On Mon, Jul 14, 2014 at 01:19:05AM -0400, Bob Copeland wrote: > This patchset developed at Cozybit adds mesh support to wpa_supplicant, > providing an alternative to the authsae daemon for running a secure > 11s mesh network. Unlike authsae, it also supports running open mesh > with the peering manager in userspace.
I'll send along a v2 soon incorporating Masashi Honma's patches, along with some other reworked bits here and there. The following patch on top, thanks in part to Chun-Yeow Yeoh, fixes peering when one side misses a commit message. From 3948c663e3dfda2c4bf4f6fda8a16edf1a5780f9 Mon Sep 17 00:00:00 2001 From: Bob Copeland <[email protected]> Date: Thu, 14 Aug 2014 09:38:51 -0400 Subject: [PATCH] fixup auth sae - confirm without commit --- src/ap/ieee802_11.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index ac99eff..d146c1f 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -325,7 +325,8 @@ static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid, #ifdef CONFIG_SAE static struct wpabuf * auth_process_sae_commit(struct hostapd_data *hapd, - struct sta_info *sta) + struct sta_info *sta, + Boolean has_peer_commit) { struct wpabuf *buf; @@ -342,7 +343,7 @@ static struct wpabuf * auth_process_sae_commit(struct hostapd_data *hapd, return NULL; } - if (sae_process_commit(sta->sae) < 0) { + if (has_peer_commit && sae_process_commit(sta->sae) < 0) { wpa_printf(MSG_DEBUG, "SAE: Failed to process peer commit"); return NULL; } @@ -496,7 +497,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, if (sta->sae->state == SAE_NOTHING || sta->sae->state == SAE_CONFIRMED) { /* (re)send commit to peer */ - data = auth_process_sae_commit(hapd, sta); + data = auth_process_sae_commit(hapd, sta, TRUE); if (data == NULL) resp = WLAN_STATUS_UNSPECIFIED_FAILURE; sta->auth_alg = WLAN_AUTH_SAE; @@ -523,14 +524,28 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, } } } else if (auth_transaction == 2) { - if (sta->sae->state == SAE_NOTHING || - sta->sae->state == SAE_COMMITTED) { + if (sta->sae->state == SAE_NOTHING) { hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_DEBUG, "SAE confirm before commit"); return; } + if (sta->sae->state == SAE_COMMITTED) { + /* + * We got a confirm without a commit, but this is + * not fatal and can happen if commit was lost. + * Resend commit to trigger peer to resend commit + * and confirm. + */ + data = auth_process_sae_commit(hapd, sta, FALSE); + if (data == NULL) + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + else + auth_transaction = 1; + goto reply; + } + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_DEBUG, "SAE authentication (RX confirm)"); -- 1.7.10.4 -- Bob Copeland %% www.bobcopeland.com _______________________________________________ Devel mailing list [email protected] http://lists.open80211s.org/cgi-bin/mailman/listinfo/devel
