SAE: Allow authentication restart on AP
In the infrastructure BSS case, the AP needs to clear pending SAE state if a new Commit message is received when already in Committed state. This allows the non-AP STA to negotiate a new group if it ends up trying to go through SAE authentication again before the AP side has removed the previous STA entry. This fixes an issue where a kernel update changed something in SAE timing or authentication sequence and started failing the sae_bignum_failure hwsim test case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
b1e1187744
commit
3a8dd390c9
1 changed files with 14 additions and 0 deletions
|
|
@ -953,6 +953,20 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
if (status_code != WLAN_STATUS_SUCCESS)
|
if (status_code != WLAN_STATUS_SUCCESS)
|
||||||
goto remove_sta;
|
goto remove_sta;
|
||||||
|
|
||||||
|
if (!(hapd->conf->mesh & MESH_ENABLED) &&
|
||||||
|
sta->sae->state == SAE_COMMITTED) {
|
||||||
|
/* This is needed in the infrastructure BSS case to
|
||||||
|
* address a sequence where a STA entry may remain in
|
||||||
|
* hostapd across two attempts to do SAE authentication
|
||||||
|
* by the same STA. The second attempt may end up trying
|
||||||
|
* to use a different group and that would not be
|
||||||
|
* allowed if we remain in Committed state with the
|
||||||
|
* previously set parameters. */
|
||||||
|
sae_set_state(sta, SAE_NOTHING,
|
||||||
|
"Clear existing state to allow restart");
|
||||||
|
sae_clear_data(sta->sae);
|
||||||
|
}
|
||||||
|
|
||||||
resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
|
resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
|
||||||
((const u8 *) mgmt) + len -
|
((const u8 *) mgmt) + len -
|
||||||
mgmt->u.auth.variable, &token,
|
mgmt->u.auth.variable, &token,
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue