From ded1a35c415b54440d94cade46519a40529eb010 Mon Sep 17 00:00:00 2001
From: James Prestwood <prestwoj@gmail.com>
Date: Tue, 5 Dec 2023 07:46:46 -0800
Subject: [PATCH] sae: add debugging for incorrect password identifier

If the AP rejects the auth because of an unknown identifier catch
this and log the error.
---
 src/sae.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/sae.c b/src/sae.c
index da00e4da..9a10292e 100644
--- a/src/sae.c
+++ b/src/sae.c
@@ -1104,11 +1104,19 @@ static int sae_verify_committed(struct sae_sm *sm, uint16_t transaction,
 	 * If the Status is some other nonzero value, the frame shall be
 	 * silently discarded and the t0 (retransmission) timer shall be set.
 	 */
-	if (status != 0 && status != MMPDU_STATUS_CODE_SAE_HASH_TO_ELEMENT)
+	switch (status) {
+	case 0:
+	case MMPDU_STATUS_CODE_SAE_HASH_TO_ELEMENT:
+		if (status != sae_status_code(sm))
+			return -EBADMSG;
+		break;
+	case MMPDU_STATUS_CODE_UNKNOWN_PASSWORD_IDENTIFIER:
+		sae_debug("Incorrect password identifier, check "
+				"[Security].PasswordIdentifier");
+		/* fall through */
+	default:
 		return -ENOMSG;
-
-	if (status != sae_status_code(sm))
-		return -EBADMSG;
+	}
 
 	if (len < 2)
 		return -EBADMSG;