SAE: Use correct SSID profile for SAE auth retries during external auth
Previously, wpa_supplicant was using the current SSID for building the SAE authentication commit frame for retries during external authentication. But the external authentication SSID can be different from the current SSID. Fix this by using the correct SSID profile. Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
This commit is contained in:
Veerendranath Jakkam
Jouni Malinen
parent
096feac194
commit
d1a7626ff9
3 changed files with 17 additions and 6 deletions
|
|
@ -386,6 +386,10 @@ void wpas_notify_network_removed(struct wpa_supplicant *wpa_s,
|
|||
wpa_s->last_ssid = NULL;
|
||||
if (wpa_s->current_ssid == ssid)
|
||||
wpa_s->current_ssid = NULL;
|
||||
#if defined(CONFIG_SME) && defined(CONFIG_SAE)
|
||||
if (wpa_s->sme.ext_auth_wpa_ssid == ssid)
|
||||
wpa_s->sme.ext_auth_wpa_ssid = NULL;
|
||||
#endif /* CONFIG_SME && CONFIG_SAE */
|
||||
if (wpa_s->wpa)
|
||||
wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
|
||||
if (!ssid->p2p_group && wpa_s->global->p2p_group_formation != wpa_s &&
|
||||
|
|
|
|||
|
|
@ -1113,6 +1113,7 @@ static void sme_send_external_auth_status(struct wpa_supplicant *wpa_s,
|
|||
{
|
||||
struct external_auth params;
|
||||
|
||||
wpa_s->sme.ext_auth_wpa_ssid = NULL;
|
||||
os_memset(¶ms, 0, sizeof(params));
|
||||
params.status = status;
|
||||
params.ssid = wpa_s->sme.ext_auth_ssid;
|
||||
|
|
@ -1131,6 +1132,7 @@ static int sme_handle_external_auth_start(struct wpa_supplicant *wpa_s,
|
|||
size_t ssid_str_len = data->external_auth.ssid_len;
|
||||
const u8 *ssid_str = data->external_auth.ssid;
|
||||
|
||||
wpa_s->sme.ext_auth_wpa_ssid = NULL;
|
||||
/* Get the SSID conf from the ssid string obtained */
|
||||
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
|
||||
if (!wpas_network_disabled(wpa_s, ssid) &&
|
||||
|
|
@ -1139,6 +1141,7 @@ static int sme_handle_external_auth_start(struct wpa_supplicant *wpa_s,
|
|||
wpa_key_mgmt_sae(ssid->key_mgmt)) {
|
||||
/* Make sure PT is derived */
|
||||
wpa_s_setup_sae_pt(wpa_s->conf, ssid);
|
||||
wpa_s->sme.ext_auth_wpa_ssid = ssid;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
@ -1267,7 +1270,8 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
|
|||
if (auth_transaction == 1 &&
|
||||
status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
|
||||
wpa_s->sme.sae.state == SAE_COMMITTED &&
|
||||
(external || wpa_s->current_bss) && wpa_s->current_ssid) {
|
||||
((external && wpa_s->sme.ext_auth_wpa_ssid) ||
|
||||
(!external && wpa_s->current_bss && wpa_s->current_ssid))) {
|
||||
int default_groups[] = { 19, 20, 21, 0 };
|
||||
u16 group;
|
||||
const u8 *token_pos;
|
||||
|
|
@ -1329,14 +1333,15 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
|
|||
else
|
||||
sme_external_auth_send_sae_commit(
|
||||
wpa_s, wpa_s->sme.ext_auth_bssid,
|
||||
wpa_s->current_ssid);
|
||||
wpa_s->sme.ext_auth_wpa_ssid);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (auth_transaction == 1 &&
|
||||
status_code == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
|
||||
wpa_s->sme.sae.state == SAE_COMMITTED &&
|
||||
(external || wpa_s->current_bss) && wpa_s->current_ssid) {
|
||||
((external && wpa_s->sme.ext_auth_wpa_ssid) ||
|
||||
(!external && wpa_s->current_bss && wpa_s->current_ssid))) {
|
||||
wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE group not supported");
|
||||
int_array_add_unique(&wpa_s->sme.sae_rejected_groups,
|
||||
wpa_s->sme.sae.group);
|
||||
|
|
@ -1350,7 +1355,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
|
|||
else
|
||||
sme_external_auth_send_sae_commit(
|
||||
wpa_s, wpa_s->sme.ext_auth_bssid,
|
||||
wpa_s->current_ssid);
|
||||
wpa_s->sme.ext_auth_wpa_ssid);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -1382,8 +1387,9 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
|
|||
groups = wpa_s->conf->sae_groups;
|
||||
|
||||
wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE commit");
|
||||
if ((!external && wpa_s->current_bss == NULL) ||
|
||||
wpa_s->current_ssid == NULL)
|
||||
if ((external && !wpa_s->sme.ext_auth_wpa_ssid) ||
|
||||
(!external &&
|
||||
(!wpa_s->current_bss || !wpa_s->current_ssid)))
|
||||
return -1;
|
||||
if (wpa_s->sme.sae.state != SAE_COMMITTED) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
|
|
|
|||
|
|
@ -1022,6 +1022,7 @@ struct wpa_supplicant {
|
|||
unsigned int sae_pmksa_caching:1;
|
||||
u16 seq_num;
|
||||
u8 ext_auth_bssid[ETH_ALEN];
|
||||
struct wpa_ssid *ext_auth_wpa_ssid;
|
||||
u8 ext_auth_ssid[SSID_MAX_LEN];
|
||||
size_t ext_auth_ssid_len;
|
||||
int *sae_rejected_groups;
|
||||
|
|
|
|||
Loading…
Reference in a new issue