From d0a4ed6a1b1550897e4cde028e85be4a76ef180d Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 19 Sep 2019 21:25:52 +0300 Subject: [PATCH] Allow SAE to be used in wpa_supplicant AP mode SAE password configuration for AP mode requires additional steps compared to PSK cases. Previous implementation allowed SAE to be configured, but all authentication attempts would fail due to no password being available. Now both psk and sae_password/sae_password_id parameters are translated properly to the hostapd configuration structures to fix this. Signed-off-by: Jouni Malinen --- wpa_supplicant/ap.c | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c index dff1cbea3..725e09679 100644 --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c @@ -381,7 +381,9 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s, else bss->wpa_key_mgmt = ssid->key_mgmt; bss->wpa_pairwise = ssid->pairwise_cipher; - if (ssid->psk_set) { + if (wpa_key_mgmt_sae(bss->wpa_key_mgmt) && ssid->passphrase) { + bss->ssid.wpa_passphrase = os_strdup(ssid->passphrase); + } else if (ssid->psk_set) { bin_clear_free(bss->ssid.wpa_psk, sizeof(*bss->ssid.wpa_psk)); bss->ssid.wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk)); if (bss->ssid.wpa_psk == NULL) @@ -407,6 +409,32 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s, wep->idx = ssid->wep_tx_keyidx; wep->keys_set = 1; } +#ifdef CONFIG_SAE + if (ssid->sae_password) { + struct sae_password_entry *pw; + + pw = os_zalloc(sizeof(*pw)); + if (!pw) + return -1; + os_memset(pw->peer_addr, 0xff, ETH_ALEN); + pw->password = os_strdup(ssid->sae_password); + if (!pw->password) { + os_free(pw); + return -1; + } + if (ssid->sae_password_id) { + pw->identifier = os_strdup(ssid->sae_password_id); + if (!pw->identifier) { + str_clear_free(pw->password); + os_free(pw); + return -1; + } + } + + pw->next = bss->sae_passwords; + bss->sae_passwords = pw; + } +#endif /* CONFIG_SAE */ if (wpa_s->conf->go_interworking) { wpa_printf(MSG_DEBUG,