jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

SAE H2E: Do not use sae_h2e param in AP mode if SAE is disabled

Browse source 
Previously, nonzero sae_h2e parameter values were used to perform SAE
H2E specific operations (deriving PT, adding RSNXE, adding H2E-only BSS
membership selector) in AP mode even if SAE was not enabled for the
network. This could result in unexpected behavior if sae_pwe=1 or
sae_pwe=2 were set in the configuration. Fix this by making the SAE
operations conditional on SAE being actually enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-11-29 00:07:57 +02:00 committed by Jouni Malinen
parent ee27567198
commit 9f50538e13
3 changed files with 11 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/ap/ap_config.c
View file

@ -441,7 +441,7 @@ int hostapd_setup_sae_pt(struct hostapd_bss_config *conf)
struct hostapd_ssid *ssid = &conf->ssid; struct hostapd_ssid *ssid = &conf->ssid;
struct sae_password_entry *pw; struct sae_password_entry *pw;
if (conf->sae_pwe == 0) if (conf->sae_pwe == 0 || !wpa_key_mgmt_sae(conf->wpa_key_mgmt))
return 0; /* PT not needed */ return 0; /* PT not needed */
sae_deinit_pt(ssid->pt); sae_deinit_pt(ssid->pt);

13
src/ap/ieee802_11.c
View file

@ -98,7 +98,8 @@ u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
num++; num++;
if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
num++; num++;
if (hapd->conf->sae_pwe == 1) if (hapd->conf->sae_pwe == 1 &&
wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt))
num++; num++;
if (num > 8) { if (num > 8) {
/* rest of the rates are encoded in Extended supported /* rest of the rates are encoded in Extended supported
@ -126,7 +127,9 @@ u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
} }
if (hapd->conf->sae_pwe == 1 && count < 8) { if (hapd->conf->sae_pwe == 1 &&
wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
count < 8) {
count++; count++;
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_SAE_H2E_ONLY; *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_SAE_H2E_ONLY;
} }
@ -148,7 +151,8 @@ u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid)
num++; num++;
if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
num++; num++;
if (hapd->conf->sae_pwe == 1) if (hapd->conf->sae_pwe == 1 &&
wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt))
num++; num++;
if (num <= 8) if (num <= 8)
return eid; return eid;
@ -179,7 +183,8 @@ u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid)
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
} }
if (hapd->conf->sae_pwe == 1) { if (hapd->conf->sae_pwe == 1 &&
wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt)) {
count++; count++;
if (count > 8) if (count > 8)
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_SAE_H2E_ONLY; *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_SAE_H2E_ONLY;

1
src/ap/ieee802_11_shared.c
View file

@ -1011,6 +1011,7 @@ u8 * hostapd_eid_rsnxe(struct hostapd_data *hapd, u8 *eid, size_t len)
u8 *pos = eid; u8 *pos = eid;
if (!(hapd->conf->wpa & WPA_PROTO_RSN) || if (!(hapd->conf->wpa & WPA_PROTO_RSN) ||
!wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) ||
(hapd->conf->sae_pwe != 1 && hapd->conf->sae_pwe != 2) || (hapd->conf->sae_pwe != 1 && hapd->conf->sae_pwe != 2) ||
len < 3) len < 3)
return pos; return pos;