SAE: Do not use the wpa_passphrase if SAE password identifier was used

Sharing of the WPA-PSK passphrase as the SAE password is only for the
case where no SAE password identifiers are used. Do not consider that on
an AP if a STA includes SAE password identifier in an SAE commit
message. This avoids confusing cases where SAE would be allowed to
continue with the AP and the STA using different password identifier
which is going to fail in the end.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 9dccdb3700b7c6c006e118dab9e5e61fcdd767a8..62b37de7c93bf625e3d54f1509ddeefaaeb7109d 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -577,12 +577,12 @@ const char * sae_get_password(struct hostapd_data *hapd,
                        pk = pw->pk;
                break;
        }
-       if (!password) {
+       if (!password && !rx_id) {
                password = hapd->conf->ssid.wpa_passphrase;
                pt = hapd->conf->ssid.pt;
        }
 
-       if (!password && sta) {
+       if (!password && sta && !rx_id) {
                for (psk = sta->psk; psk; psk = psk->next) {
                        if (psk->is_passphrase) {
                                password = psk->passphrase;