SAE: Verify that appropriate Status Code is used in SAE commit (SME)

Previous version accepted both 0 and 126 values in SAE commit message
from the AP. Explicitly check that the value the AP uses matches what
the STA started with to avoid unexpected cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index eafff1d6a174b185968dc011179d2fc79a9079a3..64b22c451590e31443d06d0bdf7bc95a48978c48 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -1291,6 +1291,19 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
                                   "SAE: Ignore commit message while waiting for confirm");
                        return 0;
                }
+               if (wpa_s->sme.sae.tmp && wpa_s->sme.sae.tmp->h2e &&
+                   status_code == WLAN_STATUS_SUCCESS) {
+                       wpa_printf(MSG_DEBUG,
+                                  "SAE: Unexpected use of status code 0 in SAE commit when H2E was expected");
+                       return -1;
+               }
+               if (wpa_s->sme.sae.tmp && !wpa_s->sme.sae.tmp->h2e &&
+                   status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT) {
+                       wpa_printf(MSG_DEBUG,
+                                  "SAE: Unexpected use of status code for H2E in SAE commit when H2E was not expected");
+                       return -1;
+               }
+
                if (groups && groups[0] <= 0)
                        groups = NULL;
                res = sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,