[PATCH] hostapd: SAE check confirm fail status code

Jouni Malinen j at w1.fi
Thu Nov 24 02:33:50 PST 2022

On Wed, Nov 23, 2022 at 12:15:16PM +0000, Mert Ekren wrote:
> (sending this mail again with signed-off-by tag)

> When STA password check fails in wpa3 AP, there's an ambiguous response "WLAN_STATUS_UNSPECIFIED_FAILURE" in hostapd. There's a pre-defined status "CHALLENGE_FAILURE" in standard for this case.
> IEEE 802.11-2022 says that status code CHALLENGE_FAILURE, needs to be sent in case the verification action fails for SAE-CONFIRM frame from a STA:"An SAE Confirm message, with a status code not equal to SUCCESS, shall indicate that a peer rejects a previously sent SAE Confirm message. An SAE Confirm message that was not successfully verified is indicated with a status code of CHALLENGE_FAILURE" .
> Hostapd, however, does not implement this status code. In ieee802_11.c the function “sae_check_confirm” is called and in case of verification failure (-1 is returned), the response is set to WLAN_STATUS_UNSPECIFIED_FAILURE (status code = 1). This is not correct and should be modified as:

Thanks, applied.
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list