| Message ID | 775d39b6-c57d-41f-db82-7f11c27b5376@lysator.liu.se |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [1/6] mesh: Set BSS sae_pwe from config | expand |
On Fri, Jan 22, 2021 at 03:59:59PM +0100, Peter Åstrand wrote: > Need to derive pt for all sae_passwords, as well as > initially call auth_sae_send_commit with update=1. Similar comments here.. What kind of testing did you do with this set of patches? When I tried using SAE Password Identifier with the mac80211 implementation not supporting RSNXE inclusion in Beacon/Probe Response frames. Has that been implemented now? In addition to the change on where the SAE passwords would be stored, I'd like to see this functionality working with mac80211_hwsim before I'd consider applying it. In other words, new test cases to tests/hwsim/test_wpas_mesh.py would be highly appreciated. For now, I'm dropping the patches since it does not seem very useful to apply the first two before the password configuration location has been resolved.
On Sat, 6 Feb 2021, Jouni Malinen wrote: > On Fri, Jan 22, 2021 at 03:59:59PM +0100, Peter Åstrand wrote: > > Need to derive pt for all sae_passwords, as well as > > initially call auth_sae_send_commit with update=1. > > Similar comments here.. > > What kind of testing did you do with this set of patches? When I tried > using SAE Password Identifier with the mac80211 implementation not > supporting RSNXE inclusion in Beacon/Probe Response frames. Has that > been implemented now? Thanks for all feedback. I have tested Mesh connections between an iMX6 system as well as multiple BeagleBone Green Wireless systems. All running Linux 5.4.24, and with WiFi chip TI WL1835. No kernel patches except the TI WiLink patches (port to 5.4 per https://github.com/astrand/wilink8-wlan-build-utilites/commits/r8.8). Communication has been monitored using Wireshark, so I have confirmed that H2E is really used. Don't know anything about RSNXE, unfortunately. > In addition to the change on where the SAE passwords would be stored, > I'd like to see this functionality working with mac80211_hwsim before > I'd consider applying it. In other words, new test cases to > tests/hwsim/test_wpas_mesh.py would be highly appreciated. For now, I'm > dropping the patches since it does not seem very useful to apply the > first two before the password configuration location has been resolved. Makes sense! It might take some time, but I'll make a try. Best regards, Peter
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 4d9787e12..da6465df8 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -1610,7 +1610,7 @@ int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta) if (sta->sae->state != SAE_NOTHING) return -1; - ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0, -1); + ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 1, -1); if (ret) return -1; diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index dd120a0b2..245312164 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -2074,6 +2074,7 @@ int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s) static void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid) { #ifdef CONFIG_SAE + struct sae_password_entry *pw; int *groups = conf->sae_groups; int default_groups[] = { 19, 20, 21, 0 }; const char *password; @@ -2124,6 +2125,16 @@ static void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid) ssid->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len, (const u8 *) password, os_strlen(password), ssid->sae_password_id); + + for (pw = conf->sae_passwords; pw; pw = pw->next) { + sae_deinit_pt(pw->pt); + pw->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len, + (const u8 *) pw->password, os_strlen(pw->password), + pw->identifier); + if (!pw->pt) + return; + } + #endif /* CONFIG_SAE */ }
Need to derive pt for all sae_passwords, as well as initially call auth_sae_send_commit with update=1. Signed-off-by: Peter Astrand <peter.astrand@etteplan.com> --- src/ap/ieee802_11.c | 2 +- wpa_supplicant/wpa_supplicant.c | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-)