[PATCH 4/4] SAE: Fix auth_transaction error handling

Masashi Honma masashi.honma
Thu Nov 27 23:31:51 PST 2014 

2014-11-25 23:17 GMT+09:00 Jouni Malinen <j at w1.fi>:
> Commit fields would not be included in Authentication frame with that status code

OK. I will drop commit field inclusion.

> I'm not sure how this could cause continuous frame exchange.
> What is in the other end replying to this message and generating the invalid
> SAE auth transaction number in the first place?

This is a my reproduction code. This simulates reception of auth_transaction=3
frame.

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 8e04dfa..4662644 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -614,6 +614,7 @@ static int sae_sm_step(struct hostapd_data *hapd,
struct sta_info *sta,
        return WLAN_STATUS_SUCCESS;
 }

+static int first = 1;

 static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
                            const struct ieee80211_mgmt *mgmt, size_t len,
@@ -622,6 +623,11 @@ static void handle_auth_sae(struct hostapd_data
*hapd, struct sta_info *sta,
        u16 resp = WLAN_STATUS_SUCCESS;
        struct wpabuf *data = NULL;

+       if (first) {
+               first = 0;
+               auth_transaction = 3;
+       }
+
        if (!sta->sae) {
                if (auth_transaction != 1)
                        return;
@@ -739,6 +745,7 @@ static void handle_auth_sae(struct hostapd_data
*hapd, struct sta_info *sta,
                               HOSTAPD_LEVEL_DEBUG,
                               "unexpected SAE authentication transaction %u",
                               auth_transaction);
                resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
        }

This could occur on mesh SAE authentication case.
Both peer is wpa_supplicant.
Currently, auth_transaction is 1(commit) or 2(confirm).
If STA on mesh happen to receive frame with auth_transaction=3, it causes
continuous frame exchange. Because wpa_supplicant which was received a frame
with auth_transaction=3 transmits frame with auth_transaction=3.

STA1 <-- auth_transaction=3 --- STA2
STA1 --- auth_transaction=3 --> STA2
STA1 <-- auth_transaction=3 --- STA2
STA1 --- auth_transaction=3 --> STA2

My previous patch changed auth_transaction to prevent this continuous frame
exchange.

> I don't think changing the auth transaction number would be ideal either when
> indicating that the authentication transaction was incorrect.

I will just drop error frame on mesh case.

More information about the Hostap mailing list