[PATCH] Display error on SAE connection with incorrect key
Jouni Malinen
j at w1.fi
Sun Oct 29 09:13:56 PDT 2023
On Fri, Oct 27, 2023 at 03:34:32PM +0800, Jianling.Fu wrote:
> If a failure occurs at sae "auth confirm" step,
> the most probable cause is an error related to the key.
Well, it depends.. I guess that might be the case when adding a new
network for the first time and there having been no successful
authentications before this. However, if there has been a successful
authentication, I would be quite careful on how to interpret failures
during SAE authentication since they could be caused by active attacks
and should not result in something like dropping the password and asking
using to enter a different one.
> Correspondingly, in the case of handling SME in wpa_supplicant,
> a similar way to internally trigger an association reject
> event is used. We do this through calling sme_event_assoc_reject
> to trigger upper layer processing with the WRONG_PASSWORD event.
This feels really wrong. SAE authentication failing has nothing to do
with the AP explicitly rejecting association. This could result in
unexpected behavior and issues when sme_event_assoc_reject() might do
something now, or in the future after some change, that is not
appropriate for the authentication step.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list