diff mbox

[PATCH/RFC,00/18] 802.11s mesh support

Message ID 20140815133836.GA3048@localhost
State Superseded
Headers show

Commit Message

Bob Copeland Aug. 15, 2014, 1:38 p.m. UTC 
On Mon, Jul 14, 2014 at 01:19:05AM -0400, Bob Copeland wrote:
> This patchset developed at Cozybit adds mesh support to wpa_supplicant,
> providing an alternative to the authsae daemon for running a secure
> 11s mesh network.  Unlike authsae, it also supports running open mesh
> with the peering manager in userspace.

I'll send along a v2 soon incorporating Masashi Honma's patches, along
with some other reworked bits here and there.

The following patch on top, thanks in part to Chun-Yeow Yeoh, fixes peering
when one side misses a commit message.

From 3948c663e3dfda2c4bf4f6fda8a16edf1a5780f9 Mon Sep 17 00:00:00 2001
From: Bob Copeland <me@bobcopeland.com>
Date: Thu, 14 Aug 2014 09:38:51 -0400
Subject: [PATCH] fixup auth sae - confirm without commit

---
 src/ap/ieee802_11.c |   25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)
diff mbox

Patch

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index ac99eff..d146c1f 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -325,7 +325,8 @@  static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid,
 #ifdef CONFIG_SAE
 
 static struct wpabuf * auth_process_sae_commit(struct hostapd_data *hapd,
-					       struct sta_info *sta)
+					       struct sta_info *sta,
+					       Boolean has_peer_commit)
 {
 	struct wpabuf *buf;
 
@@ -342,7 +343,7 @@  static struct wpabuf * auth_process_sae_commit(struct hostapd_data *hapd,
 		return NULL;
 	}
 
-	if (sae_process_commit(sta->sae) < 0) {
+	if (has_peer_commit && sae_process_commit(sta->sae) < 0) {
 		wpa_printf(MSG_DEBUG, "SAE: Failed to process peer commit");
 		return NULL;
 	}
@@ -496,7 +497,7 @@  static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
 			if (sta->sae->state == SAE_NOTHING ||
 			    sta->sae->state == SAE_CONFIRMED) {
 				/* (re)send commit to peer */
-				data = auth_process_sae_commit(hapd, sta);
+				data = auth_process_sae_commit(hapd, sta, TRUE);
 				if (data == NULL)
 					resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
 				sta->auth_alg = WLAN_AUTH_SAE;
@@ -523,14 +524,28 @@  static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
 			}
 		}
 	} else if (auth_transaction == 2) {
-		if (sta->sae->state == SAE_NOTHING ||
-		    sta->sae->state == SAE_COMMITTED) {
+		if (sta->sae->state == SAE_NOTHING) {
 			hostapd_logger(hapd, sta->addr,
 				       HOSTAPD_MODULE_IEEE80211,
 				       HOSTAPD_LEVEL_DEBUG,
 				       "SAE confirm before commit");
 			return;
 		}
+		if (sta->sae->state == SAE_COMMITTED) {
+			/*
+			 * We got a confirm without a commit, but this is
+			 * not fatal and can happen if commit was lost.
+			 * Resend commit to trigger peer to resend commit
+			 * and confirm.
+			 */
+			data = auth_process_sae_commit(hapd, sta, FALSE);
+			if (data == NULL)
+				resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+			else
+				auth_transaction = 1;
+			goto reply;
+		}
+
 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 			       HOSTAPD_LEVEL_DEBUG,
 			       "SAE authentication (RX confirm)");