From 7c62bccc6e143cb97d9b65f12adc74e724464b2f Mon Sep 17 00:00:00 2001
From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Thu, 24 Nov 2022 12:06:59 +0200
Subject: [PATCH] tests: SAE and preferred AP using wrong password

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---
 tests/hwsim/hostapd.py  | 12 ++++++++++++
 tests/hwsim/test_sae.py | 40 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+)

diff --git a/tests/hwsim/hostapd.py b/tests/hwsim/hostapd.py
index 9d5908174..f06c12c8d 100644
--- a/tests/hwsim/hostapd.py
+++ b/tests/hwsim/hostapd.py
@@ -703,6 +703,18 @@ def terminate(apdev):
     hapd_global = HostapdGlobal(apdev)
     hapd_global.terminate()
 
+def wpa3_params(ssid=None, password=None, wpa_key_mgmt="SAE",
+                ieee80211w="2"):
+    params = {"wpa": "2",
+              "wpa_key_mgmt": wpa_key_mgmt,
+              "ieee80211w": ieee80211w,
+              "rsn_pairwise": "CCMP"}
+    if ssid:
+        params["ssid"] = ssid
+    if password:
+        params["sae_password"] = password
+    return params
+
 def wpa2_params(ssid=None, passphrase=None, wpa_key_mgmt="WPA-PSK",
                 ieee80211w=None):
     params = {"wpa": "2",
diff --git a/tests/hwsim/test_sae.py b/tests/hwsim/test_sae.py
index 3da9332e8..90ffafe18 100644
--- a/tests/hwsim/test_sae.py
+++ b/tests/hwsim/test_sae.py
@@ -2982,3 +2982,43 @@ def run_sae_ext_key_h2e_rejected_group(dev, apdev, ap_groups, sta_groups,
     finally:
         dev[0].set("sae_groups", "")
         dev[0].set("sae_pwe", "0")
+
+def test_sae_pref_ap_wrong_password(dev, apdev):
+    """SAE and preferred AP using wrong password"""
+    check_sae_capab(dev[0])
+
+    params = hostapd.wpa3_params(ssid="test-sae", password="correct")
+    params['ieee80211n'] = '0'
+    hapd = hostapd.add_ap(apdev[0], params)
+
+    params = hostapd.wpa3_params(ssid="test-sae", password="wrong")
+    hapd2 = hostapd.add_ap(apdev[1], params)
+
+    dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
+    dev[0].scan_for_bss(hapd2.own_addr(), freq=2412)
+
+    dev[0].set("sae_groups", "")
+    dev[0].connect("test-sae", sae_password="correct", key_mgmt="SAE",
+                   ieee80211w="2", scan_freq="2412")
+
+def test_sae_pref_ap_wrong_password2(dev, apdev):
+    """SAE and preferred AP using wrong password (2)"""
+    check_sae_capab(dev[0])
+
+    params = hostapd.wpa3_params(ssid="test-sae", password="wrong")
+    hapd2 = hostapd.add_ap(apdev[1], params)
+
+    dev[0].scan_for_bss(hapd2.own_addr(), freq=2412)
+
+    dev[0].set("sae_groups", "")
+    dev[0].connect("test-sae", sae_password="correct", key_mgmt="SAE",
+                   ieee80211w="2", scan_freq="2412", wait_connect=False)
+    ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=30)
+    if ev is None:
+        raise Exception("Temporary disabled of SSID not seen")
+
+    params = hostapd.wpa3_params(ssid="test-sae", password="correct")
+    params['ieee80211n'] = '0'
+    hapd = hostapd.add_ap(apdev[0], params)
+
+    dev[0].wait_connected(timeout=40)