aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2019-10-10 12:38:26 (GMT)
committerJouni Malinen <j@w1.fi>2019-10-10 12:38:26 (GMT)
commitf7fe0552249a0cb10904421b0b04d0604b49f1bf (patch)
tree228ce58a9676760d393ccaf38390cb8d20c94b59
parentd6a7de60c8d11b3325953bb808ce0ddfd67e232c (diff)
downloadhostap-f7fe0552249a0cb10904421b0b04d0604b49f1bf.zip
hostap-f7fe0552249a0cb10904421b0b04d0604b49f1bf.tar.gz
hostap-f7fe0552249a0cb10904421b0b04d0604b49f1bf.tar.bz2
SAE: Allow AP behavior for SAE Confirm to be configured
hostapd is by default waiting STA to send SAE Confirm before sending the SAE Confirm. This can now be configured with sae_confirm_immediate=1 resulting in hostapd sending out SAE Confirm immediately after sending SAE Commit. These are the two different message sequences: sae_confirm_immediate=0 STA->AP: SAE Commit AP->STA: SAE Commit STA->AP: SAE Confirm AP->STA: SAE Confirm STA->AP: Association Request AP->STA: Association Response sae_confirm_immediate=1 STA->AP: SAE Commit AP->STA: SAE Commit AP->STA: SAE Confirm STA->AP: SAE Confirm STA->AP: Association Request AP->STA: Association Response Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-rw-r--r--hostapd/config_file.c2
-rw-r--r--hostapd/hostapd.conf7
-rw-r--r--src/ap/ap_config.h1
-rw-r--r--src/ap/ieee802_11.c17
4 files changed, 20 insertions, 7 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index cce5d35..e6033e7 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -4182,6 +4182,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
}
} else if (os_strcmp(buf, "sae_require_mfp") == 0) {
bss->sae_require_mfp = atoi(pos);
+ } else if (os_strcmp(buf, "sae_confirm_immediate") == 0) {
+ bss->sae_confirm_immediate = atoi(pos);
} else if (os_strcmp(buf, "local_pwr_constraint") == 0) {
int val = atoi(pos);
if (val < 0 || val > 255) {
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 6f26578..326f967 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1743,6 +1743,13 @@ own_ip_addr=127.0.0.1
# MFP while SAE stations are required to negotiate MFP if sae_require_mfp=1.
#sae_require_mfp=0
+# SAE Confirm behavior
+# By default, AP will send out only SAE Commit message in response to a received
+# SAE Commit message. This parameter can be set to 1 to override that behavior
+# to send both SAE Commit and SAE Confirm messages without waiting for the STA
+# to send its SAE Confirm message first.
+#sae_confirm_immediate=0
+
# FILS Cache Identifier (16-bit value in hexdump format)
#fils_cache_id=0011
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 6b15a3e..346a7dd 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -649,6 +649,7 @@ struct hostapd_bss_config {
unsigned int sae_anti_clogging_threshold;
unsigned int sae_sync;
int sae_require_mfp;
+ int sae_confirm_immediate;
int *sae_groups;
struct sae_password_entry *sae_passwords;
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 2ef490b..0152cf5 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -787,14 +787,17 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
return WLAN_STATUS_UNSPECIFIED_FAILURE;
/*
- * In mesh case, both Commit and Confirm can be sent
- * immediately. In infrastructure BSS, only a single
- * Authentication frame (Commit) is expected from the AP
- * here and the second one (Confirm) will be sent once
- * the STA has sent its second Authentication frame
- * (Confirm).
+ * In mesh case, both Commit and Confirm are sent
+ * immediately. In infrastructure BSS, by default, only
+ * a single Authentication frame (Commit) is expected
+ * from the AP here and the second one (Confirm) will
+ * be sent once the STA has sent its second
+ * Authentication frame (Confirm). This behavior can be
+ * overridden with explicit configuration so that the
+ * infrastructure BSS case sends both frames together.
*/
- if (hapd->conf->mesh & MESH_ENABLED) {
+ if ((hapd->conf->mesh & MESH_ENABLED) ||
+ hapd->conf->sae_confirm_immediate) {
/*
* Send both Commit and Confirm immediately
* based on SAE finite state machine