From patchwork Fri Oct 27 07:34:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Jianling.Fu" X-Patchwork-Id: 1856055 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=AjVM0Nvn; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=mediatek.com header.i=@mediatek.com header.a=rsa-sha256 header.s=dk header.b=HrJmZ/kS; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SGvcg1HBlz23jP for ; Fri, 27 Oct 2023 18:36:48 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:CC :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=s/oC85FUQEGn84JkybKJ4ERIvU/4Fvx2vNveEDc41AY=; b=AjVM0NvnvW2lh1 4f1ZcuYuvjXfPewP70cHnwwwfslh+lkt9fahdSjVC/B7K9Qloqyz1bui4fv2FWZ7Dm10Zye39TekM 9WGX5zH/N7zq/P5OpePI/ow3bJaqPM0IwdusIrZBzMhWPEv6WEbqEJML2RtNkr89sBu3dgJrqRa+l Au7H6hZfTl5hbp0PVfwniDyuJZ+asC+w2n+3x0WCJBRm2HXbDuweQ5QIyqpLDPYLdJ8OzCV3OXApE ryZEcZVYyubT0EM0s7EGKrsEGZ4Pt6c/2dxpWtTyJvhhnuij3tHzsH0ZiUWSGewogxkKMVzpGzNh0 owPlpYCUMzsoeFe3sn/w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qwHNe-00FoQH-07; Fri, 27 Oct 2023 07:35:42 +0000 Received: from mailgw02.mediatek.com ([216.200.240.185]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qwHNZ-00FoPX-1U for hostap@lists.infradead.org; Fri, 27 Oct 2023 07:35:38 +0000 X-UUID: 67d35fd8749b11ee86758d4a7c00f3a0-20231027 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:CC:To:From; bh=QIqvDgd+j/MPXOSF2tAvcFafbohMhvLn+TBnMlwDLl8=; b=HrJmZ/kSWtT+mgSy3fGUzIs62dGTp4hJ6a89qxh30Uw7/eRoIUrGgeTloaJm1y7iwkXhq0MnW/y6QXzbe3fTG9yT+QkkOp/l1ctYqtyFjJey7yUKb3iIOsNNY7HlkDOvtmunFuaZ5n90fM9JyQa62RYCHV7EAfgAvxc/MFdy+dU=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.32,REQID:526e39da-032f-47a0-8bdf-f4664e76639b,IP:0,U RL:0,TC:0,Content:-20,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTIO N:release,TS:-20 X-CID-META: VersionHash:5f78ec9,CLOUDID:8833d7fb-4a48-46e2-b946-12f04f20af8c,B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:1,EDM:-3,IP:nil,U RL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,SPR:NO, DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 0 X-CID-BAS: 0,_,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR X-UUID: 67d35fd8749b11ee86758d4a7c00f3a0-20231027 Received: from mtkmbs14n2.mediatek.inc [(172.21.101.76)] by mailgw02.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 1880351191; Fri, 27 Oct 2023 00:35:30 -0700 Received: from mtkmbs13n2.mediatek.inc (172.21.101.108) by mtkmbs13n2.mediatek.inc (172.21.101.108) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Fri, 27 Oct 2023 15:34:46 +0800 Received: from mhfsdcap04.gcn.mediatek.inc (10.17.3.154) by mtkmbs13n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Fri, 27 Oct 2023 15:34:46 +0800 From: Jianling.Fu To: Jouni Malinen CC: , Jianling.Fu Subject: [PATCH] Display error on SAE connection with incorrect key Date: Fri, 27 Oct 2023 15:34:32 +0800 Message-ID: <20231027073432.11915-1-jianling.fu@mediatek.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-MTK: N X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231027_003537_507767_1D0B6591 X-CRM114-Status: GOOD ( 12.58 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: If a failure occurs at sae "auth confirm" step, the most probable cause is an error related to the key. Correspondingly, in the case of handling SME in wpa_supplicant, a similar way to internally trig [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org If a failure occurs at sae "auth confirm" step, the most probable cause is an error related to the key. Correspondingly, in the case of handling SME in wpa_supplicant, a similar way to internally trigger an association reject event is used. We do this through calling sme_event_assoc_reject to trigger upper layer processing with the WRONG_PASSWORD event. Signed-off-by: Jianling.Fu --- wpa_supplicant/sme.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index bb04652f5..fdd8b331c 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -2038,6 +2038,30 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data) data->auth.ies_len, 0, data->auth.peer, &ie_offset); if (res < 0) { + /* + * Based on the 'auth confirm' process, this is a confirmation message + * indicating that it has successfully received and verified the key + * from the router, and has acknowledged the connection. Thus, if a + * failure occurs at this step, the most probable cause is an error + * related to the key. Correspondingly, in the case of handling SME + * in wpa_supplicant, a similar way to internally trigger an association + * reject event is used. We do this through calling sme_event_assoc_reject + * to trigger upper layer processing with the WRONG_PASSWORD event + */ + if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME + && data->auth.auth_transaction == 2) { + union wpa_event_data event; + + os_memset(&event, 0, sizeof(event)); + event.assoc_reject.bssid = wpa_s->pending_bssid; + event.assoc_reject.status_code = WLAN_STATUS_UNSPECIFIED_FAILURE; + wpa_s->assoc_status_code = event.assoc_reject.status_code; + wpas_notify_assoc_status_code(wpa_s); + wpa_dbg(wpa_s, MSG_DEBUG, + "SME: SAE Authentication failure,indicate assoc reject"); + sme_event_assoc_reject(wpa_s, &event); + + return; + } wpas_connection_failed(wpa_s, wpa_s->pending_bssid); wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);