[PATCH] fixup auth sae - confirm without commit

[Bob Copeland]

---
 src/ap/ieee802_11.c |   25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index ac99eff..d146c1f 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -325,7 +325,8 @@ static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid,
 #ifdef CONFIG_SAE
 
 static struct wpabuf * auth_process_sae_commit(struct hostapd_data *hapd,
-					       struct sta_info *sta)
+					       struct sta_info *sta,
+					       Boolean has_peer_commit)
 {
 	struct wpabuf *buf;
 
@@ -342,7 +343,7 @@ static struct wpabuf * auth_process_sae_commit(struct hostapd_data *hapd,
 		return NULL;
 	}
 
-	if (sae_process_commit(sta->sae) < 0) {
+	if (has_peer_commit && sae_process_commit(sta->sae) < 0) {
 		wpa_printf(MSG_DEBUG, "SAE: Failed to process peer commit");
 		return NULL;
 	}
@@ -496,7 +497,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
 			if (sta->sae->state == SAE_NOTHING ||
 			    sta->sae->state == SAE_CONFIRMED) {
 				/* (re)send commit to peer */
-				data = auth_process_sae_commit(hapd, sta);
+				data = auth_process_sae_commit(hapd, sta, TRUE);
 				if (data == NULL)
 					resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
 				sta->auth_alg = WLAN_AUTH_SAE;
@@ -523,14 +524,28 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
 			}
 		}
 	} else if (auth_transaction == 2) {
-		if (sta->sae->state == SAE_NOTHING ||
-		    sta->sae->state == SAE_COMMITTED) {
+		if (sta->sae->state == SAE_NOTHING) {
 			hostapd_logger(hapd, sta->addr,
 				       HOSTAPD_MODULE_IEEE80211,
 				       HOSTAPD_LEVEL_DEBUG,
 				       "SAE confirm before commit");
 			return;
 		}
+		if (sta->sae->state == SAE_COMMITTED) {
+			/*
+			 * We got a confirm without a commit, but this is
+			 * not fatal and can happen if commit was lost.
+			 * Resend commit to trigger peer to resend commit
+			 * and confirm.
+			 */
+			data = auth_process_sae_commit(hapd, sta, FALSE);
+			if (data == NULL)
+				resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+			else
+				auth_transaction = 1;
+			goto reply;
+		}
+
 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 			       HOSTAPD_LEVEL_DEBUG,
 			       "SAE authentication (RX confirm)");
-- 
1.7.10.4



-- 
Bob Copeland %% www.bobcopeland.com