DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Prefer SAE over PSK in WPA3-Personal transition mode cases

Browse source 
Order scan results in a manner that prefers BSSs that support SAE over
ones that support PSK without SAE if the SNR of the SAE BSS is good or
at least at the same level as the SNR for the PSK BSS. This improves
likelihood of using SAE when the local network profile allows
WPA3-Personal transition mode and the ESS uses a mix BSSs with different
sets of AKMs.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2023-11-23 23:13:51 +02:00 committed by Jouni Malinen
parent d883b25760
commit a768556f7b
1 changed files with 27 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
wpa_supplicant/scan.c
View file

@ -2379,6 +2379,7 @@ static int wpa_scan_result_compar(const void *a, const void *b)
int wpa_a, wpa_b;
int snr_a, snr_b, snr_a_full, snr_b_full;
size_t ies_len;
const u8 *rsne_a, *rsne_b;
/* WPA/WPA2 support preferred */
wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL ||
@ -2422,6 +2423,32 @@ static int wpa_scan_result_compar(const void *a, const void *b)
snr_b = snr_b_full = wb->level;
}
/* If SNR of a SAE BSS is good or at least as high as the PSK BSS,
* prefer SAE over PSK for mixed WPA3-Personal transition mode and
* WPA2-Personal deployments */
rsne_a = wpa_scan_get_ie(wa, WLAN_EID_RSN);
rsne_b = wpa_scan_get_ie(wb, WLAN_EID_RSN);
if (rsne_a && rsne_b) {
struct wpa_ie_data data;
bool psk_a = false, psk_b = false, sae_a = false, sae_b = false;
if (wpa_parse_wpa_ie_rsn(rsne_a, 2 + rsne_a[1], &data) == 0) {
psk_a = wpa_key_mgmt_wpa_psk_no_sae(data.key_mgmt);
sae_a = wpa_key_mgmt_sae(data.key_mgmt);
}
if (wpa_parse_wpa_ie_rsn(rsne_b, 2 + rsne_b[1], &data) == 0) {
psk_b = wpa_key_mgmt_wpa_psk_no_sae(data.key_mgmt);
sae_b = wpa_key_mgmt_sae(data.key_mgmt);
}
if (sae_a && !sae_b && psk_b &&
(snr_a >= GREAT_SNR || snr_a >= snr_b))
return -1;
if (sae_b && !sae_a && psk_a &&
(snr_b >= GREAT_SNR || snr_b >= snr_a))
return 1;
}
/* If SNR is close, decide by max rate or frequency band. For cases
* involving the 6 GHz band, use the throughput estimate irrespective
* of the SNR difference since the LPI/VLP rules may result in