[PATCH 6/6] SAE: Make H2E work with multiple passwords

Peter Åstrand astrand at lysator.liu.se
Fri Jan 22 09:59:59 EST 2021


Need to derive pt for all sae_passwords, as well as
initially call auth_sae_send_commit with update=1.

Signed-off-by: Peter Astrand <peter.astrand at etteplan.com>
---
 src/ap/ieee802_11.c             |  2 +-
 wpa_supplicant/wpa_supplicant.c | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 4d9787e12..da6465df8 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1610,7 +1610,7 @@ int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta)
 	if (sta->sae->state != SAE_NOTHING)
 		return -1;
 
-	ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0, -1);
+	ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 1, -1);
 	if (ret)
 		return -1;
 
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index dd120a0b2..245312164 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2074,6 +2074,7 @@ int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
 static void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid)
 {
 #ifdef CONFIG_SAE
+	struct sae_password_entry *pw;
 	int *groups = conf->sae_groups;
 	int default_groups[] = { 19, 20, 21, 0 };
 	const char *password;
@@ -2124,6 +2125,16 @@ static void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid)
 	ssid->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len,
 				 (const u8 *) password, os_strlen(password),
 				 ssid->sae_password_id);
+
+	for (pw = conf->sae_passwords; pw; pw = pw->next) {
+		sae_deinit_pt(pw->pt);
+		pw->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len,
+				       (const u8 *) pw->password, os_strlen(pw->password),
+				       pw->identifier);
+		if (!pw->pt)
+			return;
+	}
+
 #endif /* CONFIG_SAE */
 }
 
-- 
2.17.1



Br,
Peter Åstrand


More information about the Hostap mailing list