SAE: Use Challenge Failure status code in confirm message failure cases

IEEE Std 802.11-2020, 12.4.7.6 says that status code CHALLENGE_FAILURE,
needs to be sent in case the verification action fails for SAE Confirm
message frame from a STA: "An SAE Confirm message, with a status code
not equal to SUCCESS, shall indicate that a peer rejects a previously
sent SAE Confirm message. An SAE Confirm message that was not
successfully verified is indicated with a status code of
CHALLENGE_FAILURE."

hostapd, however, did not use this status code for this case. In
ieee802_11.c the function sae_check_confirm() is called and in case of
verification failure (-1 is returned), the response is set to
WLAN_STATUS_UNSPECIFIED_FAILURE (status code = 1). Fix this to use
CHALLENGE_FAILURE.

Signed-off-by: Koen Van Oost <koen.vanoost@airties.com>
Signed-off-by: Mert Ekren <mert.ekren@airties.com>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 56914dc5b4f24dfc663a26b276db9d6b56063690..f0e3c55a985c094ecc5fd973e34c26d177e4868d 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1448,7 +1448,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
                        }
 
                        if (sae_check_confirm(sta->sae, var, var_len) < 0) {
-                               resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+                               resp = WLAN_STATUS_CHALLENGE_FAIL;
                                goto reply;
                        }
                        sta->sae->rc = peer_send_confirm;