK":
@@ -42,14 +44,16 @@ def test_ap_mixed_security(dev, apdev):
         raise Exception("Unexpected pairwise(1)")
     if dev[1].get_status_field("key_mgmt") != "WPA2-EAP-SHA256":
         raise Exception("Unexpected key_mgmt(2)")
-    if dev[2].get_status_field("key_mgmt") != "SAE":
+    if sae and dev[2].get_status_field("key_mgmt") != "SAE":
         raise Exception("Unexpected key_mgmt(3)")
 
     hwsim_utils.test_connectivity(dev[0], dev[1])
-    hwsim_utils.test_connectivity(dev[1], dev[2])
-    hwsim_utils.test_connectivity(dev[0], dev[2])
+    if sae:
+        hwsim_utils.test_connectivity(dev[1], dev[2])
+        hwsim_utils.test_connectivity(dev[0], dev[2])
     for i in range(3):
-        hwsim_utils.test_connectivity(dev[i], hapd)
+        if i < 2 or sae:
+            hwsim_utils.test_connectivity(dev[i], hapd)
         dev[i].request("DISCONNECT")
 
     dev[0].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256", psk=passphrase,
@@ -58,8 +62,9 @@ def test_ap_mixed_security(dev, apdev):
                    identity="gpsk user",
                    password="abcdefghijklmnop0123456789abcdef",
                    scan_freq="2412")
-    dev[2].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256 SAE", psk=passphrase,
-                   scan_freq="2412")
+    if sae:
+        dev[2].connect(ssid, key_mgmt="WPA-PSK WPA-PSK-SHA256 SAE",
+                       psk=passphrase, scan_freq="2412")
 
     if dev[0].get_status_field("key_mgmt") != "WPA2-PSK-SHA256":
         raise Exception("Unexpected key_mgmt(1b)")
@@ -67,7 +72,7 @@ def test_ap_mixed_security(dev, apdev):
         raise Exception("Unexpected pairwise(1b)")
     if dev[1].get_status_field("key_mgmt") != "WPA/IEEE 802.1X/EAP":
         raise Exception("Unexpected key_mgmt(2b)")
-    if dev[2].get_status_field("key_mgmt") != "SAE":
+    if sae and dev[2].get_status_field("key_mgmt") != "SAE":
         raise Exception("Unexpected key_mgmt(3b)")
 
     for i in range(3):
@@ -77,11 +82,13 @@ def test_ap_mixed_security(dev, apdev):
     dev[1].connect(ssid, key_mgmt="FT-EAP", eap="GPSK", identity="gpsk user",
                    password="abcdefghijklmnop0123456789abcdef",
                    scan_freq="2412")
-    dev[2].connect(ssid, psk=passphrase, key_mgmt="FT-SAE", scan_freq="2412")
+    if sae:
+        dev[2].connect(ssid, psk=passphrase, key_mgmt="FT-SAE",
+                       scan_freq="2412")
 
     if dev[0].get_status_field("key_mgmt") != "FT-PSK":
         raise Exception("Unexpected key_mgmt(1c)")
     if dev[1].get_status_field("key_mgmt") != "FT-EAP":
         raise Exception("Unexpected key_mgmt(2c)")
-    if dev[2].get_status_field("key_mgmt") != "FT-SAE":
+    if sae and dev[2].get_status_field("key_mgmt") != "FT-SAE":
         raise Exception("Unexpected key_mgmt(3c)")
diff --git a/tests/hwsim/test_sae.py b/tests/hwsim/test_sae.py
index da694da..473473a 100644
--- a/tests/hwsim/test_sae.py
+++ b/tests/hwsim/test_sae.py
@@ -18,6 +18,8 @@ from test_ap_psk import find_wpas_process, read_process_memory, verify_not_prese
 
 def test_sae(dev, apdev):
     """SAE with default group"""
+    if "SAE" not in dev[0].get_capability("auth_alg"):
+        raise HwsimSkip("SAE not supported")
     params = hostapd.wpa2_params(ssid="test-sae",
                                  passphrase="12345678")
     params['wpa_key_mgmt'] = 'SAE'
@@ -39,6 +41,8 @@ def test_sae(dev, apdev):
 
 def test_sae_pmksa_caching(dev, apdev):
     """SAE and PMKSA caching"""
+    if "SAE" not in dev[0].get_capability("auth_alg"):
+        raise HwsimSkip("SAE not supported")
     params = hostapd.wpa2_params(ssid="test-sae",
                                  passphrase="12345678")
     params['wpa_key_mgmt'] = 'SAE'
@@ -55,6 +59,8 @@ def test_sae_pmksa_caching(dev, apdev):
 
 def test_sae_pmksa_caching_disabled(dev, apdev):
     """SAE and PMKSA caching disabled"""
+    if "SAE" not in dev[0].get_capability("auth_alg"):
+        raise HwsimSkip("SAE not supported")
     params = hostapd.wpa2_params(ssid="test-sae",
                                  passphrase="12345678")
     params['wpa_key_mgmt'] = 'SAE'
@@ -72,6 +78,8 @@ def test_sae_pmksa_caching_disabled(dev, apdev):
 
 def test_sae_groups(dev, apdev):
     """SAE with all supported groups"""
+    if "SAE" not in dev[0].get_capability("auth_alg"):
+        raise HwsimSkip("SAE not supported")
     # This would be the full list of supported groups, but groups 14-16
     # (2048-4096 bit MODP) are a bit too slow on some VMs and can result in
     # hitting mac80211 authentication timeout, so skip them for now.
@@ -95,6 +103,8 @@ def test_sae_groups(dev, apdev):
 
 def test_sae_group_nego(dev, apdev):
     """SAE group negotiation"""
+    if "SAE" not in dev[0].get_capability("auth_alg"):
+        raise HwsimSkip("SAE not supported")
     params = hostapd.wpa2_params(ssid="test-sae-group-nego",
                                  passphrase="12345678")
     params['wpa_key_mgmt'] = 'SAE'
@@ -109,6 +119,8 @@ def test_sae_group_nego(dev, apdev):
 
 def test_sae_anti_clogging(dev, apdev):
     """SAE anti clogging"""
+    if "SAE" not in dev[0].get_capability("auth_alg"):
+        raise HwsimSkip("SAE not supported")
     params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
     params['wpa_key_mgmt'] = 'SAE'
     params['sae_anti_clogging_threshold'] = '1'
@@ -128,6 +140,8 @@ def test_sae_anti_clogging(dev, apdev):
 
 def test_sae_forced_anti_clogging(dev, apdev):
     """SAE anti clogging (forced)"""
+    if "SAE" not in dev[0].get_capability("auth_alg"):
+        raise HwsimSkip("SAE not supported")
     params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
     params['wpa_key_mgmt'] = 'SAE WPA-PSK'
     params['sae_anti_clogging_threshold'] = '0'
@@ -140,6 +154,8 @@ def test_sae_forced_anti_clogging(dev, apdev):
 
 def test_sae_mixed(dev, apdev):
     """Mixed SAE and non-SAE network"""
+    if "SAE" not in dev[0].get_capability("auth_alg"):
+        raise HwsimSkip("SAE not supported")
     params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
     params['wpa_key_mgmt'] = 'SAE WPA-PSK'
     params['sae_anti_clogging_threshold'] = '0'
@@ -153,6 +169,8 @@ def test_sae_mixed(dev, apdev):
 
 def test_sae_missing_password(dev, apdev):
     """SAE and missing password"""
+    if "SAE" not in dev[0].get_capability("auth_alg"):
+        raise HwsimSkip("SAE not supported")
     params = hostapd.wpa2_params(ssid="test-sae",
                                  passphrase="12345678")
     params['wpa_key_mgmt'] = 'SAE'
@@ -169,6 +187,8 @@ def test_sae_missing_password(dev, apdev):
 
 def test_sae_key_lifetime_in_memory(dev, apdev, params):
     """SAE and key lifetime in memory"""
+    if "SAE" not in dev[0].get_capability("auth_alg"):
+        raise HwsimSkip("SAE not supported")
     password = "5ad144a7c1f5a5503baa6fa01dabc15b1843e8c01662d78d16b70b5cd23cf8b"
     p = hostapd.wpa2_params(ssid="test-sae", passphrase=password)
     p['wpa_key_mgmt'] = 'SAE'
diff --git a/tests/hwsim/test_wpas_mesh.py b/tests/hwsim/test_wpas_mesh.py
index d1de8d8..9140ef7 100644
--- a/tests/hwsim/test_wpas_mesh.py
+++ b/tests/hwsim/test_wpas_mesh.py
@@ -14,10 +14,12 @@ import hwsim_utils
 from wpasupplicant import WpaSupplicant
 from utils import HwsimSkip
 
-def check_mesh_support(dev):
+def check_mesh_support(dev, secure=False):
     flags = int(dev.get_driver_status_field('capa.flags'), 16)
     if flags & 0x100000000 == 0:
         raise HwsimSkip("Driver does not support mesh")
+    if secure and "SAE" not in dev.get_capability("auth_alg"):
+        raise HwsimSkip("SAE not supported")
 
 def check_mesh_scan(dev, params, other_started=False, beacon_int=0):
     if not other_started:
@@ -232,7 +234,7 @@ def add_mesh_secure_net(dev, psk=True):
 
 def test_wpas_mesh_secure(dev, apdev):
     """wpa_supplicant secure MESH network connectivity"""
-    check_mesh_support(dev[0])
+    check_mesh_support(dev[0], secure=True)
     dev[0].request("SET sae_groups ")
     id = add_mesh_secure_net(dev[0])
     dev[0].mesh_group_add(id)
@@ -254,7 +256,7 @@ def test_wpas_mesh_secure(dev, apdev):
 
 def test_wpas_mesh_secure_sae_group_mismatch(dev, apdev):
     """wpa_supplicant secure MESH and SAE group mismatch"""
-    check_mesh_support(dev[0])
+    check_mesh_support(dev[0], secure=True)
     addr0 = dev[0].p2p_interface_addr()
     addr1 = dev[1].p2p_interface_addr()
     addr2 = dev[2].p2p_interface_addr()
@@ -305,7 +307,7 @@ def test_wpas_mesh_secure_sae_group_mismatch(dev, apdev):
 
 def test_wpas_mesh_secure_sae_missing_password(dev, apdev):
     """wpa_supplicant secure MESH and missing SAE password"""
-    check_mesh_support(dev[0])
+    check_mesh_support(dev[0], secure=True)
     id = add_mesh_secure_net(dev[0], psk=False)
     dev[0].set_network(id, "psk", "8f20b381f9b84371d61b5080ad85cac3c61ab3ca9525be5b2d0f4da3d979187a")
     dev[0].mesh_group_add(id)
@@ -321,7 +323,7 @@ def test_wpas_mesh_secure_sae_missing_password(dev, apdev):
 
 def test_wpas_mesh_secure_no_auto(dev, apdev):
     """wpa_supplicant secure MESH network connectivity"""
-    check_mesh_support(dev[0])
+    check_mesh_support(dev[0], secure=True)
     dev[0].request("SET sae_groups 19")
     id = add_mesh_secure_net(dev[0])
     dev[0].mesh_group_add(id)
-- 
2.1.4