[PATCH 2/2] dbus: emit the PskMismatch signal also for SAE
Jouni Malinen
j at w1.fi
Thu Oct 2 13:47:01 PDT 2025
On Thu, Jun 26, 2025 at 10:57:51AM +0200, Beniamino Galvani wrote:
> Commit a678a510fb20 ("dbus: Add D-Bus signal for PSK mismatch
> heuristics") introduced the "PskMismatch" signal. D-Bus clients can
> use this signal to detect a wrong WPA-PSK password and prompt the user
> for a new one.
>
> This commit adds the same functionality to SAE authentication,
> emitting the signal when a failure occurs that is likely caused by a
> wrong password.
PskMismatch would be a misleading signal for indicate potential SAE
password mismatches since PSK is quite different from SAE password (PSK
is the key derived from the password used in WPA2-Personal).
> diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
> @@ -2056,6 +2056,9 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
> data->auth.ies_len, 0, data->auth.peer,
> &ie_offset);
> if (res < 0) {
> + if (res == -2)
> + wpas_notify_psk_mismatch(wpa_s);
This res == -2 case can be triggered by a large number of different
reasons and it does not seem reasonable to me to claim that it is caused
by an incorrect password. In particular, I think it would be a bad idea
to notify the user to change the password (and even worse, drop the
currently stored password which is something that some UIs have done in
this area) based on all these cases. At minimum, this should be limited
to authentication transaction number 2 cases and there should also be
some additional conditions, e.g., based on the received status code.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list