SAE-PK: Add support to skip sae_pk password check for testing purposes

Add support to skip sae_pk password check under compile flag CONFIG_TESTING_OPTIONS which allows AP to be configured with sae_pk enabled but a password that is invalid for sae_pk. Signed-off-by: Shaakir Mohamed <smohamed@codeaurora.org>
2020-09-08 14:08:38 -07:00 · 2020-09-08 14:08:38 -07:00 · 41f8189057
commit 41f8189057
parent a71b100c3b
3 changed files with 17 additions and 2 deletions
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@ -1126,12 +1126,20 @@ static bool hostapd_sae_pk_password_without_pk(struct hostapd_bss_config *bss)
 	bool res = false;

 	if (bss->ssid.wpa_passphrase &&
+#ifdef CONFIG_TESTING_OPTIONS
+	    !bss->sae_pk_password_check_skip &&
+#endif /* CONFIG_TESTING_OPTIONS */
 	    sae_pk_valid_password(bss->ssid.wpa_passphrase))
 		res = true;

 	for (pw = bss->sae_passwords; pw; pw = pw->next) {
-		if (!pw->pk && sae_pk_valid_password(pw->password))
+		if (!pw->pk &&
+#ifdef CONFIG_TESTING_OPTIONS
+		    !bss->sae_pk_password_check_skip &&
+#endif /* CONFIG_TESTING_OPTIONS */
+		    sae_pk_valid_password(pw->password))
 			return true;
+
 		if (bss->ssid.wpa_passphrase && res && pw->pk &&
 		    os_strcmp(bss->ssid.wpa_passphrase, pw->password) == 0)
 			res = false;
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@ -671,6 +671,7 @@ struct hostapd_bss_config {
 	int sae_reflection_attack;
 	int sae_commit_status;
 	int sae_pk_omit;
+	int sae_pk_password_check_skip;
 	struct wpabuf *sae_commit_override;
 	struct wpabuf *rsne_override_eapol;
 	struct wpabuf *rsnxe_override_eapol;