[PATCH v2 02/14] AP: Support PASN with SAE key derivation
Jouni Malinen
j at w1.fi
Thu Jan 21 09:01:16 EST 2021
On Wed, Dec 16, 2020 at 01:00:53PM +0200, Ilan Peer wrote:
> diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
> +static const char *sae_get_password(struct hostapd_data *hapd,
> - if (rx_id && hapd->conf->sae_pwe != 3)
> - use_pt = 1;
> - else if (status_code == WLAN_STATUS_SUCCESS)
> - use_pt = 0;
> - else if (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
> - status_code == WLAN_STATUS_SAE_PK)
> - use_pt = 1;
> +static struct wpabuf *auth_build_sae_commit(struct hostapd_data *hapd,
> + if (status_code == WLAN_STATUS_SUCCESS)
> + use_pt = 0;
> + else if (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT)
> + use_pt = 1;
What happened here to that rx_id && sae_pwe != 3 check and why? Isn't
this breaking that case?
Similarly, this seems to be breaking SAE-PK due to that missing
WLAN_STATUS_SAE_PK check.
Undesired whitespace changes make this diff more difficult to read than
necessary with the two functions getting mixed up. Anyway, it looks
clear that the sae_get_password() here is based on an older snapshot of
auth_build_sae_commit() implementation and instead of moving the current
implementation to a helper function, this moves back in time for that
moved segment and breaks newer items.
> +static int pasn_wd_handle_sae_commit(struct hostapd_data *hapd,
> + if (alg != WLAN_AUTH_SAE || seq != 1 || status != WLAN_STATUS_SUCCESS) {
And just like for station side, this AP implementation seems to be
unaware of SAE H2E, so same questions apply here.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list