wifi: Indicate AUTH_FAILURE for WEP password error

For WEP password error, supplicant reports ASSOC_REJECT, this
will not indicate password error to GUI and instead bssid is added
to blacklist on continous failures.

Similar to WPA3, check the status code in Assoc reject event
and if it is "Authentication rejected because of challenge failure",
indicate AUTH_FAILURE for WEP password error.

Bug: 153923670
Test: Manual - Try Connecting to wpa3 and wep network with wrong password
Test: atest com.android.server.wifi
CRs-Fixed: 2433524
Change-Id: Ibe0902ee832504013c2017ecc2442f4580b847e3

2 files changed, 53 insertions, 22 deletions

diff --git a/service/java/com/android/server/wifi/SupplicantStaIfaceCallbackImpl.java b/service/java/com/android/server/wifi/SupplicantStaIfaceCallbackImpl.java
index 2d78514e4..92ba43b4c 100644
--- a/service/java/com/android/server/wifi/SupplicantStaIfaceCallbackImpl.java
+++ b/service/java/com/android/server/wifi/SupplicantStaIfaceCallbackImpl.java
@@ -258,29 +258,36 @@ abstract class SupplicantStaIfaceCallbackImpl extends ISupplicantStaIfaceCallbac
     public void onAssociationRejected(byte[/* 6 */] bssid, int statusCode, boolean timedOut) {
         synchronized (mLock) {
             mStaIfaceHal.logCallback("onAssociationRejected");
+            boolean isWrongPwd = false;
             WifiConfiguration curConfiguration =
                     mStaIfaceHal.getCurrentNetworkLocalConfig(mIfaceName);
 
-            if (curConfiguration != null && !timedOut) {
-                Log.d(TAG, "flush PMK cache due to association rejection for config id "
-                        + curConfiguration.networkId + ".");
-                mStaIfaceHal.removePmkCacheEntry(curConfiguration.networkId);
-            }
-
-            if (statusCode == StatusCode.UNSPECIFIED_FAILURE) {
-                if (curConfiguration != null
-                        && curConfiguration.allowedKeyManagement
-                                .get(WifiConfiguration.KeyMgmt.SAE)) {
-                    // Special handling for WPA3-Personal networks. If the password is
-                    // incorrect, the AP will send association rejection, with status code 1
-                    // (unspecified failure). In SAE networks, the password authentication
-                    // is not related to the 4-way handshake. In this case, we will send an
-                    // authentication failure event up.
+            if (curConfiguration != null) {
+                if (!timedOut) {
+                    Log.d(TAG, "flush PMK cache due to association rejection for config id "
+                            + curConfiguration.networkId + ".");
+                    mStaIfaceHal.removePmkCacheEntry(curConfiguration.networkId);
+                }
+                // Special handling for WPA3-Personal networks. If the password is
+                // incorrect, the AP will send association rejection, with status code 1
+                // (unspecified failure). In SAE networks, the password authentication
+                // is not related to the 4-way handshake. In this case, we will send an
+                // authentication failure event up.
+                if (statusCode == StatusCode.UNSPECIFIED_FAILURE
+                        && WifiConfigurationUtil.isConfigForSaeNetwork(curConfiguration)) {
                     mStaIfaceHal.logCallback("SAE incorrect password");
-                    mWifiMonitor.broadcastAuthenticationFailureEvent(
-                            mIfaceName, WifiManager.ERROR_AUTH_FAILURE_WRONG_PSWD, -1);
+                    isWrongPwd = true;
+                } else if (statusCode == StatusCode.CHALLENGE_FAIL
+                        && WifiConfigurationUtil.isConfigForWepNetwork(curConfiguration)) {
+                    mStaIfaceHal.logCallback("WEP incorrect password");
+                    isWrongPwd = true;
                 }
             }
+
+            if (isWrongPwd) {
+                mWifiMonitor.broadcastAuthenticationFailureEvent(
+                        mIfaceName, WifiManager.ERROR_AUTH_FAILURE_WRONG_PSWD, -1);
+            }
             mWifiMonitor
                     .broadcastAssociationRejectionEvent(
                             mIfaceName, statusCode, timedOut,
diff --git a/tests/wifitests/src/com/android/server/wifi/SupplicantStaIfaceHalTest.java b/tests/wifitests/src/com/android/server/wifi/SupplicantStaIfaceHalTest.java
index ad2eac8a8..39f6876df 100644
--- a/tests/wifitests/src/com/android/server/wifi/SupplicantStaIfaceHalTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/SupplicantStaIfaceHalTest.java
@@ -1063,12 +1063,12 @@ public class SupplicantStaIfaceHalTest extends WifiBaseTest {
      * Tests the handling of incorrect network passwords for WPA3-Personal networks
      */
     @Test
-    public void testAuthRejectionPassword() throws Exception {
+    public void testWpa3AuthRejectionPassword() throws Exception {
         executeAndValidateInitializationSequence();
         assertNotNull(mISupplicantStaIfaceCallback);
 
         executeAndValidateConnectSequenceWithKeyMgmt(SUPPLICANT_NETWORK_ID, false,
-                WifiConfiguration.KeyMgmt.SAE);
+                WifiConfiguration.KeyMgmt.SAE, null);
 
         int statusCode = ISupplicantStaIfaceCallback.StatusCode.UNSPECIFIED_FAILURE;
 
@@ -1081,6 +1081,27 @@ public class SupplicantStaIfaceHalTest extends WifiBaseTest {
     }
 
     /**
+     * Tests the handling of incorrect network passwords for WEP networks.
+     */
+    @Test
+    public void testWepAuthRejectionPassword() throws Exception {
+        executeAndValidateInitializationSequence();
+        assertNotNull(mISupplicantStaIfaceCallback);
+
+        executeAndValidateConnectSequenceWithKeyMgmt(SUPPLICANT_NETWORK_ID, false,
+                WifiConfiguration.KeyMgmt.NONE, "97CA326539");
+
+        int statusCode = ISupplicantStaIfaceCallback.StatusCode.CHALLENGE_FAIL;
+
+        mISupplicantStaIfaceCallback.onAssociationRejected(
+                NativeUtil.macAddressToByteArray(BSSID), statusCode, false);
+        verify(mWifiMonitor).broadcastAuthenticationFailureEvent(eq(WLAN0_IFACE_NAME),
+                eq(WifiManager.ERROR_AUTH_FAILURE_WRONG_PSWD), eq(-1));
+        verify(mWifiMonitor).broadcastAssociationRejectionEvent(
+                eq(WLAN0_IFACE_NAME), eq(statusCode), eq(false), eq(BSSID));
+    }
+
+    /**
      * Tests the handling of incorrect network passwords, edge case.
      *
      * If the network is removed during 4-way handshake, do not call it a password mismatch.
@@ -2366,7 +2387,7 @@ public class SupplicantStaIfaceHalTest extends WifiBaseTest {
     private WifiConfiguration executeAndValidateConnectSequence(
             final int newFrameworkNetworkId, final boolean haveExistingNetwork) throws Exception {
         return executeAndValidateConnectSequenceWithKeyMgmt(newFrameworkNetworkId,
-                haveExistingNetwork, WifiConfiguration.KeyMgmt.WPA_PSK);
+                haveExistingNetwork, WifiConfiguration.KeyMgmt.WPA_PSK, null);
     }
 
     /**
@@ -2374,16 +2395,19 @@ public class SupplicantStaIfaceHalTest extends WifiBaseTest {
      *
      * @param newFrameworkNetworkId Framework Network Id of the new network to connect.
      * @param haveExistingNetwork Removes the existing network.
-     * @param keyMgmt Key management of the new network
+     * @param keyMgmt Key management of the new network.
+     * @param wepKey if configurations are for a WEP network else null.
      * @return the WifiConfiguration object of the new network to connect.
      */
     private WifiConfiguration executeAndValidateConnectSequenceWithKeyMgmt(
             final int newFrameworkNetworkId, final boolean haveExistingNetwork,
-            int keyMgmt) throws Exception {
+            int keyMgmt, String wepKey) throws Exception {
         setupMocksForConnectSequence(haveExistingNetwork);
         WifiConfiguration config = new WifiConfiguration();
         config.networkId = newFrameworkNetworkId;
         config.allowedKeyManagement.set(keyMgmt);
+        config.wepKeys[0] = wepKey;
+        config.wepTxKeyIndex = 0;
         assertTrue(mDut.connectToNetwork(WLAN0_IFACE_NAME, config));
         validateConnectSequence(haveExistingNetwork, 1);
         return config;