On Tue, Sep 01, 2020 at 04:53:02PM +0800, Ouden.Biz Lin wrote:
> I have a question about the WRONG Key.
> In WPA2-PSK case, that has the WRONG Key message to notify user.
> But, In WPA3-SAE, no message to notify user.
>
> I check the flow,
> When I use the wrong key to connect AP.
> AP will get the Confirm mismatch and send the Confirm with status (1) to STA.
That may be implementation specific behavior. Status code 1 does not
indicate that the password is wrong. It should also be noted that the AP
may end up sending its Confirm message before the STA.
> So, I added some checks to send the "WRONG Key" as below.
> Can somebody help to review and comment on it ?
> diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
> @@ -1222,6 +1222,10 @@ void sme_external_auth_mgmt_rx(struct
> wpa_supplicant *wpa_s,
> header->u.auth.variable,
> len - auth_length, 1, header->sa);
> if (res < 0) {
> + if ((le_to_host16(header->u.auth.auth_transaction) == 2)
> + && (le_to_host16(header->u.auth.status_code) == 1)) {
> + wpas_auth_failed(wpa_s, "WRONG_KEY");
> + }
This is not a robust way of determining that the password was wrong
since that is only one possible trigger for status code 1 (unspecified
failure). Furthermore, this would not trigger for all cases where the
password is wrong. SAE authentication does not provide any specific
indication for incorrect password.
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
