DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

SAE: Use Challenge Failure status code in confirm message failure cases

Browse source 
IEEE Std 802.11-2020, 12.4.7.6 says that status code CHALLENGE_FAILURE,
needs to be sent in case the verification action fails for SAE Confirm
message frame from a STA: "An SAE Confirm message, with a status code
not equal to SUCCESS, shall indicate that a peer rejects a previously
sent SAE Confirm message. An SAE Confirm message that was not
successfully verified is indicated with a status code of
CHALLENGE_FAILURE."

hostapd, however, did not use this status code for this case. In
ieee802_11.c the function sae_check_confirm() is called and in case of
verification failure (-1 is returned), the response is set to
WLAN_STATUS_UNSPECIFIED_FAILURE (status code = 1). Fix this to use
CHALLENGE_FAILURE.

Signed-off-by: Koen Van Oost <koen.vanoost@airties.com>
Signed-off-by: Mert Ekren <mert.ekren@airties.com>
This commit is contained in:
Mert Ekren 2022-11-23 12:15:16 +00:00 committed by Jouni Malinen
parent 7c62bccc6e
commit c823197bde
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/ap/ieee802_11.c
View file

@ -1448,7 +1448,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
}
if (sae_check_confirm(sta->sae, var, var_len) < 0) {
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
resp = WLAN_STATUS_CHALLENGE_FAIL;
goto reply;
}
sta->sae->rc = peer_send_confirm;