SAE-PK: Add support to skip sae_pk password check for testing purposes

Add support to skip sae_pk password check under compile flag CONFIG_TESTING_OPTIONS which allows AP to be configured with sae_pk enabled but a password that is invalid for sae_pk. Signed-off-by: Shaakir Mohamed <smohamed@codeaurora.org>
2020-09-08 14:08:38 -07:00 · 2020-09-08 14:08:38 -07:00 · 41f8189057
commit 41f8189057
parent a71b100c3b
3 changed files with 17 additions and 2 deletions
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@ -2245,7 +2245,11 @@ static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
 	}

 #ifdef CONFIG_SAE_PK
-	if (pw->pk && !sae_pk_valid_password(pw->password)) {
+	if (pw->pk &&
+#ifdef CONFIG_TESTING_OPTIONS
+	    !bss->sae_pk_password_check_skip &&
+#endif /* CONFIG_TESTING_OPTIONS */
+	    !sae_pk_valid_password(pw->password)) {
 		wpa_printf(MSG_INFO,
 			   "Invalid SAE password for a SAE-PK sae_password entry");
 		goto fail;
@ -4137,6 +4141,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
 		bss->sae_commit_status = atoi(pos);
 	} else if (os_strcmp(buf, "sae_pk_omit") == 0) {
 		bss->sae_pk_omit = atoi(pos);
+	} else if (os_strcmp(buf, "sae_pk_password_check_skip") == 0) {
+		bss->sae_pk_password_check_skip = atoi(pos);
 	} else if (os_strcmp(buf, "sae_commit_override") == 0) {
 		wpabuf_free(bss->sae_commit_override);
 		bss->sae_commit_override = wpabuf_parse_bin(pos);
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@ -1126,12 +1126,20 @@ static bool hostapd_sae_pk_password_without_pk(struct hostapd_bss_config *bss)
 	bool res = false;

 	if (bss->ssid.wpa_passphrase &&
+#ifdef CONFIG_TESTING_OPTIONS
+	    !bss->sae_pk_password_check_skip &&
+#endif /* CONFIG_TESTING_OPTIONS */
 	    sae_pk_valid_password(bss->ssid.wpa_passphrase))
 		res = true;

 	for (pw = bss->sae_passwords; pw; pw = pw->next) {
-		if (!pw->pk && sae_pk_valid_password(pw->password))
+		if (!pw->pk &&
+#ifdef CONFIG_TESTING_OPTIONS
+		    !bss->sae_pk_password_check_skip &&
+#endif /* CONFIG_TESTING_OPTIONS */
+		    sae_pk_valid_password(pw->password))
 			return true;
+
 		if (bss->ssid.wpa_passphrase && res && pw->pk &&
 		    os_strcmp(bss->ssid.wpa_passphrase, pw->password) == 0)
 			res = false;
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@ -671,6 +671,7 @@ struct hostapd_bss_config {
 	int sae_reflection_attack;
 	int sae_commit_status;
 	int sae_pk_omit;
+	int sae_pk_password_check_skip;
 	struct wpabuf *sae_commit_override;
 	struct wpabuf *rsne_override_eapol;
 	struct wpabuf *rsnxe_override_eapol;