From patchwork Sat Feb 19 20:25:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mario Hros X-Patchwork-Id: 1595096 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=pHWtWdvJ; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=reversity-org.20210112.gappssmtp.com header.i=@reversity-org.20210112.gappssmtp.com header.a=rsa-sha256 header.s=20210112 header.b=Ux02MCvr; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K1Kq53qpGz9sFk for ; Sun, 20 Feb 2022 07:26:57 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=XIYOLy3MkN1T2/UjLi8pI34Kkr7Dq0Y+aXOq22Yjlu4=; b=pHWtWdvJglZDuY OUY+aMyoTpgq2mP6OEHupnT/DORRBIjXdbpf961PLB7tarN68TZB2jSPkd+5mtdshtwxD3mPNNmEt gFOl8KZ32Do8WOVV9bOyYZEJLRBGH0Z+So5l0HyfQzSSlhTaiPKGDVeguEOzCYWQjvxik3UY2W/zk F1pHnPtS7/vW/ZBgDFET8Q62127DukY4q0ShrxHZCKOdgOnG1s7oNSN+6bJmz7T8CxiPlkkvN0ouV yQJSi8/BTn3Lmc8pQQvahbTpajukzPXpk31SoZNCWDF4c9UxW+4QKotJa4kithOXWP7P0tYDUBq0J I3eBrQUKvc6582TQ27Kw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nLWIu-00089Y-7v; Sat, 19 Feb 2022 20:26:04 +0000 Received: from mail-ed1-x52d.google.com ([2a00:1450:4864:20::52d]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nLWIq-00088y-Pa for hostap@lists.infradead.org; Sat, 19 Feb 2022 20:26:02 +0000 Received: by mail-ed1-x52d.google.com with SMTP id u18so21429005edt.6 for ; Sat, 19 Feb 2022 12:25:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=reversity-org.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=c314Cb6ungNR8+7yHejw/JTxLL37GcCgRkEXOfcJOkY=; b=Ux02MCvrduuT37aIUW/si9dz6EM8ibGqjcDR+jIJ+BEarsuEbw9opPgTsqAwPtn/SS 6EU3o4u5e0as8iklZIFfLQc7fY8RTdFYaRRU/kXlx69zyE594LIABr/OWqMV/gp7fY7A u/++57Ei5qMU01KlpGk2qqlLx9R9Y56sV2rvMrgMRMJb1zkLKZMSKBpt0qr4zVtkEK/o 9MjroEsMtvA26NxKXXumq0Rh1yB0m//SayU0/wOQoO3BF/E82MBrW18Y36hrvDKhwamK wHFCwx3q3RTuS9hQHJkIG81NpTPzcF+ivavCl4Fszax/h92KwDaksMN+ys+Q5ozMDNPD M0yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=c314Cb6ungNR8+7yHejw/JTxLL37GcCgRkEXOfcJOkY=; b=XvsdbI2fe/NEAUjP641WiSqQRizf11zxI07azp3qLs6FO+JXOB0i/061Wf0SOvoB65 eUJoWKevngjJnUd4Cgkpjxu0zAjarh78/urhv3ovLW4MNo3eKTMzZ6SOACXl343YLLF3 URmbW386nFpmi1xoLMxwOil0phO1wAJ5jNVvCRkjtb3jI2xI+OIZLO2fbnbqxzseBBhO ztUtIYHTlzRi8EegQvlm1Q6jMbiQVw9XjCbErsFxV3ZyYlIP913HDMnKy0k50++h0Mgh LQVmlPm8fwOdlTPjiZTDOBvkh8qWenPQc1LK0MbIedetVbpXtomsWVR3InIg7tL3NP99 0Kcw== X-Gm-Message-State: AOAM531RAGHBVTjEl8YbxQTy0vDBl/Ut8o+3PrfAgK9QDfPxmokFoRRE MgqncjcmRD3t+0P+kfu4UVWuitaEsJymPA== X-Google-Smtp-Source: ABdhPJyvkfFEG0BDcaFAVotnCSzCAOseaSfWMwCQSkd1APFBdNqqd+HVa+oHSjTgh5clmUK3/t9x3w== X-Received: by 2002:a50:c446:0:b0:40f:612b:e294 with SMTP id w6-20020a50c446000000b0040f612be294mr14135396edf.240.1645302358495; Sat, 19 Feb 2022 12:25:58 -0800 (PST) Received: from puma.l ([2a02:768:6208:8136:eca4:dd18:3709:2ab2]) by smtp.gmail.com with ESMTPSA id b6sm3592503ejl.77.2022.02.19.12.25.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Feb 2022 12:25:58 -0800 (PST) From: Mario Hros To: hostap@lists.infradead.org Cc: Mario Hros Subject: [PATCH v2] SAE: Add support for RADIUS passphrase Date: Sat, 19 Feb 2022 21:25:30 +0100 Message-Id: <20220219202530.3861654-1-git@reversity.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220213164052.1553427-1-git@reversity.org> References: <20220213164052.1553427-1-git@reversity.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220219_122600_910944_0FE9A454 X-CRM114-Status: GOOD ( 13.63 ) X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Allow the first Tunnel-Password RADIUS entry to be used for SAE in addition to the sae_password entries and wpa_passphrase parameters from the static configuration file. Signed-off-by: Mario Hros --- src/ap/ieee802_11.c | 10 ++++++++++ 1 file changed, 10 insertions(+) Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:52d listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Allow the first Tunnel-Password RADIUS entry to be used for SAE in addition to the sae_password entries and wpa_passphrase parameters from the static configuration file. Signed-off-by: Mario Hros --- src/ap/ieee802_11.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 6140a492c..bcefe57ed 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -498,6 +498,7 @@ static const char * sae_get_password(struct hostapd_data *hapd, struct sae_password_entry *pw; struct sae_pt *pt = NULL; const struct sae_pk *pk = NULL; + struct hostapd_sta_wpa_psk_short *psk = NULL; for (pw = hapd->conf->sae_passwords; pw; pw = pw->next) { if (!is_broadcast_ether_addr(pw->peer_addr) && @@ -519,6 +520,15 @@ static const char * sae_get_password(struct hostapd_data *hapd, pt = hapd->conf->ssid.pt; } + if (!password) { + for (psk = sta->psk; psk; psk = psk->next) { + if (psk->is_passphrase) { + password = psk->passphrase; + break; + } + } + } + if (pw_entry) *pw_entry = pw; if (s_pt)