From 43b20b4370a82a3274794bea6eee7c1218142881 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 6 Sep 2019 15:51:37 +0300 Subject: [PATCH] SAE: Derive H2E PT in AP when starting the AP Signed-off-by: Jouni Malinen --- hostapd/ctrl_iface.c | 5 +++++ src/ap/ap_config.c | 47 ++++++++++++++++++++++++++++++++++++++++++++ src/ap/ap_config.h | 3 +++ 3 files changed, 55 insertions(+) diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c index 8d9d1a3be..2c44d1e4e 100644 --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c @@ -1424,6 +1424,11 @@ static int hostapd_ctrl_iface_set(struct hostapd_data *hapd, char *cmd) if (ieee802_11_update_beacons(hapd->iface)) wpa_printf(MSG_DEBUG, "Failed to update beacons with WMM parameters"); + } else if (os_strcmp(cmd, "wpa_passphrase") == 0 || + os_strcmp(cmd, "sae_password") == 0 || + os_strcmp(cmd, "sae_pwe") == 0) { + if (hapd->started) + hostapd_setup_sae_pt(hapd->conf); } } diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index 6704ade4e..58fc3e988 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -16,6 +16,7 @@ #include "common/ieee802_1x_defs.h" #include "common/eapol_common.h" #include "common/dhcp.h" +#include "common/sae.h" #include "eap_common/eap_wsc_common.h" #include "eap_server/eap.h" #include "wpa_auth.h" @@ -434,10 +435,50 @@ static int hostapd_derive_psk(struct hostapd_ssid *ssid) } +int hostapd_setup_sae_pt(struct hostapd_bss_config *conf) +{ +#ifdef CONFIG_SAE + struct hostapd_ssid *ssid = &conf->ssid; + struct sae_password_entry *pw; + + if (conf->sae_pwe == 0) + return 0; /* PT not needed */ + + sae_deinit_pt(ssid->pt); + ssid->pt = NULL; + if (ssid->wpa_passphrase) { + ssid->pt = sae_derive_pt(conf->sae_groups, ssid->ssid, + ssid->ssid_len, + (const u8 *) ssid->wpa_passphrase, + os_strlen(ssid->wpa_passphrase), + NULL); + if (!ssid->pt) + return -1; + } + + for (pw = conf->sae_passwords; pw; pw = pw->next) { + sae_deinit_pt(pw->pt); + pw->pt = sae_derive_pt(conf->sae_groups, ssid->ssid, + ssid->ssid_len, + (const u8 *) pw->password, + os_strlen(pw->password), + pw->identifier); + if (!pw->pt) + return -1; + } +#endif /* CONFIG_SAE */ + + return 0; +} + + int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf) { struct hostapd_ssid *ssid = &conf->ssid; + if (hostapd_setup_sae_pt(conf) < 0) + return -1; + if (ssid->wpa_passphrase != NULL) { if (ssid->wpa_psk != NULL) { wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK " @@ -643,6 +684,9 @@ static void hostapd_config_free_sae_passwords(struct hostapd_bss_config *conf) pw = pw->next; str_clear_free(tmp->password); os_free(tmp->identifier); +#ifdef CONFIG_SAE + sae_deinit_pt(tmp->pt); +#endif /* CONFIG_SAE */ os_free(tmp); } } @@ -679,6 +723,9 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf) #ifdef CONFIG_FULL_DYNAMIC_VLAN os_free(conf->ssid.vlan_tagged_interface); #endif /* CONFIG_FULL_DYNAMIC_VLAN */ +#ifdef CONFIG_SAE + sae_deinit_pt(conf->ssid.pt); +#endif /* CONFIG_SAE */ hostapd_config_free_eap_users(conf->eap_user); os_free(conf->eap_user_sqlite); diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 2d09d0614..0aa8e0d68 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -99,6 +99,7 @@ struct hostapd_ssid { struct hostapd_wpa_psk *wpa_psk; char *wpa_passphrase; char *wpa_psk_file; + struct sae_pt *pt; struct hostapd_wep_keys wep; @@ -251,6 +252,7 @@ struct sae_password_entry { char *identifier; u8 peer_addr[ETH_ALEN]; int vlan_id; + struct sae_pt *pt; }; struct dpp_controller_conf { @@ -1104,5 +1106,6 @@ int hostapd_config_check(struct hostapd_config *conf, int full_config); void hostapd_set_security_params(struct hostapd_bss_config *bss, int full_config); int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf); +int hostapd_setup_sae_pt(struct hostapd_bss_config *conf); #endif /* HOSTAPD_CONFIG_H */