tests: Skip WPA(V1) test cases in FIPS mode

Signed-off-by: Jouni Malinen <j@w1.fi>

tests/hwsim/test_ap_acs.py

@@ -1,5 +1,5 @@
 # Test cases for automatic channel selection with hostapd
-# Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
+# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
 #
 # This software may be distributed under the terms of the BSD license.
 # See README for more details.
@@ -10,6 +10,7 @@ import subprocess
 import time
 
 import hostapd
+from utils import skip_with_fips
 from test_ap_ht import clear_scan_cache
 
 def force_prev_ap_on_24g(ap):
@@ -89,6 +90,7 @@ def test_ap_acs_chanlist(dev, apdev):
 
 def test_ap_multi_bss_acs(dev, apdev):
     """hostapd start with a multi-BSS configuration file using ACS"""
+    skip_with_fips(dev[0])
     ifname = apdev[0]['ifname']
     force_prev_ap_on_24g(apdev[0])
 

tests/hwsim/test_ap_ciphers.py

@@ -1,5 +1,5 @@
 # Cipher suite tests
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
+# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
 #
 # This software may be distributed under the terms of the BSD license.
 # See README for more details.
@@ -11,7 +11,7 @@ import os.path
 
 import hwsim_utils
 import hostapd
-from utils import HwsimSkip
+from utils import HwsimSkip, skip_with_fips
 from wlantest import Wlantest
 
 def check_cipher(dev, ap, cipher):
@@ -63,10 +63,12 @@ def check_group_mgmt_cipher(dev, ap, cipher):
 
 def test_ap_cipher_tkip(dev, apdev):
     """WPA2-PSK/TKIP connection"""
+    skip_with_fips(dev[0])
     check_cipher(dev[0], apdev[0], "TKIP")
 
 def test_ap_cipher_tkip_countermeasures_ap(dev, apdev):
     """WPA-PSK/TKIP countermeasures (detected by AP)"""
+    skip_with_fips(dev[0])
     testfile = "/sys/kernel/debug/ieee80211/%s/netdev:%s/tkip_mic_test" % (dev[0].get_driver_status_field("phyname"), dev[0].ifname)
     if not os.path.exists(testfile):
         raise HwsimSkip("tkip_mic_test not supported in mac80211")
@@ -100,6 +102,7 @@ def test_ap_cipher_tkip_countermeasures_ap(dev, apdev):
 
 def test_ap_cipher_tkip_countermeasures_sta(dev, apdev):
     """WPA-PSK/TKIP countermeasures (detected by STA)"""
+    skip_with_fips(dev[0])
     params = { "ssid": "tkip-countermeasures",
                "wpa_passphrase": "12345678",
                "wpa": "1",
@@ -149,6 +152,7 @@ def test_ap_cipher_gcmp_256(dev, apdev):
 
 def test_ap_cipher_mixed_wpa_wpa2(dev, apdev):
     """WPA2-PSK/CCMP/ and WPA-PSK/TKIP mixed configuration"""
+    skip_with_fips(dev[0])
     ssid = "test-wpa-wpa2-psk"
     passphrase = "12345678"
     params = { "ssid": ssid,

tests/hwsim/test_ap_mixed.py

@@ -9,9 +9,11 @@ logger = logging.getLogger()
 
 import hostapd
 import hwsim_utils
+from utils import skip_with_fips
 
 def test_ap_mixed_security(dev, apdev):
     """WPA/WPA2 with PSK, EAP, SAE, FT in a single BSS"""
+    skip_with_fips(dev[0])
     dev[0].flush_scan_cache()
     sae = "SAE" in dev[0].get_capability("auth_alg")
     ssid = "test-mixed"

tests/hwsim/test_ap_psk.py

@@ -17,7 +17,7 @@ import subprocess
 import time
 
 import hostapd
-from utils import HwsimSkip, fail_test
+from utils import HwsimSkip, fail_test, skip_with_fips
 import hwsim_utils
 from wpasupplicant import WpaSupplicant
 
@@ -162,6 +162,7 @@ def test_ap_wpa2_sha256_ptk_rekey_ap(dev, apdev):
 
 def test_ap_wpa_ptk_rekey(dev, apdev):
     """WPA-PSK/TKIP AP and PTK rekey enforced by station"""
+    skip_with_fips(dev[0])
     ssid = "test-wpa-psk"
     passphrase = 'qwertyuiop'
     params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
@@ -176,6 +177,7 @@ def test_ap_wpa_ptk_rekey(dev, apdev):
 
 def test_ap_wpa_ptk_rekey_ap(dev, apdev):
     """WPA-PSK/TKIP AP and PTK rekey enforced by AP"""
+    skip_with_fips(dev[0])
     ssid = "test-wpa-psk"
     passphrase = 'qwertyuiop'
     params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
@@ -294,6 +296,7 @@ def test_ap_wpa2_gtk_rekey(dev, apdev):
 
 def test_ap_wpa_gtk_rekey(dev, apdev):
     """WPA-PSK/TKIP AP and GTK rekey enforced by AP"""
+    skip_with_fips(dev[0])
     ssid = "test-wpa-psk"
     passphrase = 'qwertyuiop'
     params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)
@@ -1917,6 +1920,7 @@ def test_ap_wpa2_psk_incorrect_passphrase(dev, apdev):
 
 def test_ap_wpa_ie_parsing(dev, apdev):
     """WPA IE parsing"""
+    skip_with_fips(dev[0])
     ssid = "test-wpa-psk"
     passphrase = 'qwertyuiop'
     params = hostapd.wpa_params(ssid=ssid, passphrase=passphrase)

tests/hwsim/test_ap_tdls.py

@@ -13,7 +13,7 @@ import hwsim_utils
 from hostapd import HostapdGlobal
 from hostapd import Hostapd
 import hostapd
-from utils import HwsimSkip
+from utils import HwsimSkip, skip_with_fips
 from wlantest import Wlantest
 
 def start_ap_wpa2_psk(ifname):
@@ -271,6 +271,7 @@ def test_ap_wpa2_tdls_wrong_tpk_m3_mic(dev, apdev):
 
 def test_ap_wpa_tdls(dev, apdev):
     """WPA-PSK AP and two stations using TDLS"""
+    skip_with_fips(dev[0])
     hapd = hostapd.add_ap(apdev[0]['ifname'],
                           hostapd.wpa_params(ssid="test-wpa-psk",
                                              passphrase="12345678"))
@@ -282,6 +283,7 @@ def test_ap_wpa_tdls(dev, apdev):
 
 def test_ap_wpa_mixed_tdls(dev, apdev):
     """WPA+WPA2-PSK AP and two stations using TDLS"""
+    skip_with_fips(dev[0])
     hapd = hostapd.add_ap(apdev[0]['ifname'],
                           hostapd.wpa_mixed_params(ssid="test-wpa-mixed-psk",
                                                    passphrase="12345678"))

tests/hwsim/test_ap_wps.py

@@ -1,5 +1,5 @@
 # WPS tests
-# Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
+# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
 #
 # This software may be distributed under the terms of the BSD license.
 # See README for more details.
@@ -21,7 +21,7 @@ import StringIO
 import hwsim_utils
 import hostapd
 from wpasupplicant import WpaSupplicant
-from utils import HwsimSkip, alloc_fail
+from utils import HwsimSkip, alloc_fail, skip_with_fips
 
 def test_ap_wps_init(dev, apdev):
     """Initial AP configuration with first WPS Enrollee"""
@@ -609,6 +609,7 @@ def test_ap_wps_reg_config_ext_processing(dev, apdev):
 
 def test_ap_wps_reg_config_tkip(dev, apdev):
     """WPS registrar configuring AP to use TKIP and AP upgrading to TKIP+CCMP"""
+    skip_with_fips(dev[0])
     ssid = "test-wps-init-ap"
     appin = "12345670"
     hostapd.add_ap(apdev[0]['ifname'],

tests/hwsim/test_hapd_ctrl.py

@@ -5,6 +5,7 @@
 # See README for more details.
 
 import hostapd
+from utils import skip_with_fips
 
 def test_hapd_ctrl_status(dev, apdev):
     """hostapd ctrl_iface STATUS commands"""
@@ -485,6 +486,7 @@ def test_hapd_dup_network_global_wpa2(dev, apdev):
 
 def test_hapd_dup_network_global_wpa(dev, apdev):
     """hostapd and DUP_NETWORK command (WPA)"""
+    skip_with_fips(dev[0])
     psk = '602e323e077bc63bd80307ef4745b754b0ae0a925c2638ecd13a794b9527b9e6'
     src_ssid = "hapd-ctrl-src"
     dst_ssid = "hapd-ctrl-dst"

tests/hwsim/test_peerkey.py

@@ -1,5 +1,5 @@
 # PeerKey tests
-# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
+# Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
 #
 # This software may be distributed under the terms of the BSD license.
 # See README for more details.
@@ -10,6 +10,7 @@ import time
 
 import hwsim_utils
 import hostapd
+from utils import skip_with_fips
 from wlantest import Wlantest
 
 def test_peerkey(dev, apdev):
@@ -48,6 +49,7 @@ def test_peerkey_unknown_peer(dev, apdev):
 
 def test_peerkey_pairwise_mismatch(dev, apdev):
     """RSN TKIP+CCMP AP and PeerKey between two STAs using different ciphers"""
+    skip_with_fips(dev[0])
     wt = Wlantest()
     wt.flush()
     wt.add_passphrase("12345678")

tests/hwsim/test_wext.py

@@ -11,7 +11,7 @@ import os
 import hostapd
 import hwsim_utils
 from wpasupplicant import WpaSupplicant
-from utils import HwsimSkip
+from utils import HwsimSkip, skip_with_fips
 from test_rfkill import get_rfkill
 
 def get_wext_interface():
@@ -54,6 +54,7 @@ def test_wext_wpa2_psk(dev, apdev):
 
 def test_wext_wpa_psk(dev, apdev):
     """WEXT driver interface with WPA-PSK"""
+    skip_with_fips(dev[0])
     wpas = get_wext_interface()
 
     params = hostapd.wpa_params(ssid="wext-wpa-psk", passphrase="12345678")