From patchwork Sun Feb 13 16:26:07 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Mario Hros <git@reversity.org>
X-Patchwork-Id: 1594962
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: bilbo.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=pG2JjV9z;
	dkim=fail reason="key not found in DNS" header.d=reversity.org
 header.i=@reversity.org header.a=rsa-sha256 header.s=dkim header.b=dbNdqNup;
	dkim-atps=neutral
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
 (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
 envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
 receiver=<UNKNOWN>)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K13523lpPz9sFw
	for <incoming@patchwork.ozlabs.org>; Sat, 19 Feb 2022 20:23:02 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type:
	Content-Transfer-Encoding:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:Subject:From:To:MIME-Version:Date:Message-ID:
	Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=SFfa7p6O2iYZBg+Dz47mp68EAh0w8QIpdkvrOvCYY3s=; b=pG2JjV9zPsVJ4X
	0+UQMWteLuQikSSG5DinxM89eT4OEpRIj+L4CGFPHTa1jZZPsZ16yXIbt4xeETpZoI9N0pirIuZG8
	sxvaB5TTtysq5bdTKyds5gZ9O+Bmf4DVsETpZqDr+52E3P5VgX6GiISHROKVyiI9EqAOXiX4iuCV/
	hFfcx19FnDokUkjsevJcQopkjjrM9towDNZB1iZaxeX9qg1E5c6lifEJTrwdGWoHOnJGE4oJTzVcU
	FlMEcU1NAy9vbtzzawOqb7ccaKnhtoioMg8i1G738V2yYPx713YMd6S9TyedZaC9tkk16yqRTCk9D
	wY/OzVTznlG+rEqNISoQ==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1nLLwM-00GVrU-Kg; Sat, 19 Feb 2022 09:22:06 +0000
Received: from woticorp.com ([2a01:28:ca:69::2])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1nJHhV-00Bxj3-Bc
 for hostap@lists.infradead.org; Sun, 13 Feb 2022 16:26:15 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=reversity.org; s=dkim; h=Content-Transfer-Encoding:Content-Type:Subject:
 From:To:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=7X51nbwCLATr+gFYelZGwnnfASxkeEkGyUWnvDAmf1c=; b=dbNdqNup+KAcRyUZzxviW2K5fI
 j+hQc06508ZnY91QBoNex2aLm3jS0MAYcpjzioHxcwGTcI1sy3853EmqX73nVa+/v8eVVkMNCKgjn
 Lkx2uTxrJBEK6jsht6tgtCmgnG9qZTaxlYhDKCSh4W2ON9D5FY2tUef1E93mwnmagRzc=;
Received: from [2a02:768:6208:8136:c2ad:1ac1:a93f:7a80]
 by woticorp.com with esmtpsa  (TLS1.3) tls TLS_AES_128_GCM_SHA256
 (Exim 4.94.2) (envelope-from <git@reversity.org>) id 1nJHhP-0006eH-H3
 for hostap@lists.infradead.org; Sun, 13 Feb 2022 17:26:07 +0100
Message-ID: <6e90aa03-11a5-cce8-06cd-64656908107e@reversity.org>
Date: Sun, 13 Feb 2022 17:26:07 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.5.0
Content-Language: en-US
To: hostap@lists.infradead.org
From: Mario Hros <git@reversity.org>
Subject: [PATCH] SAE: Add support for RADIUS passphrase
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20220213_082613_570363_1FA71519 
X-CRM114-Status: GOOD (  10.78  )
X-Spam-Score: -2.1 (--)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Allow the first Tunneled-Password RADIUS entry to be used
 for SAE in addition to the sae_password entries and wpa_passphrase parameters
 from the static configuration file. Signed-off-by: Mario Hros
 <git@reversity.org>
 --- src/ap/ieee802_11.c | 10 ++++++++++ 1 file changed, 10 insertions(+)
 Content analysis details:   (-2.1 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,
 medium trust [2a01:28:ca:69:0:0:0:2 listed in] [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid
X-Mailman-Approved-At: Sat, 19 Feb 2022 01:22:04 -0800
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=subscribe>
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Allow the first Tunneled-Password RADIUS entry to be used
for SAE in addition to the sae_password entries
and wpa_passphrase parameters from the static configuration file.

Signed-off-by: Mario Hros <git@reversity.org>
---
src/ap/ieee802_11.c | 10 ++++++++++
1 file changed, 10 insertions(+)

                if (!is_broadcast_ether_addr(pw->peer_addr) &&
@@ -519,6 +520,15 @@ static const char * sae_get_password(struct 
hostapd_data *hapd,
                pt = hapd->conf->ssid.pt;
        }

+       if (!password) {
+               for (psk = sta->psk; psk; psk = psk->next) {
+                       if (psk->is_passphrase) {
+                               password = psk->passphrase;
+                               break;
+                       }
+               }
+       }
+
        if (pw_entry)
                *pw_entry = pw;
        if (s_pt)

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 6140a492c..bcefe57ed 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -498,6 +498,7 @@ static const char * sae_get_password(struct 
hostapd_data *hapd,
        struct sae_password_entry *pw;
        struct sae_pt *pt = NULL;
        const struct sae_pk *pk = NULL;
+       struct hostapd_sta_wpa_psk_short *psk = NULL;

        for (pw = hapd->conf->sae_passwords; pw; pw = pw->next) {