SAE-PK: Add support to skip sae_pk password check for testing purposes
Add support to skip sae_pk password check under compile flag CONFIG_TESTING_OPTIONS which allows AP to be configured with sae_pk enabled but a password that is invalid for sae_pk. Signed-off-by: Shaakir Mohamed <smohamed@codeaurora.org>
This commit is contained in:
parent
a71b100c3b
commit
41f8189057
3 changed files with 17 additions and 2 deletions
|
@ -2245,7 +2245,11 @@ static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_SAE_PK
|
#ifdef CONFIG_SAE_PK
|
||||||
if (pw->pk && !sae_pk_valid_password(pw->password)) {
|
if (pw->pk &&
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
!bss->sae_pk_password_check_skip &&
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
|
!sae_pk_valid_password(pw->password)) {
|
||||||
wpa_printf(MSG_INFO,
|
wpa_printf(MSG_INFO,
|
||||||
"Invalid SAE password for a SAE-PK sae_password entry");
|
"Invalid SAE password for a SAE-PK sae_password entry");
|
||||||
goto fail;
|
goto fail;
|
||||||
|
@ -4137,6 +4141,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
|
||||||
bss->sae_commit_status = atoi(pos);
|
bss->sae_commit_status = atoi(pos);
|
||||||
} else if (os_strcmp(buf, "sae_pk_omit") == 0) {
|
} else if (os_strcmp(buf, "sae_pk_omit") == 0) {
|
||||||
bss->sae_pk_omit = atoi(pos);
|
bss->sae_pk_omit = atoi(pos);
|
||||||
|
} else if (os_strcmp(buf, "sae_pk_password_check_skip") == 0) {
|
||||||
|
bss->sae_pk_password_check_skip = atoi(pos);
|
||||||
} else if (os_strcmp(buf, "sae_commit_override") == 0) {
|
} else if (os_strcmp(buf, "sae_commit_override") == 0) {
|
||||||
wpabuf_free(bss->sae_commit_override);
|
wpabuf_free(bss->sae_commit_override);
|
||||||
bss->sae_commit_override = wpabuf_parse_bin(pos);
|
bss->sae_commit_override = wpabuf_parse_bin(pos);
|
||||||
|
|
|
@ -1126,12 +1126,20 @@ static bool hostapd_sae_pk_password_without_pk(struct hostapd_bss_config *bss)
|
||||||
bool res = false;
|
bool res = false;
|
||||||
|
|
||||||
if (bss->ssid.wpa_passphrase &&
|
if (bss->ssid.wpa_passphrase &&
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
!bss->sae_pk_password_check_skip &&
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
sae_pk_valid_password(bss->ssid.wpa_passphrase))
|
sae_pk_valid_password(bss->ssid.wpa_passphrase))
|
||||||
res = true;
|
res = true;
|
||||||
|
|
||||||
for (pw = bss->sae_passwords; pw; pw = pw->next) {
|
for (pw = bss->sae_passwords; pw; pw = pw->next) {
|
||||||
if (!pw->pk && sae_pk_valid_password(pw->password))
|
if (!pw->pk &&
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
!bss->sae_pk_password_check_skip &&
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
|
sae_pk_valid_password(pw->password))
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
if (bss->ssid.wpa_passphrase && res && pw->pk &&
|
if (bss->ssid.wpa_passphrase && res && pw->pk &&
|
||||||
os_strcmp(bss->ssid.wpa_passphrase, pw->password) == 0)
|
os_strcmp(bss->ssid.wpa_passphrase, pw->password) == 0)
|
||||||
res = false;
|
res = false;
|
||||||
|
|
|
@ -671,6 +671,7 @@ struct hostapd_bss_config {
|
||||||
int sae_reflection_attack;
|
int sae_reflection_attack;
|
||||||
int sae_commit_status;
|
int sae_commit_status;
|
||||||
int sae_pk_omit;
|
int sae_pk_omit;
|
||||||
|
int sae_pk_password_check_skip;
|
||||||
struct wpabuf *sae_commit_override;
|
struct wpabuf *sae_commit_override;
|
||||||
struct wpabuf *rsne_override_eapol;
|
struct wpabuf *rsne_override_eapol;
|
||||||
struct wpabuf *rsnxe_override_eapol;
|
struct wpabuf *rsnxe_override_eapol;
|
||||||
|
|
Loading…
Reference in a new issue