return NULL;
}
- ret = sae_prepare_commit_pt(&pasn->sae, pasn->ssid->pt,
+ ret = sae_prepare_commit_pt(&pasn->sae, pasn->pt,
pasn->own_addr, pasn->bssid,
NULL, NULL);
if (ret) {
}
-static int wpas_pasn_sae_setup_pt(struct wpa_ssid *ssid, int group)
+static struct sae_pt *
+wpas_pasn_sae_derive_pt(struct wpa_ssid *ssid, int group)
{
const char *password = ssid->sae_password;
int groups[2] = { group, 0 };
password = ssid->passphrase;
if (!password) {
+ wpa_printf(MSG_DEBUG, "PASN: SAE without a password");
+ return NULL;
+ }
+
+ return sae_derive_pt(groups, ssid->ssid, ssid->ssid_len,
+ (const u8 *) password, os_strlen(password),
+ ssid->sae_password_id);
+}
+
+
+static int wpas_pasn_sae_setup_pt(struct wpa_ssid *ssid, int group)
+{
+ if (!ssid->sae_password && !ssid->passphrase) {
wpa_printf(MSG_DEBUG, "PASN: SAE without a password");
return -1;
}
if (ssid->pt)
return 0; /* PT already derived */
- ssid->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len,
- (const u8 *) password, os_strlen(password),
- ssid->sae_password_id);
+ ssid->pt = wpas_pasn_sae_derive_pt(ssid, group);
return ssid->pt ? 0 : -1;
}
}
-static void wpas_pasn_initiate_eapol(struct wpas_pasn *pasn)
+static void wpas_pasn_initiate_eapol(struct wpas_pasn *pasn,
+ struct wpa_ssid *ssid)
{
struct eapol_config eapol_conf;
- struct wpa_ssid *ssid = pasn->ssid;
wpa_printf(MSG_DEBUG, "PASN: FILS: Initiating EAPOL");
if (pasn->fils.completed)
return NULL;
- if (!pasn->ssid) {
- wpa_printf(MSG_DEBUG, "PASN: FILS: No network block");
- return NULL;
- }
-
if (!pasn->fils_eapol) {
wpa_printf(MSG_DEBUG,
"PASN: FILS: Missing Indication IE or PFS");
return NULL;
}
- wpas_pasn_initiate_eapol(pasn);
-
return wpas_pasn_fils_build_auth(pasn);
}
#ifdef CONFIG_SAE
sae_clear_data(&pasn->sae);
+ if (pasn->pt) {
+ sae_deinit_pt(pasn->pt);
+ pasn->pt = NULL;
+ }
#endif /* CONFIG_SAE */
#ifdef CONFIG_FILS
#ifdef CONFIG_TESTING_OPTIONS
pasn->corrupt_mic = 0;
#endif /* CONFIG_TESTING_OPTIONS */
+ pasn->network_id = 0;
}
const u8 *bssid, int akmp, int cipher, u16 group,
int freq, const u8 *beacon_rsne, u8 beacon_rsne_len,
const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
- struct wpa_ssid *ssid, struct wpabuf *comeback)
+ struct wpabuf *comeback)
{
struct wpabuf *frame;
int ret;
break;
#ifdef CONFIG_SAE
case WPA_KEY_MGMT_SAE:
- if (!ssid) {
- wpa_printf(MSG_DEBUG,
- "PASN: No network profile found for SAE");
- return -1;
- }
if (!ieee802_11_rsnx_capab(beacon_rsnxe,
WLAN_RSNX_CAPAB_SAE_H2E)) {
return -1;
}
- if (wpas_pasn_sae_setup_pt(ssid, group) < 0) {
- wpa_printf(MSG_DEBUG,
- "PASN: Failed to derive PT");
- return -1;
- }
-
pasn->sae.state = SAE_NOTHING;
pasn->sae.send_confirm = 0;
- pasn->ssid = ssid;
break;
#endif /* CONFIG_SAE */
#ifdef CONFIG_FILS
case WPA_KEY_MGMT_FILS_SHA256:
case WPA_KEY_MGMT_FILS_SHA384:
- pasn->ssid = ssid;
break;
#endif /* CONFIG_FILS */
#ifdef CONFIG_IEEE80211R
struct wpa_supplicant *wpa_s = work->wpa_s;
struct wpa_pasn_auth_work *awork = work->ctx;
struct wpas_pasn *pasn = &wpa_s->pasn;
- struct wpa_ssid *ssid = NULL;
+ struct wpa_ssid *ssid;
struct wpa_bss *bss;
const u8 *rsne, *rsnxe;
const u8 *indic;
capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
pasn->rsnxe_capab = capab;
+ ssid = wpa_config_get_network(wpa_s->conf, awork->network_id);
+
+#ifdef CONFIG_SAE
+ if (awork->akmp == WPA_KEY_MGMT_SAE) {
+ if (!ssid) {
+ wpa_printf(MSG_DEBUG,
+ "PASN: No network profile found for SAE");
+ goto fail;
+ }
+ pasn->pt = wpas_pasn_sae_derive_pt(ssid, awork->group);
+ if (!pasn->pt) {
+ wpa_printf(MSG_DEBUG, "PASN: Failed to derive PT");
+ goto fail;
+ }
+ pasn->network_id = ssid->id;
+ }
+#endif /* CONFIG_SAE */
+
#ifdef CONFIG_FILS
/* Prepare needed information for wpas_pasn_wd_fils_auth(). */
if (awork->akmp == WPA_KEY_MGMT_FILS_SHA256 ||
awork->akmp == WPA_KEY_MGMT_FILS_SHA384) {
indic = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION);
- if (!indic || indic[1] < 2) {
+ if (!ssid) {
+ wpa_printf(MSG_DEBUG, "PASN: FILS: No network block");
+ } else if (!indic || indic[1] < 2) {
wpa_printf(MSG_DEBUG,
"PASN: Missing FILS Indication IE");
} else {
fils_info = WPA_GET_LE16(indic + 2);
- if ((fils_info & BIT(9))) {
+ if ((fils_info & BIT(9)) && ssid) {
pasn->eapol = wpa_s->eapol;
+ pasn->network_id = ssid->id;
+ wpas_pasn_initiate_eapol(pasn, ssid);
pasn->fils_eapol = true;
} else {
wpa_printf(MSG_DEBUG,
#endif /* CONFIG_IEEE80211R */
}
- ssid = wpa_config_get_network(wpa_s->conf, awork->network_id);
ret = wpas_pasn_start(pasn, awork->own_addr, awork->bssid, awork->akmp,
awork->cipher, awork->group, bss->freq,
rsne, *(rsne + 1) + 2,
rsnxe, rsnxe ? *(rsnxe + 1) + 2 : 0,
- ssid, awork->comeback);
+ awork->comeback);
if (ret) {
wpa_printf(MSG_DEBUG,
"PASN: Failed to start PASN authentication");
u16 group = pasn->group;
u8 own_addr[ETH_ALEN];
u8 bssid[ETH_ALEN];
- int network_id = pasn->ssid ? pasn->ssid->id : 0;
wpa_printf(MSG_DEBUG, "PASN: Immediate retry");
os_memcpy(own_addr, pasn->own_addr, ETH_ALEN);
wpas_pasn_reset(wpa_s);
return wpas_pasn_auth_start(wpa_s, own_addr, bssid, akmp, cipher, group,
- network_id,
+ pasn->network_id,
params->comeback, params->comeback_len);
}
projects / thirdparty / hostap.git / commitdiff
