Filter out unlikely "pre-shared key may be incorrect" messages

Add a function to filter out known cases of disconnection during 4-way
handshake that are caused by something else than mismatch in PSK. This
commit adds the case where the local end determines a mismatch in
WPA/RSN element between Beacon/Probe Response frames and EAPOL-Key msg
3/4.

This can avoid some potentially confusing "WPA: 4-Way Handshake failed -
pre-shared key may be incorrect" ctrl_iface messages.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2012-10-08 17:49:54 +03:00 committed by Jouni Malinen
parent 458cb30191
commit c9a8221800

View File

@ -1815,6 +1815,28 @@ static void wpa_supplicant_event_disassoc(struct wpa_supplicant *wpa_s,
} }
static int could_be_psk_mismatch(struct wpa_supplicant *wpa_s, u16 reason_code,
int locally_generated)
{
if (wpa_s->wpa_state != WPA_4WAY_HANDSHAKE ||
!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt))
return 0; /* Not in 4-way handshake with PSK */
/*
* It looks like connection was lost while trying to go through PSK
* 4-way handshake. Filter out known disconnection cases that are caused
* by something else than PSK mismatch to avoid confusing reports.
*/
if (locally_generated) {
if (reason_code == WLAN_REASON_IE_IN_4WAY_DIFFERS)
return 0;
}
return 1;
}
static void wpa_supplicant_event_disassoc_finish(struct wpa_supplicant *wpa_s, static void wpa_supplicant_event_disassoc_finish(struct wpa_supplicant *wpa_s,
u16 reason_code, u16 reason_code,
int locally_generated) int locally_generated)
@ -1840,8 +1862,7 @@ static void wpa_supplicant_event_disassoc_finish(struct wpa_supplicant *wpa_s,
return; return;
} }
if (wpa_s->wpa_state == WPA_4WAY_HANDSHAKE && if (could_be_psk_mismatch(wpa_s, reason_code, locally_generated)) {
wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
wpa_msg(wpa_s, MSG_INFO, "WPA: 4-Way Handshake failed - " wpa_msg(wpa_s, MSG_INFO, "WPA: 4-Way Handshake failed - "
"pre-shared key may be incorrect"); "pre-shared key may be incorrect");
wpas_auth_failed(wpa_s); wpas_auth_failed(wpa_s);