[PATCH v2 14/15] wpa_supplicant: Support parsing ML element in SAE auth frames

Otcheretianski, Andrei andrei.otcheretianski at intel.com
Tue Dec 6 00:19:09 PST 2022

> Shouldn't this be done as part of patch 7/15 instead of a separate commit
> that fixes the earlier changes in the same patchset?
> Or to be more exact, I'd prefer prefer to see the sae_parse_commit() change
> to introduce the new argument to return the IE offset as its own
> independent patch that does not change any real functionality other than
> introducing that capability. That would be before patch 7/15 and then the
> remaining items from this 14/15 would be merged into patch 7/15.

Sure, makes sense. I will re-arrange this.

> > @@ -1726,6 +1733,10 @@ static int sme_sae_auth(struct wpa_supplicant
> *wpa_s, u16 auth_transaction,
> >  			return -1;
> >  		if (sae_check_confirm(&wpa_s->sme.sae, data, len) < 0)
> >  			return -1;
> > +
> > +		if (ie_offset && wpa_s->sme.sae.tmp)
> > +			*ie_offset = 2 + wpa_s->sme.sae.tmp->kck_len;
> What is this doing and how this is related to the ie_offset value from
> sae_parse_commit()? At minimum, this would benefit of a comment
> explaining what that 2 is and what this has to do with KCK length.

ie_offset is set to the offset to the IE's, after skipping all the fixed parts.
It's not related to parse_commit as it's under "else if" part, though to make it similar, maybe it would be better to pass it as an argument to sae_check_confirm() as well.
2 bytes are for send-confirm field and the rest is the confirm hash.
I'll add a comment to clarify this.

> --
> Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list