From c823197bdef4f503630a2ffcb78962bb16fc5ec7 Mon Sep 17 00:00:00 2001 From: Mert Ekren Date: Wed, 23 Nov 2022 12:15:16 +0000 Subject: [PATCH] SAE: Use Challenge Failure status code in confirm message failure cases IEEE Std 802.11-2020, 12.4.7.6 says that status code CHALLENGE_FAILURE, needs to be sent in case the verification action fails for SAE Confirm message frame from a STA: "An SAE Confirm message, with a status code not equal to SUCCESS, shall indicate that a peer rejects a previously sent SAE Confirm message. An SAE Confirm message that was not successfully verified is indicated with a status code of CHALLENGE_FAILURE." hostapd, however, did not use this status code for this case. In ieee802_11.c the function sae_check_confirm() is called and in case of verification failure (-1 is returned), the response is set to WLAN_STATUS_UNSPECIFIED_FAILURE (status code = 1). Fix this to use CHALLENGE_FAILURE. Signed-off-by: Koen Van Oost Signed-off-by: Mert Ekren --- src/ap/ieee802_11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 56914dc5b..f0e3c55a9 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -1448,7 +1448,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, } if (sae_check_confirm(sta->sae, var, var_len) < 0) { - resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + resp = WLAN_STATUS_CHALLENGE_FAIL; goto reply; } sta->sae->rc = peer_send_confirm; -- 2.47.2