Fail to access RSN property with DBus if pairwise cipher suite count is 0

Jouni Malinen j at
Fri Apr 1 02:34:18 PDT 2022

On Wed, Mar 30, 2022 at 11:10:52AM +0000, Deroire, Guillaume wrote:
> I get the following DBus error when I try to access the RSN property: "wpa_dbus_get_object_properties: failed to get object properties: (org.freedesktop.DBus.Error.Failed) failed to parse RSN IE"
> If I enable wpa_supplicant debugging, I get the following: "wpa_parse_wpa_ie_rsn: ie count botch (pairwise), count 0 left 4"
> The raw RSN IE data are the following: "300c0100000fac04000000000000"
> Which I decode as:
>         Element ID : 0x30
>         Length : 0x0C
>         Version : 1
>         Group Cypher CCMP : 0x000fac04
>         Pair wise cipher suite count : 0
>         Authentication suite count : 0
>         RSN capabilities : 0

That is an invalid RSNE. The Pairwise Cipher Suite Count field indicates
how many pairwise cipher suites are allowed and value 0 is reserved
(i.e., not allowed to be used in this manner). It has the same issue
with the AKM Suite Count field. The correct way of indicating the
default values to be used for pairwise cipher suites and AKM suites
would have been to completely omit those fields from the RSNE. i.e.,
remove the last six octets of the value shown here.

> wpa_supplicant rejects it due to "Pair wise cipher suite count = 0" but it seems to be valid.

While the encoding may look valid, that count=0 is not allowed based on
the standard (see IEEE Std 802.11-2020,

> I have a very reduced knowledge of WiFi internal, so could someone clarify if it is invalid and my AP is badly configured or if it is a valid RSN that must be supported ?

It feels more like an implementation issue in the AP. It would be
strange to accept a configuration that would result in an invalid RSNE
being used.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list