[PATCH] Display error on SAE connection with incorrect key

Jianling.Fu jianling.fu at mediatek.com
Wed Nov 8 05:44:32 PST 2023


If the status code is not 'success' during the SAE 'auth confirm' step,
or if the auth confirm check encounters a mismatch, this would be
related to the key. In such cases, we would trigger an
'association reject' event, which is used to prompt the
upper layer to process the event as a 'WRONG_PASSWORD' event

Signed-off-by: Jianling.Fu <jianling.fu at mediatek.com>
---
 wpa_supplicant/config_ssid.h    |  5 +++++
 wpa_supplicant/sme.c            | 23 ++++++++++++++++++++++-
 wpa_supplicant/wpa_supplicant.c |  3 ++-
 3 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index ff045380e..5c237d56a 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -1265,6 +1265,11 @@ struct wpa_ssid {
 	 * to use the interface in a bridge.
 	 */
 	int enable_4addr_mode;
+	/**
+	 * New variable to track if the network
+	 * has been successfully connected
+	 */
+	int had_been_connected;
 };
 
 #endif /* CONFIG_SSID_H */
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index bb04652f5..02baa1c0d 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -1892,7 +1892,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
 			return -1;
 		if (sae_check_confirm(&wpa_s->sme.sae, data, len,
 				      ie_offset) < 0)
-			return -1;
+			return -2;
 		if (external && wpa_s->sme.ext_ml_auth &&
 		    sme_external_ml_auth(wpa_s, data, len, *ie_offset,
 					 status_code))
@@ -2038,6 +2038,27 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
 				   data->auth.ies_len, 0, data->auth.peer,
 				   &ie_offset);
 		if (res < 0) {
+			if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME
+					&& data->auth.auth_transaction == 2
+					&& ssid->had_been_connected == 0
+					&& (data->auth.status_code ==
+						WLAN_STATUS_UNSPECIFIED_FAILURE
+						|| res == -2)) {
+				union wpa_event_data event;
+
+				os_memset(&event, 0, sizeof(event));
+				event.assoc_reject.bssid = wpa_s->pending_bssid;
+				event.assoc_reject.status_code =
+					WLAN_STATUS_UNSPECIFIED_FAILURE;
+				wpa_s->assoc_status_code =
+					event.assoc_reject.status_code;
+				wpas_notify_assoc_status_code(wpa_s);
+				wpa_dbg(wpa_s, MSG_DEBUG,
+					"SME: SAE Authentication failure indicate assoc reject");
+				sme_event_assoc_reject(wpa_s, &event);
+
+				return;
+			}
 			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
 
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index ba68e8198..a21fd5891 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1063,7 +1063,8 @@ void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
 
 	if (wpa_s->wpa_state != old_state) {
 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
-
+		if (wpa_s->wpa_state == WPA_COMPLETED)
+			wpa_s->current_ssid->had_been_connected = 1;
 		/*
 		 * Notify the P2P Device interface about a state change in one
 		 * of the interfaces.
-- 
2.18.0




More information about the Hostap mailing list