aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/sme.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2013-01-01 14:23:47 (GMT)
committerJouni Malinen <j@w1.fi>2013-01-12 15:51:53 (GMT)
commit625f202a74b4515e45fee9f824c899f6c1b85bfb (patch)
tree41af4c6700e2307016f10e3b46a20cd928f93e4d /wpa_supplicant/sme.c
parente056f93e60d02368455a2c1b80b13c59b9ab0c59 (diff)
downloadhostap-625f202a74b4515e45fee9f824c899f6c1b85bfb.zip
hostap-625f202a74b4515e45fee9f824c899f6c1b85bfb.tar.gz
hostap-625f202a74b4515e45fee9f824c899f6c1b85bfb.tar.bz2
SAE: Allow enabled groups to be configured
hostapd.conf sae_groups parameter can now be used to limit the set of groups that the AP allows for SAE. Similarly, sae_groups parameter is wpa_supplicant.conf can be used to set the preferred order of groups. By default, all implemented groups are enabled. Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wpa_supplicant/sme.c')
-rw-r--r--wpa_supplicant/sme.c60
1 files changed, 58 insertions, 2 deletions
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 112c80f..6fbb9e1 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -42,6 +42,45 @@ static void sme_stop_sa_query(struct wpa_supplicant *wpa_s);
#ifdef CONFIG_SAE
+static int index_within_array(const int *array, int idx)
+{
+ int i;
+ for (i = 0; i < idx; i++) {
+ if (array[i] == -1)
+ return 0;
+ }
+ return 1;
+}
+
+
+static int sme_set_sae_group(struct wpa_supplicant *wpa_s)
+{
+ int *groups = wpa_s->conf->sae_groups;
+ int default_groups[] = { 19, 20, 21, 25, 26 };
+
+ if (!groups)
+ groups = default_groups;
+
+ /* Configuration may have changed, so validate current index */
+ if (!index_within_array(groups, wpa_s->sme.sae_group_index))
+ return -1;
+
+ for (;;) {
+ int group = groups[wpa_s->sme.sae_group_index];
+ if (group < 0)
+ break;
+ if (sae_set_group(&wpa_s->sme.sae, group) == 0) {
+ wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected SAE group %d",
+ wpa_s->sme.sae.group);
+ return 0;
+ }
+ wpa_s->sme.sae_group_index++;
+ }
+
+ return -1;
+}
+
+
static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid,
const u8 *bssid)
@@ -54,8 +93,10 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
return NULL;
}
- if (sae_set_group(&wpa_s->sme.sae, 19) < 0)
+ if (sme_set_sae_group(wpa_s) < 0) {
+ wpa_printf(MSG_DEBUG, "SAE: Failed to select group");
return NULL;
+ }
if (sae_prepare_commit(wpa_s->own_addr, bssid,
(u8 *) ssid->passphrase,
@@ -424,6 +465,20 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
return 0;
}
+ if (auth_transaction == 1 &&
+ status_code == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
+ wpa_s->sme.sae.state == SAE_COMMITTED &&
+ wpa_s->current_bss && wpa_s->current_ssid) {
+ wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE group not supported");
+ wpa_s->sme.sae_group_index++;
+ if (sme_set_sae_group(wpa_s) < 0)
+ return -1; /* no other groups enabled */
+ wpa_dbg(wpa_s, MSG_DEBUG, "SME: Try next enabled SAE group");
+ sme_send_authentication(wpa_s, wpa_s->current_bss,
+ wpa_s->current_ssid, 1);
+ return 0;
+ }
+
if (status_code != WLAN_STATUS_SUCCESS)
return -1;
@@ -434,7 +489,8 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
return -1;
if (wpa_s->sme.sae.state != SAE_COMMITTED)
return -1;
- if (sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL) !=
+ if (sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,
+ wpa_s->conf->sae_groups) !=
WLAN_STATUS_SUCCESS)
return -1;