[PATCH 2/6] Move parse_sae_password to ap_config, to allow use from wpa_supplicant

Peter Åstrand astrand at lysator.liu.se
Fri Jan 22 09:57:54 EST 2021


Signed-off-by: Peter Astrand <peter.astrand at etteplan.com>
---
 hostapd/config_file.c | 115 +++---------------------------------------
 src/ap/ap_config.c    | 109 +++++++++++++++++++++++++++++++++++++++
 src/ap/ap_config.h    |   3 ++
 3 files changed, 119 insertions(+), 108 deletions(-)

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index b3dc8f81a..3554ede97 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2165,113 +2165,6 @@ static int add_airtime_weight(struct hostapd_bss_config *bss, char *value)
 #endif /* CONFIG_AIRTIME_POLICY */
 
 
-#ifdef CONFIG_SAE
-static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
-{
-	struct sae_password_entry *pw;
-	const char *pos = val, *pos2, *end = NULL;
-
-	pw = os_zalloc(sizeof(*pw));
-	if (!pw)
-		return -1;
-	os_memset(pw->peer_addr, 0xff, ETH_ALEN); /* default to wildcard */
-
-	pos2 = os_strstr(pos, "|mac=");
-	if (pos2) {
-		end = pos2;
-		pos2 += 5;
-		if (hwaddr_aton(pos2, pw->peer_addr) < 0)
-			goto fail;
-		pos = pos2 + ETH_ALEN * 3 - 1;
-	}
-
-	pos2 = os_strstr(pos, "|vlanid=");
-	if (pos2) {
-		if (!end)
-			end = pos2;
-		pos2 += 8;
-		pw->vlan_id = atoi(pos2);
-	}
-
-#ifdef CONFIG_SAE_PK
-	pos2 = os_strstr(pos, "|pk=");
-	if (pos2) {
-		const char *epos;
-		char *tmp;
-
-		if (!end)
-			end = pos2;
-		pos2 += 4;
-		epos = os_strchr(pos2, '|');
-		if (epos) {
-			tmp = os_malloc(epos - pos2 + 1);
-			if (!tmp)
-				goto fail;
-			os_memcpy(tmp, pos2, epos - pos2);
-			tmp[epos - pos2] = '\0';
-		} else {
-			tmp = os_strdup(pos2);
-			if (!tmp)
-				goto fail;
-		}
-
-		pw->pk = sae_parse_pk(tmp);
-		str_clear_free(tmp);
-		if (!pw->pk)
-			goto fail;
-	}
-#endif /* CONFIG_SAE_PK */
-
-	pos2 = os_strstr(pos, "|id=");
-	if (pos2) {
-		if (!end)
-			end = pos2;
-		pos2 += 4;
-		pw->identifier = os_strdup(pos2);
-		if (!pw->identifier)
-			goto fail;
-	}
-
-	if (!end) {
-		pw->password = os_strdup(val);
-		if (!pw->password)
-			goto fail;
-	} else {
-		pw->password = os_malloc(end - val + 1);
-		if (!pw->password)
-			goto fail;
-		os_memcpy(pw->password, val, end - val);
-		pw->password[end - val] = '\0';
-	}
-
-#ifdef CONFIG_SAE_PK
-	if (pw->pk &&
-#ifdef CONFIG_TESTING_OPTIONS
-	    !bss->sae_pk_password_check_skip &&
-#endif /* CONFIG_TESTING_OPTIONS */
-	    !sae_pk_valid_password(pw->password)) {
-		wpa_printf(MSG_INFO,
-			   "Invalid SAE password for a SAE-PK sae_password entry");
-		goto fail;
-	}
-#endif /* CONFIG_SAE_PK */
-
-	pw->next = bss->sae_passwords;
-	bss->sae_passwords = pw;
-
-	return 0;
-fail:
-	str_clear_free(pw->password);
-	os_free(pw->identifier);
-#ifdef CONFIG_SAE_PK
-	sae_deinit_pk(pw->pk);
-#endif /* CONFIG_SAE_PK */
-	os_free(pw);
-	return -1;
-}
-#endif /* CONFIG_SAE */
-
-
 #ifdef CONFIG_DPP2
 static int hostapd_dpp_controller_parse(struct hostapd_bss_config *bss,
 					const char *pos)
@@ -4187,7 +4080,13 @@ static int hostapd_config_fill(struct hostapd_config *conf,
 #endif /* CONFIG_TESTING_OPTIONS */
 #ifdef CONFIG_SAE
 	} else if (os_strcmp(buf, "sae_password") == 0) {
-		if (parse_sae_password(bss, pos) < 0) {
+		if (hostapd_parse_sae_password(&bss->sae_passwords,
+#ifdef CONFIG_TESTING_OPTIONS
+					       bss->sae_pk_password_check_skip,
+#else
+					       false,
+#endif
+					       pos) < 0) {
 			wpa_printf(MSG_ERROR, "Line %d: Invalid sae_password",
 				   line);
 			return 1;
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index f82468ac8..25be4ed21 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -702,6 +702,115 @@ static void hostapd_config_free_fils_realms(struct hostapd_bss_config *conf)
 }
 
 
+#ifdef CONFIG_SAE
+int hostapd_parse_sae_password(struct sae_password_entry **sae_passwords,
+			       bool sae_pk_password_check_skip,
+			       const char *val)
+{
+	struct sae_password_entry *pw;
+	const char *pos = val, *pos2, *end = NULL;
+
+	pw = os_zalloc(sizeof(*pw));
+	if (!pw)
+		return -1;
+	os_memset(pw->peer_addr, 0xff, ETH_ALEN); /* default to wildcard */
+
+	pos2 = os_strstr(pos, "|mac=");
+	if (pos2) {
+		end = pos2;
+		pos2 += 5;
+		if (hwaddr_aton(pos2, pw->peer_addr) < 0)
+			goto fail;
+		pos = pos2 + ETH_ALEN * 3 - 1;
+	}
+
+	pos2 = os_strstr(pos, "|vlanid=");
+	if (pos2) {
+		if (!end)
+			end = pos2;
+		pos2 += 8;
+		pw->vlan_id = atoi(pos2);
+	}
+
+#ifdef CONFIG_SAE_PK
+	pos2 = os_strstr(pos, "|pk=");
+	if (pos2) {
+		const char *epos;
+		char *tmp;
+
+		if (!end)
+			end = pos2;
+		pos2 += 4;
+		epos = os_strchr(pos2, '|');
+		if (epos) {
+			tmp = os_malloc(epos - pos2 + 1);
+			if (!tmp)
+				goto fail;
+			os_memcpy(tmp, pos2, epos - pos2);
+			tmp[epos - pos2] = '\0';
+		} else {
+			tmp = os_strdup(pos2);
+			if (!tmp)
+				goto fail;
+		}
+
+		pw->pk = sae_parse_pk(tmp);
+		str_clear_free(tmp);
+		if (!pw->pk)
+			goto fail;
+	}
+#endif /* CONFIG_SAE_PK */
+
+	pos2 = os_strstr(pos, "|id=");
+	if (pos2) {
+		if (!end)
+			end = pos2;
+		pos2 += 4;
+		pw->identifier = os_strdup(pos2);
+		if (!pw->identifier)
+			goto fail;
+	}
+
+	if (!end) {
+		pw->password = os_strdup(val);
+		if (!pw->password)
+			goto fail;
+	} else {
+		pw->password = os_malloc(end - val + 1);
+		if (!pw->password)
+			goto fail;
+		os_memcpy(pw->password, val, end - val);
+		pw->password[end - val] = '\0';
+	}
+
+#ifdef CONFIG_SAE_PK
+	if (pw->pk &&
+#ifdef CONFIG_TESTING_OPTIONS
+	    sae_pk_password_check_skip &&
+#endif /* CONFIG_TESTING_OPTIONS */
+	    !sae_pk_valid_password(pw->password)) {
+		wpa_printf(MSG_INFO,
+			   "Invalid SAE password for a SAE-PK sae_password entry");
+		goto fail;
+	}
+#endif /* CONFIG_SAE_PK */
+
+	pw->next = *sae_passwords;
+	*sae_passwords = pw;
+
+	return 0;
+fail:
+	str_clear_free(pw->password);
+	os_free(pw->identifier);
+#ifdef CONFIG_SAE_PK
+	sae_deinit_pk(pw->pk);
+#endif /* CONFIG_SAE_PK */
+	os_free(pw);
+	return -1;
+}
+#endif /* CONFIG_SAE */
+
+
 static void hostapd_config_free_sae_passwords(struct hostapd_bss_config *conf)
 {
 	struct sae_password_entry *pw, *tmp;
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index f7a344e0e..9b447f5df 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -1147,5 +1147,8 @@ int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf);
 bool hostapd_sae_pk_in_use(struct hostapd_bss_config *conf);
 bool hostapd_sae_pk_exclusively(struct hostapd_bss_config *conf);
 int hostapd_setup_sae_pt(struct hostapd_bss_config *conf);
+int hostapd_parse_sae_password(struct sae_password_entry **sae_passwords,
+			       bool sae_pk_password_check_skip,
+			       const char *val);
 
 #endif /* HOSTAPD_CONFIG_H */
-- 
2.17.1



Br,
Peter Åstrand


More information about the Hostap mailing list