[PATCH v2 02/14] AP: Support PASN with SAE key derivation

Peer, Ilan ilan.peer at intel.com
Thu Jan 21 09:17:01 EST 2021 

Hi,

> -----Original Message-----
> From: Jouni Malinen <j at w1.fi>
> Sent: Thursday, January 21, 2021 16:01
> To: Peer, Ilan <ilan.peer at intel.com>
> Cc: hostap at lists.infradead.org
> Subject: Re: [PATCH v2 02/14] AP: Support PASN with SAE key derivation
> 
> On Wed, Dec 16, 2020 at 01:00:53PM +0200, Ilan Peer wrote:
> > diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
> 
> > +static const char *sae_get_password(struct hostapd_data *hapd,
> 
> > -	if (rx_id && hapd->conf->sae_pwe != 3)
> > -		use_pt = 1;
> > -	else if (status_code == WLAN_STATUS_SUCCESS)
> > -		use_pt = 0;
> > -	else if (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
> > -		 status_code == WLAN_STATUS_SAE_PK)
> > -		use_pt = 1;
> 
> > +static struct wpabuf *auth_build_sae_commit(struct hostapd_data
> > +*hapd,
> 
> > +	if (status_code == WLAN_STATUS_SUCCESS)
> > +		use_pt = 0;
> > +	else if (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT)
> > +		use_pt = 1;
> 
> What happened here to that rx_id && sae_pwe != 3 check and why? Isn't
> this breaking that case?
> 
> Similarly, this seems to be breaking SAE-PK due to that missing
> WLAN_STATUS_SAE_PK check.
> 

This is a mistake I made when preparing the patches for this submission. 
The implementation I have includes the support of the missing parts above.

> Undesired whitespace changes make this diff more difficult to read than
> necessary with the two functions getting mixed up. Anyway, it looks clear
> that the sae_get_password() here is based on an older snapshot of
> auth_build_sae_commit() implementation and instead of moving the current
> implementation to a helper function, this moves back in time for that moved
> segment and breaks newer items.
> 
> > +static int pasn_wd_handle_sae_commit(struct hostapd_data *hapd,
> > +	if (alg != WLAN_AUTH_SAE || seq != 1 || status !=
> > +WLAN_STATUS_SUCCESS) {
> 
> And just like for station side, this AP implementation seems to be unaware of
> SAE H2E, so same questions apply here.
> 

Same as my answer for the previous patch. The core implementation was done
prior to SAE H2E.

Let me know if you would like a fixed version of this patch, and I'll prepare it.

Regards,

Ilan.

More information about the Hostap mailing list