Regarding status code in initial SAE confirm message

RAGHAVENDRA SADARAMACHANDRA (rsadaram) rsadaram at cisco.com
Wed Sep 8 12:44:30 PDT 2021 

Hi James,

   Thanks for the response. 
   Reg - " If hostapd receives a confirm with non-success status code it treats that as the peer rejecting" =====> Peer rejecting of which frame? In client and AP case, client is the one which first sends SAE confirm. Here there is no previous confirm message for the client to reject. Spec mentioned about rejection of previous SAE confirm message.

-Raghu


On 9/8/21, 12:30 PM, "James Prestwood" <prestwoj at gmail.com> wrote:

    Hi,

    On Wed, 2021-09-08 at 19:08 +0000, RAGHAVENDRA SADARAMACHANDRA
    (rsadaram) wrote:
    > Any info on below query?
    > 
    > On 9/3/21, 11:13 PM, "RAGHAVENDRA SADARAMACHANDRA (rsadaram)"
    > <rsadaram at cisco.com> wrote:
    > 
    >     Hi All,
    > 
    >     What's the importance/use of status code in initial confirm
    > message from the client. Do we need to check for status code ==
    > success in confirm message from the client.
    > 
    >     Spec does not talk about status code in initial confirm message.

    I don't think the spec cares about "initial confirm" vs any other
    confirm. Its just a confirm message.

    > It mentions: An SAE Confirm message, with a status code not equal to
    > SUCCESS, shall indicate that a peer rejects a previously sent SAE
    > Confirm message. An SAE Confirm message that was not successfully
    > verified is indicated with a status code of CHALLENGE_FAILURE. 

    How does that not describe the intended behavior? If hostapd receives a
    confirm with non-success status code it treats that as the peer
    rejecting. Seems reasonable to me.

    > 
    > 
    >                } else if (auth_transaction == 2) {
    >                     hostapd_logger(hapd, sta->addr,
    > HOSTAPD_MODULE_IEEE80211,
    >                                    HOSTAPD_LEVEL_DEBUG,
    >                                    "SAE authentication (RX confirm,
    > status=%u (%s))",
    >                                    status_code,
    > status2str(status_code));
    >                     if (status_code != WLAN_STATUS_SUCCESS)
    >                             goto remove_sta;
    > 
    > 
    >     -Raghu
    > 
    > 
    > _______________________________________________
    > Hostap mailing list
    > Hostap at lists.infradead.org
    > http://lists.infradead.org/mailman/listinfo/hostap

More information about the Hostap mailing list