DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

SAE: Update PT value at later point for SME cases, if needed

Browse source 
It was possible to hit a case where the SAE PT had not yet been derived,
e.g., when using P2P group re-invocation. Update PT use at the time
authentication is started, if needed, to avoid this. While this is not
really ideal from the externally observable timing view point, this is
done only for the case where there is no other option available with a
dynamically changing network configuration for P2P. Similar design was
already in place for the SAE offload-from-driver (external auth) case.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2023-01-30 23:09:53 +02:00 committed by Jouni Malinen
parent 1aadcca0a7
commit bf124a03d5
3 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
wpa_supplicant/sme.c
View file

@ -234,6 +234,8 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
}
}
if (use_pt && !ssid->pt)
wpa_s_setup_sae_pt(wpa_s->conf, ssid, true);
if (use_pt &&
sae_prepare_commit_pt(&wpa_s->sme.sae, ssid->pt,
wpa_s->own_addr, addr,
@ -1399,7 +1401,7 @@ static int sme_handle_external_auth_start(struct wpa_supplicant *wpa_s,
os_memcmp(ssid_str, ssid->ssid, ssid_str_len) == 0 &&
wpa_key_mgmt_sae(ssid->key_mgmt)) {
/* Make sure PT is derived */
wpa_s_setup_sae_pt(wpa_s->conf, ssid);
wpa_s_setup_sae_pt(wpa_s->conf, ssid, false);
wpa_s->sme.ext_auth_wpa_ssid = ssid;
break;
}

8
wpa_supplicant/wpa_supplicant.c
View file

@ -2322,7 +2322,8 @@ int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
}
void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid)
void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid,
bool force)
{
#ifdef CONFIG_SAE
int *groups = conf->sae_groups;
@ -2339,6 +2340,7 @@ void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid)
if (!password ||
(conf->sae_pwe == SAE_PWE_HUNT_AND_PECK && !ssid->sae_password_id &&
!wpa_key_mgmt_sae_ext_key(ssid->key_mgmt) &&
!force &&
!sae_pk_valid_password(password)) ||
conf->sae_pwe == SAE_PWE_FORCE_HUNT_AND_PECK) {
/* PT derivation not needed */
@ -2451,7 +2453,7 @@ void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
#endif /* CONFIG_SAE */
}
#ifdef CONFIG_SAE
wpa_s_setup_sae_pt(wpa_s->conf, ssid);
wpa_s_setup_sae_pt(wpa_s->conf, ssid, false);
#endif /* CONFIG_SAE */
if (rand_style > WPAS_MAC_ADDR_STYLE_PERMANENT) {
@ -4722,7 +4724,7 @@ void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
wpa_s->last_owe_group = 0;
if (ssid) {
ssid->owe_transition_bss_select_count = 0;
wpa_s_setup_sae_pt(wpa_s->conf, ssid);
wpa_s_setup_sae_pt(wpa_s->conf, ssid, false);
}
if (wpa_s->connect_without_scan ||

3
wpa_supplicant/wpa_supplicant_i.h
View file

@ -1805,7 +1805,8 @@ static inline int wpas_mode_to_ieee80211_mode(enum wpas_mode mode)
int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid);
int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid);
int pmf_in_use(struct wpa_supplicant *wpa_s, const u8 *addr);
void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid);
void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid,
bool force);
bool wpas_is_sae_avoided(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid,