SAE: Fix group selection

Number of regressions had shown up in wpa_supplicant implementation of
SAE group selection due to different integer array termination (-1 in
hostapd, 0 in wpa_supplicant) being used for SAE groups. The
default_groups list did not seem to use any explicit termination value.
In addition, the sae_group_index was not cleared back to 0 properly
whenever a new SAE session was started.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/src/common/sae.c b/src/common/sae.c
index bce60a3774bd8c6af382bfffc130f4213e1738f6..4e9e4610e8abdda768da78fd6791d0b001607a54 100644 (file)
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -678,7 +678,7 @@ static u16 sae_group_allowed(struct sae_data *sae, int *allowed_groups,
 {
        if (allowed_groups) {
                int i;
-               for (i = 0; allowed_groups[i] >= 0; i++) {
+               for (i = 0; allowed_groups[i] > 0; i++) {
                        if (allowed_groups[i] == group)
                                break;
                }

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 925d1320858977d563df3041d1ccc5b2f225ca08..87c14ae3e2fd1b01ca6d0e070dc0105adebee8a4 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -46,7 +46,7 @@ static int index_within_array(const int *array, int idx)
 {
        int i;
        for (i = 0; i < idx; i++) {
-               if (array[i] == -1)
+               if (array[i] <= 0)
                        return 0;
        }
        return 1;
@@ -56,9 +56,9 @@ static int index_within_array(const int *array, int idx)
 static int sme_set_sae_group(struct wpa_supplicant *wpa_s)
 {
        int *groups = wpa_s->conf->sae_groups;
-       int default_groups[] = { 19, 20, 21, 25, 26 };
+       int default_groups[] = { 19, 20, 21, 25, 26, 0 };
 
-       if (!groups)
+       if (!groups || groups[0] <= 0)
                groups = default_groups;
 
        /* Configuration may have changed, so validate current index */
@@ -438,6 +438,7 @@ void sme_authenticate(struct wpa_supplicant *wpa_s,
 #ifdef CONFIG_SAE
        wpa_s->sme.sae.state = SAE_NOTHING;
        wpa_s->sme.sae.send_confirm = 0;
+       wpa_s->sme.sae_group_index = 0;
 #endif /* CONFIG_SAE */
        sme_send_authentication(wpa_s, bss, ssid, 1);
 }
@@ -482,15 +483,18 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
                return -1;
 
        if (auth_transaction == 1) {
+               int *groups = wpa_s->conf->sae_groups;
+
                wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE commit");
                if (wpa_s->current_bss == NULL ||
                    wpa_s->current_ssid == NULL)
                        return -1;
                if (wpa_s->sme.sae.state != SAE_COMMITTED)
                        return -1;
+               if (groups && groups[0] <= 0)
+                       groups = NULL;
                if (sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,
-                                    wpa_s->conf->sae_groups) !=
-                   WLAN_STATUS_SUCCESS)
+                                    groups) != WLAN_STATUS_SUCCESS)
                        return -1;
 
                if (sae_process_commit(&wpa_s->sme.sae) < 0) {