SAE: Advertise Password Identifier use

Support the new Extended Capabilities field bits 81 and 82 to indicate
whether SAe Password Identifiers are in use.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 95a34763ba933bfbce4ed9dc9c72369fc0115e6f..0cb302b31817c4836ddd93f6f3e0ac9d8fc85a6f 100644 (file)
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -1168,3 +1168,26 @@ void hostapd_set_security_params(struct hostapd_bss_config *bss,
                }
        }
 }
+
+
+int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf)
+{
+       int with_id = 0, without_id = 0;
+       struct sae_password_entry *pw;
+
+       if (conf->ssid.wpa_passphrase)
+               without_id = 1;
+
+       for (pw = conf->sae_passwords; pw; pw = pw->next) {
+               if (pw->identifier)
+                       with_id = 1;
+               else
+                       without_id = 1;
+               if (with_id && without_id)
+                       break;
+       }
+
+       if (with_id && !without_id)
+               return 2;
+       return with_id;
+}

diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 990d0d1b536a00ed85d414b2f0eee277b6641c9b..16a4d06b3b1dc089ef442a44b02548b47ab77098 100644 (file)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -880,5 +880,6 @@ hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type);
 int hostapd_config_check(struct hostapd_config *conf, int full_config);
 void hostapd_set_security_params(struct hostapd_bss_config *bss,
                                 int full_config);
+int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf);
 
 #endif /* HOSTAPD_CONFIG_H */

diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c
index 82bc086a7dfb229f5e8a8355654463ac1d9e3af0..d70d6c1b5f6f62f8d69a8707cbb048b55d0add38 100644 (file)
--- a/src/ap/ieee802_11_shared.c
+++ b/src/ap/ieee802_11_shared.c
@@ -372,6 +372,21 @@ static void hostapd_ext_capab_byte(struct hostapd_data *hapd, u8 *pos, int idx)
                        *pos |= 0x01;
 #endif /* CONFIG_FILS */
                break;
+       case 10: /* Bits 80-87 */
+#ifdef CONFIG_SAE
+               if (hapd->conf->wpa &&
+                   wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt)) {
+                       int in_use = hostapd_sae_pw_id_in_use(hapd->conf);
+
+                       if (in_use)
+                               *pos |= 0x02; /* Bit 81 - SAE Password
+                                              * Identifiers In Use */
+                       if (in_use == 2)
+                               *pos |= 0x04; /* Bit 82 - SAE Password
+                                              * Identifiers Used Exclusively */
+               }
+#endif /* CONFIG_SAE */
+               break;
        }
 }
 
@@ -411,6 +426,12 @@ u8 * hostapd_eid_ext_capab(struct hostapd_data *hapd, u8 *eid)
             !wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt)) && len < 10)
                len = 10;
 #endif /* CONFIG_FILS */
+#ifdef CONFIG_SAE
+       if (len < 11 && hapd->conf->wpa &&
+           wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
+           hostapd_sae_pw_id_in_use(hapd->conf))
+               len = 11;
+#endif /* CONFIG_SAE */
        if (len < hapd->iface->extended_capa_len)
                len = hapd->iface->extended_capa_len;
        if (len == 0)