Hi, I am running hostapd using SAE for authentication. I am purposly setting sae_groups=20, but having my supplicant try group 19 (which should result in both sides negotiating a group they both support). As far as I understand it, hostapd would be in the "nothing" state and I am sending over a commit. I am seeing hostapd send back over a rejected authentication with UNSUPPORTED_FINITE_CYCLIC_GROUP, but no group number is included, just status and auth transaction. According to the 802.11 spec this is what should happen: (12.4.8.6.3 Protocol instance behavior - Nothing state) "Upon receipt of a Com event, the protocol instance shall check the Status of the Authentication frame. If the Status code is not SUCCESS , the frame shall be silently discarded and a Del event shall be sent to the parent process. Otherwise, the frame shall be processed by first checking the finite cyclic group field to see if the requested group is supported. If not, BadGrp shall be set and the protocol instance shall construct and transmit a an Authentication frame with Status code UNSUPPORTED_FINITE_CYCLIC_GROUP indicating rejection with the finite cyclic group field set to the rejected group, and shall send the parent process a Del event." Specifically I am concerned with "... finite cyclic group field set to the rejected group ...". So after reading the spec it appears this behavior is not correct on hostapd's part, it should be sending the group number in the authenticate response (at least that is how I read it). Is this indeed a bug or am I way off? Thanks, James _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
