[PATCH] hostapd: SAE check confirm fail status code

Jouni Malinen j at w1.fi
Sat Nov 5 03:54:13 PDT 2022

On Tue, Oct 25, 2022 at 06:29:10AM +0000, Mert Ekren wrote:
> When STA password check fails in wpa3 AP, there's an ambiguous response "WLAN_STATUS_UNSPECIFIED_FAILURE" in hostapd. There's a pre-defined status "CHALLENGE_FAILURE" in standard for this case.
> IEEE 802.11-2022 says that status code CHALLENGE_FAILURE, needs to be sent in case the verification action fails for SAE-CONFIRM frame from a STA:"An SAE Confirm message, with a status code not equal to SUCCESS, shall indicate that a peer rejects a previously sent SAE Confirm message. An SAE Confirm message that was not successfully verified is indicated with a status code of CHALLENGE_FAILURE" .
> Hostapd, however, does not implement this status code. In ieee802_11.c the function “sae_check_confirm” is called and in case of verification failure (-1 is returned), the response is set to WLAN_STATUS_UNSPECIFIED_FAILURE (status code = 1). This is not correct and should be modified as:
> diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c

Could you please send this again with the Signed-off-by: line added to
the end of the commit message as described in the top level

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list