SAE: Use correct SSID profile for SAE auth retries during external auth

author Veerendranath Jakkam <quic_vjakkam@quicinc.com>

Mon, 8 Aug 2022 11:33:38 +0000 (17:03 +0530)

committer Jouni Malinen <j@w1.fi>

Tue, 13 Sep 2022 02:53:05 +0000 (05:53 +0300)
author Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Mon, 8 Aug 2022 11:33:38 +0000 (17:03 +0530)
committer Jouni Malinen <j@w1.fi>
Tue, 13 Sep 2022 02:53:05 +0000 (05:53 +0300)
diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c

index 0c3f291d289629d8386451a63bb9e4371bc89c5a..8f3e10378503e114ca1867f55c0dc8a2e8f38831 100644 (file)
--- a/wpa_supplicant/notify.c
+++ b/wpa_supplicant/notify.c
@@ -386,6 +386,10 @@ void wpas_notify_network_removed(struct wpa_supplicant *wpa_s,
                 wpa_s->last_ssid = NULL;
         if (wpa_s->current_ssid == ssid)
                 wpa_s->current_ssid = NULL;
+#if defined(CONFIG_SME) && defined(CONFIG_SAE)
+       if (wpa_s->sme.ext_auth_wpa_ssid == ssid)
+               wpa_s->sme.ext_auth_wpa_ssid = NULL;
+#endif /* CONFIG_SME && CONFIG_SAE */
         if (wpa_s->wpa)
                 wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
         if (!ssid->p2p_group && wpa_s->global->p2p_group_formation != wpa_s &&
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c

index ecddb35764b9d32cbd304452f3e883d4365456f9..41b67f8ebd636d5d2d8b8e98f3d1172b86bd90a4 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -1113,6 +1113,7 @@ static void sme_send_external_auth_status(struct wpa_supplicant *wpa_s,
  {
         struct external_auth params;
  
+       wpa_s->sme.ext_auth_wpa_ssid = NULL;
         os_memset(&params, 0, sizeof(params));
         params.status = status;
         params.ssid = wpa_s->sme.ext_auth_ssid;
@@ -1131,6 +1132,7 @@ static int sme_handle_external_auth_start(struct wpa_supplicant *wpa_s,
         size_t ssid_str_len = data->external_auth.ssid_len;
         const u8 *ssid_str = data->external_auth.ssid;
  
+       wpa_s->sme.ext_auth_wpa_ssid = NULL;
         /* Get the SSID conf from the ssid string obtained */
         for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
                 if (!wpas_network_disabled(wpa_s, ssid) &&
@@ -1139,6 +1141,7 @@ static int sme_handle_external_auth_start(struct wpa_supplicant *wpa_s,
                     wpa_key_mgmt_sae(ssid->key_mgmt)) {
                         /* Make sure PT is derived */
                         wpa_s_setup_sae_pt(wpa_s->conf, ssid);
+                       wpa_s->sme.ext_auth_wpa_ssid = ssid;
                         break;
                 }
         }
@@ -1267,7 +1270,8 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
         if (auth_transaction == 1 &&
             status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
             wpa_s->sme.sae.state == SAE_COMMITTED &&
-           (external || wpa_s->current_bss) && wpa_s->current_ssid) {
+           ((external && wpa_s->sme.ext_auth_wpa_ssid) ||
+            (!external && wpa_s->current_bss && wpa_s->current_ssid))) {
                 int default_groups[] = { 19, 20, 21, 0 };
                 u16 group;
                 const u8 *token_pos;
@@ -1329,14 +1333,15 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
                 else
                         sme_external_auth_send_sae_commit(
                                 wpa_s, wpa_s->sme.ext_auth_bssid,
-                               wpa_s->current_ssid);
+                               wpa_s->sme.ext_auth_wpa_ssid);
                 return 0;
         }
  
         if (auth_transaction == 1 &&
             status_code == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
             wpa_s->sme.sae.state == SAE_COMMITTED &&
-           (external || wpa_s->current_bss) && wpa_s->current_ssid) {
+           ((external && wpa_s->sme.ext_auth_wpa_ssid) ||
+            (!external && wpa_s->current_bss && wpa_s->current_ssid))) {
                 wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE group not supported");
                 int_array_add_unique(&wpa_s->sme.sae_rejected_groups,
                                      wpa_s->sme.sae.group);
@@ -1350,7 +1355,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
                 else
                         sme_external_auth_send_sae_commit(
                                 wpa_s, wpa_s->sme.ext_auth_bssid,
-                               wpa_s->current_ssid);
+                               wpa_s->sme.ext_auth_wpa_ssid);
                 return 0;
         }
  
@@ -1382,8 +1387,9 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
                 groups = wpa_s->conf->sae_groups;
  
                 wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE commit");
-               if ((!external && wpa_s->current_bss == NULL) ||
-                   wpa_s->current_ssid == NULL)
+               if ((external && !wpa_s->sme.ext_auth_wpa_ssid) ||
+                   (!external &&
+                    (!wpa_s->current_bss || !wpa_s->current_ssid)))
                         return -1;
                 if (wpa_s->sme.sae.state != SAE_COMMITTED) {
                         wpa_printf(MSG_DEBUG,
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h

index f027bd64be6f0a18ec5240e816d59986c9fa4646..84a22a296964c336fc37d0b5bc015021c8d11bb9 100644 (file)
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -1022,6 +1022,7 @@ struct wpa_supplicant {
                 unsigned int sae_pmksa_caching:1;
                 u16 seq_num;
                 u8 ext_auth_bssid[ETH_ALEN];
+               struct wpa_ssid *ext_auth_wpa_ssid;
                 u8 ext_auth_ssid[SSID_MAX_LEN];
                 size_t ext_auth_ssid_len;
                 int *sae_rejected_groups;
author	Veerendranath Jakkam <quic_vjakkam@quicinc.com>
	Mon, 8 Aug 2022 11:33:38 +0000 (17:03 +0530)
committer	Jouni Malinen <j@w1.fi>
	Tue, 13 Sep 2022 02:53:05 +0000 (05:53 +0300)
wpa_supplicant/notify.c		patch \| blob \| blame \| history
wpa_supplicant/sme.c		patch \| blob \| blame \| history
wpa_supplicant/wpa_supplicant_i.h		patch \| blob \| blame \| history