SAE: Fix group selection

Number of regressions had shown up in wpa_supplicant implementation of
SAE group selection due to different integer array termination (-1 in
hostapd, 0 in wpa_supplicant) being used for SAE groups. The
default_groups list did not seem to use any explicit termination value.
In addition, the sae_group_index was not cleared back to 0 properly
whenever a new SAE session was started.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2013-11-02 18:07:49 +02:00
parent f5f59e4f57
commit 18ca733248
2 changed files with 10 additions and 6 deletions

View file

@ -678,7 +678,7 @@ static u16 sae_group_allowed(struct sae_data *sae, int *allowed_groups,
{ {
if (allowed_groups) { if (allowed_groups) {
int i; int i;
for (i = 0; allowed_groups[i] >= 0; i++) { for (i = 0; allowed_groups[i] > 0; i++) {
if (allowed_groups[i] == group) if (allowed_groups[i] == group)
break; break;
} }

View file

@ -46,7 +46,7 @@ static int index_within_array(const int *array, int idx)
{ {
int i; int i;
for (i = 0; i < idx; i++) { for (i = 0; i < idx; i++) {
if (array[i] == -1) if (array[i] <= 0)
return 0; return 0;
} }
return 1; return 1;
@ -56,9 +56,9 @@ static int index_within_array(const int *array, int idx)
static int sme_set_sae_group(struct wpa_supplicant *wpa_s) static int sme_set_sae_group(struct wpa_supplicant *wpa_s)
{ {
int *groups = wpa_s->conf->sae_groups; int *groups = wpa_s->conf->sae_groups;
int default_groups[] = { 19, 20, 21, 25, 26 }; int default_groups[] = { 19, 20, 21, 25, 26, 0 };
if (!groups) if (!groups || groups[0] <= 0)
groups = default_groups; groups = default_groups;
/* Configuration may have changed, so validate current index */ /* Configuration may have changed, so validate current index */
@ -438,6 +438,7 @@ void sme_authenticate(struct wpa_supplicant *wpa_s,
#ifdef CONFIG_SAE #ifdef CONFIG_SAE
wpa_s->sme.sae.state = SAE_NOTHING; wpa_s->sme.sae.state = SAE_NOTHING;
wpa_s->sme.sae.send_confirm = 0; wpa_s->sme.sae.send_confirm = 0;
wpa_s->sme.sae_group_index = 0;
#endif /* CONFIG_SAE */ #endif /* CONFIG_SAE */
sme_send_authentication(wpa_s, bss, ssid, 1); sme_send_authentication(wpa_s, bss, ssid, 1);
} }
@ -482,15 +483,18 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
return -1; return -1;
if (auth_transaction == 1) { if (auth_transaction == 1) {
int *groups = wpa_s->conf->sae_groups;
wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE commit"); wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE commit");
if (wpa_s->current_bss == NULL || if (wpa_s->current_bss == NULL ||
wpa_s->current_ssid == NULL) wpa_s->current_ssid == NULL)
return -1; return -1;
if (wpa_s->sme.sae.state != SAE_COMMITTED) if (wpa_s->sme.sae.state != SAE_COMMITTED)
return -1; return -1;
if (groups && groups[0] <= 0)
groups = NULL;
if (sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL, if (sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,
wpa_s->conf->sae_groups) != groups) != WLAN_STATUS_SUCCESS)
WLAN_STATUS_SUCCESS)
return -1; return -1;
if (sae_process_commit(&wpa_s->sme.sae) < 0) { if (sae_process_commit(&wpa_s->sme.sae) < 0) {