SAE: Allow authentication restart on AP

In the infrastructure BSS case, the AP needs to clear pending SAE state
if a new Commit message is received when already in Committed state.
This allows the non-AP STA to negotiate a new group if it ends up trying
to go through SAE authentication again before the AP side has removed
the previous STA entry.

This fixes an issue where a kernel update changed something in SAE
timing or authentication sequence and started failing the
sae_bignum_failure hwsim test case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2018-06-20 13:04:31 +03:00 committed by Jouni Malinen
parent b1e1187744
commit 3a8dd390c9

View File

@ -953,6 +953,20 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
if (status_code != WLAN_STATUS_SUCCESS)
goto remove_sta;
if (!(hapd->conf->mesh & MESH_ENABLED) &&
sta->sae->state == SAE_COMMITTED) {
/* This is needed in the infrastructure BSS case to
* address a sequence where a STA entry may remain in
* hostapd across two attempts to do SAE authentication
* by the same STA. The second attempt may end up trying
* to use a different group and that would not be
* allowed if we remain in Committed state with the
* previously set parameters. */
sae_set_state(sta, SAE_NOTHING,
"Clear existing state to allow restart");
sae_clear_data(sta->sae);
}
resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
((const u8 *) mgmt) + len -
mgmt->u.auth.variable, &token,