Regarding status code in initial SAE confirm message

James Prestwood prestwoj at gmail.com
Wed Sep 8 12:27:48 PDT 2021


Hi,

On Wed, 2021-09-08 at 19:08 +0000, RAGHAVENDRA SADARAMACHANDRA
(rsadaram) wrote:
> Any info on below query?
> 
> On 9/3/21, 11:13 PM, "RAGHAVENDRA SADARAMACHANDRA (rsadaram)"
> <rsadaram at cisco.com> wrote:
> 
>     Hi All,
> 
>     What's the importance/use of status code in initial confirm
> message from the client. Do we need to check for status code ==
> success in confirm message from the client.
> 
>     Spec does not talk about status code in initial confirm message.

I don't think the spec cares about "initial confirm" vs any other
confirm. Its just a confirm message.

> It mentions: An SAE Confirm message, with a status code not equal to
> SUCCESS, shall indicate that a peer rejects a previously sent SAE
> Confirm message. An SAE Confirm message that was not successfully
> verified is indicated with a status code of CHALLENGE_FAILURE. 

How does that not describe the intended behavior? If hostapd receives a
confirm with non-success status code it treats that as the peer
rejecting. Seems reasonable to me.

> 
> 
>                } else if (auth_transaction == 2) {
>                     hostapd_logger(hapd, sta->addr,
> HOSTAPD_MODULE_IEEE80211,
>                                    HOSTAPD_LEVEL_DEBUG,
>                                    "SAE authentication (RX confirm,
> status=%u (%s))",
>                                    status_code,
> status2str(status_code));
>                     if (status_code != WLAN_STATUS_SUCCESS)
>                             goto remove_sta;
> 
> 
>     -Raghu
> 
> 
> _______________________________________________
> Hostap mailing list
> Hostap at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/hostap





More information about the Hostap mailing list