[PATCH 19/20] tests: Add Security profile tests for profiles 8 and 9.

Andrei Otcheretianski andrei.otcheretianski at intel.com
Wed Jun 10 06:12:12 PDT 2026 

From: Ilan Peer <ilan.peer at intel.com>

Add tests to OWE and SAE testing to cover the usage
of security profiles 8 and 9.

Signed-off-by: Ilan Peer <ilan.peer at intel.com>
---
 tests/hwsim/test_owe.py | 23 +++++++++++++++++++++++
 tests/hwsim/test_sae.py | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+)

diff --git a/tests/hwsim/test_owe.py b/tests/hwsim/test_owe.py
index 891dd011a6..9da3480e1c 100644
--- a/tests/hwsim/test_owe.py
+++ b/tests/hwsim/test_owe.py
@@ -1191,3 +1191,26 @@ def test_owe_sa_query(dev, apdev):
     dev[0].request("PMKSA_FLUSH")
     dev[0].request("REASSOCIATE")
     dev[0].wait_connected(timeout=10, error="Timeout on re-connection")
+
+def test_owe_security_profile(dev, apdev):
+    """OWE with AP advertising Security Profile element (profile 8)"""
+    check_owe_capab(dev[0])
+    ssid = "test-owe-sec-profile"
+
+    params = {"ssid": ssid,
+              "wpa": "2",
+              "ieee80211w": "2",
+              "wpa_key_mgmt": "OWE",
+              "rsn_pairwise": "GCMP-256",
+              "group_cipher": "GCMP-256",
+              "sec_profile_enabled": "1"}
+    hapd = hostapd.add_ap(apdev[0], params)
+
+    dev[0].connect(ssid, key_mgmt="OWE", owe_group="19",
+                   pairwise="GCMP-256", group="GCMP-256",
+                   ieee80211w="2", scan_freq="2412")
+    hapd.wait_sta()
+
+    val = dev[0].get_status_field("matched_sec_profile")
+    if val != "8":
+        raise Exception("Unexpected matched_sec_profile: " + str(val))
diff --git a/tests/hwsim/test_sae.py b/tests/hwsim/test_sae.py
index 5b04b9268b..4697924901 100644
--- a/tests/hwsim/test_sae.py
+++ b/tests/hwsim/test_sae.py
@@ -3834,3 +3834,37 @@ def test_sae_pmksa_caching_ap_lost_entry(dev, apdev):
     hapd.request("PMKSA_FLUSH");
     dev[0].request("RECONNECT")
     dev[0].wait_connected(timeout=15, error="Reconnect timed out")
+
+def test_sae_ext_key_security_profile(dev, apdev):
+    """SAE-EXT-KEY with AP advertising Security Profile element (profile 9)"""
+    check_sae_capab(dev[0])
+    ssid = "test-sae-sec-profile"
+    passphrase = "12345678"
+    group = 19
+
+    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
+    params['wpa_key_mgmt'] = 'SAE-EXT-KEY'
+    params['sae_groups'] = str(group)
+    params['sae_pwe'] = '2'
+    params['ieee80211w'] = '2'
+    params['rsn_pairwise'] = 'GCMP-256'
+    params['group_cipher'] = 'GCMP-256'
+    params['sec_profile_enabled'] = '1'
+    hapd = hostapd.add_ap(apdev[0], params)
+
+    try:
+        dev[0].set("sae_groups", str(group))
+        dev[0].set("sae_pwe", "1")
+        dev[0].connect(ssid, psk=passphrase, key_mgmt="SAE-EXT-KEY",
+                       pairwise="GCMP-256", group="GCMP-256",
+                       ieee80211w="2", scan_freq="2412")
+        hapd.wait_sta()
+        if dev[0].get_status_field('sae_group') != str(group):
+            raise Exception("Expected SAE group not used")
+
+        val = dev[0].get_status_field("matched_sec_profile")
+        if val != "9":
+            raise Exception("Unexpected matched_sec_profile: " + str(val))
+    finally:
+        dev[0].set("sae_groups", "")
+        dev[0].set("sae_pwe", "0")
-- 
2.53.0

More information about the Hostap mailing list