aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2020-06-07 13:49:07 (GMT)
committerJouni Malinen <j@w1.fi>2020-06-07 13:49:07 (GMT)
commit5f48d36b4a107984314dc60953f213febe2ecd69 (patch)
tree42a143829c57eb75dc8a50b2c8d9f79a1fdb666a
parentd654ca24de7752f00a2007a0abbe195787e833b9 (diff)
downloadhostap-5f48d36b4a107984314dc60953f213febe2ecd69.zip
hostap-5f48d36b4a107984314dc60953f213febe2ecd69.tar.gz
hostap-5f48d36b4a107984314dc60953f213febe2ecd69.tar.bz2
SAE-PK: Select SAE-PK network over SAE without PK
If there is an acceptable BSS with SAE-PK enabled in the same ESS, select that over a BSS that does not enable SAE-PK when the network profile uses automatic SAE-PK selection. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-rw-r--r--wpa_supplicant/events.c59
1 files changed, 59 insertions, 0 deletions
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index cbe1296..86eef1b 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -1086,6 +1086,51 @@ static int disabled_freq(struct wpa_supplicant *wpa_s, int freq)
static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
const u8 *match_ssid, size_t match_ssid_len,
struct wpa_bss *bss, struct wpa_blacklist *e,
+ bool debug_print);
+
+
+#ifdef CONFIG_SAE_PK
+static bool sae_pk_acceptable_bss_with_pk(struct wpa_supplicant *wpa_s,
+ struct wpa_bss *orig_bss,
+ struct wpa_ssid *ssid,
+ const u8 *match_ssid,
+ size_t match_ssid_len)
+{
+ struct wpa_bss *bss;
+
+ dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
+ struct wpa_blacklist *e;
+ const u8 *ie;
+ u8 rsnxe_capa = 0;
+
+ if (bss == orig_bss)
+ continue;
+ ie = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
+ if (ie && ie[1] >= 1)
+ rsnxe_capa = ie[2];
+ if (!(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK)))
+ continue;
+
+ /* TODO: Could be more thorough in checking what kind of
+ * signal strength or throughput estimate would be acceptable
+ * compared to the originally selected BSS. */
+ if (bss->est_throughput < 2000)
+ return false;
+
+ e = wpa_blacklist_get(wpa_s, bss->bssid);
+ if (wpa_scan_res_ok(wpa_s, ssid, match_ssid, match_ssid_len,
+ bss, e, 0))
+ return true;
+ }
+
+ return false;
+}
+#endif /* CONFIG_SAE_PK */
+
+
+static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
+ const u8 *match_ssid, size_t match_ssid_len,
+ struct wpa_bss *bss, struct wpa_blacklist *e,
bool debug_print)
{
int res;
@@ -1392,6 +1437,20 @@ skip_assoc_disallow:
}
#endif /* CONFIG_DPP */
+#ifdef CONFIG_SAE_PK
+ if (ssid->sae_pk == SAE_PK_MODE_AUTOMATIC &&
+ wpa_key_mgmt_sae(ssid->key_mgmt) &&
+ ssid->sae_password && sae_pk_valid_password(ssid->sae_password) &&
+ !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK)) &&
+ sae_pk_acceptable_bss_with_pk(wpa_s, bss, ssid, match_ssid,
+ match_ssid_len)) {
+ if (debug_print)
+ wpa_dbg(wpa_s, MSG_DEBUG,
+ " skip - another acceptable BSS with SAE-PK in the same ESS");
+ return false;
+ }
+#endif /* CONFIG_SAE_PK */
+
/* Matching configuration found */
return true;
}