Message ID | CACYaJDTkZcZgzwpXPKMus7jzi-QpSTrMJV_3Wp8oXJGM2nthCw@mail.gmail.com |
---|---|
State | Not Applicable |
Headers | show |
Series | SAE: Notify WRONG Key when Confirm mismatch | expand |
On Tue, Sep 01, 2020 at 04:53:02PM +0800, Ouden.Biz Lin wrote: > I have a question about the WRONG Key. > In WPA2-PSK case, that has the WRONG Key message to notify user. > But, In WPA3-SAE, no message to notify user. > > I check the flow, > When I use the wrong key to connect AP. > AP will get the Confirm mismatch and send the Confirm with status (1) to STA. That may be implementation specific behavior. Status code 1 does not indicate that the password is wrong. It should also be noted that the AP may end up sending its Confirm message before the STA. > So, I added some checks to send the "WRONG Key" as below. > Can somebody help to review and comment on it ? > diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c > @@ -1222,6 +1222,10 @@ void sme_external_auth_mgmt_rx(struct > wpa_supplicant *wpa_s, > header->u.auth.variable, > len - auth_length, 1, header->sa); > if (res < 0) { > + if ((le_to_host16(header->u.auth.auth_transaction) == 2) > + && (le_to_host16(header->u.auth.status_code) == 1)) { > + wpas_auth_failed(wpa_s, "WRONG_KEY"); > + } This is not a robust way of determining that the password was wrong since that is only one possible trigger for status code 1 (unspecified failure). Furthermore, this would not trigger for all cases where the password is wrong. SAE authentication does not provide any specific indication for incorrect password.
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index dd5020179..b29d936fd 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -1222,6 +1222,10 @@ void sme_external_auth_mgmt_rx(struct wpa_supplicant *wpa_s, header->u.auth.variable, len - auth_length, 1, header->sa); if (res < 0) { + if ((le_to_host16(header->u.auth.auth_transaction) == 2) + && (le_to_host16(header->u.auth.status_code) == 1)) { + wpas_auth_failed(wpa_s, "WRONG_KEY"); + } /* Notify failure to the driver */ sme_send_external_auth_status(