SAE-PK: Add support to skip sae_pk password check for testing purposes

author Shaakir Mohamed <smohamed@codeaurora.org>

Tue, 8 Sep 2020 21:08:38 +0000 (14:08 -0700)

committer Jouni Malinen <j@w1.fi>

Fri, 11 Sep 2020 12:45:42 +0000 (15:45 +0300)
author Shaakir Mohamed <smohamed@codeaurora.org>
Tue, 8 Sep 2020 21:08:38 +0000 (14:08 -0700)
committer Jouni Malinen <j@w1.fi>
Fri, 11 Sep 2020 12:45:42 +0000 (15:45 +0300)
diff --git a/hostapd/config_file.c b/hostapd/config_file.c

index 1861b5203f0f81c5caa5ad9d4552d006476b5e82..542c8cd0df5cf1ce12ce09b61296950edf948250 100644 (file)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2245,7 +2245,11 @@ static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
         }
  
  #ifdef CONFIG_SAE_PK
-       if (pw->pk && !sae_pk_valid_password(pw->password)) {
+       if (pw->pk &&
+#ifdef CONFIG_TESTING_OPTIONS
+           !bss->sae_pk_password_check_skip &&
+#endif /* CONFIG_TESTING_OPTIONS */
+           !sae_pk_valid_password(pw->password)) {
                 wpa_printf(MSG_INFO,
                            "Invalid SAE password for a SAE-PK sae_password entry");
                 goto fail;
@@ -4137,6 +4141,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
                 bss->sae_commit_status = atoi(pos);
         } else if (os_strcmp(buf, "sae_pk_omit") == 0) {
                 bss->sae_pk_omit = atoi(pos);
+       } else if (os_strcmp(buf, "sae_pk_password_check_skip") == 0) {
+               bss->sae_pk_password_check_skip = atoi(pos);
         } else if (os_strcmp(buf, "sae_commit_override") == 0) {
                 wpabuf_free(bss->sae_commit_override);
                 bss->sae_commit_override = wpabuf_parse_bin(pos);
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c

index 769f7fab6d55b5c146b3ce63320d7dd73dc4cc94..04535a16398bcd53fed3c05876cd8c984f14ab01 100644 (file)
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -1126,12 +1126,20 @@ static bool hostapd_sae_pk_password_without_pk(struct hostapd_bss_config *bss)
         bool res = false;
  
         if (bss->ssid.wpa_passphrase &&
+#ifdef CONFIG_TESTING_OPTIONS
+           !bss->sae_pk_password_check_skip &&
+#endif /* CONFIG_TESTING_OPTIONS */
             sae_pk_valid_password(bss->ssid.wpa_passphrase))
                 res = true;
  
         for (pw = bss->sae_passwords; pw; pw = pw->next) {
-               if (!pw->pk && sae_pk_valid_password(pw->password))
+               if (!pw->pk &&
+#ifdef CONFIG_TESTING_OPTIONS
+                   !bss->sae_pk_password_check_skip &&
+#endif /* CONFIG_TESTING_OPTIONS */
+                   sae_pk_valid_password(pw->password))
                         return true;
+
                 if (bss->ssid.wpa_passphrase && res && pw->pk &&
                     os_strcmp(bss->ssid.wpa_passphrase, pw->password) == 0)
                         res = false;
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h

index b705c378fe28ce6180d2856083877e1c3dfd1d22..bada04c3efaad0bd23f8501f4f3f6591fc092bbf 100644 (file)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -671,6 +671,7 @@ struct hostapd_bss_config {
         int sae_reflection_attack;
         int sae_commit_status;
         int sae_pk_omit;
+       int sae_pk_password_check_skip;
         struct wpabuf *sae_commit_override;
         struct wpabuf *rsne_override_eapol;
         struct wpabuf *rsnxe_override_eapol;
author	Shaakir Mohamed <smohamed@codeaurora.org>
	Tue, 8 Sep 2020 21:08:38 +0000 (14:08 -0700)
committer	Jouni Malinen <j@w1.fi>
	Fri, 11 Sep 2020 12:45:42 +0000 (15:45 +0300)
hostapd/config_file.c		patch \| blob \| blame \| history
src/ap/ap_config.c		patch \| blob \| blame \| history
src/ap/ap_config.h		patch \| blob \| blame \| history