mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
SAE-PK: Add support to skip sae_pk password check for testing purposes
Add support to skip sae_pk password check under compile flag CONFIG_TESTING_OPTIONS which allows AP to be configured with sae_pk enabled but a password that is invalid for sae_pk. Signed-off-by: Shaakir Mohamed <smohamed@codeaurora.org>
This commit is contained in:
parent
a71b100c3b
commit
41f8189057
@ -2245,7 +2245,11 @@ static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
|
||||
}
|
||||
|
||||
#ifdef CONFIG_SAE_PK
|
||||
if (pw->pk && !sae_pk_valid_password(pw->password)) {
|
||||
if (pw->pk &&
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
!bss->sae_pk_password_check_skip &&
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
!sae_pk_valid_password(pw->password)) {
|
||||
wpa_printf(MSG_INFO,
|
||||
"Invalid SAE password for a SAE-PK sae_password entry");
|
||||
goto fail;
|
||||
@ -4137,6 +4141,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
|
||||
bss->sae_commit_status = atoi(pos);
|
||||
} else if (os_strcmp(buf, "sae_pk_omit") == 0) {
|
||||
bss->sae_pk_omit = atoi(pos);
|
||||
} else if (os_strcmp(buf, "sae_pk_password_check_skip") == 0) {
|
||||
bss->sae_pk_password_check_skip = atoi(pos);
|
||||
} else if (os_strcmp(buf, "sae_commit_override") == 0) {
|
||||
wpabuf_free(bss->sae_commit_override);
|
||||
bss->sae_commit_override = wpabuf_parse_bin(pos);
|
||||
|
@ -1126,12 +1126,20 @@ static bool hostapd_sae_pk_password_without_pk(struct hostapd_bss_config *bss)
|
||||
bool res = false;
|
||||
|
||||
if (bss->ssid.wpa_passphrase &&
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
!bss->sae_pk_password_check_skip &&
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
sae_pk_valid_password(bss->ssid.wpa_passphrase))
|
||||
res = true;
|
||||
|
||||
for (pw = bss->sae_passwords; pw; pw = pw->next) {
|
||||
if (!pw->pk && sae_pk_valid_password(pw->password))
|
||||
if (!pw->pk &&
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
!bss->sae_pk_password_check_skip &&
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
sae_pk_valid_password(pw->password))
|
||||
return true;
|
||||
|
||||
if (bss->ssid.wpa_passphrase && res && pw->pk &&
|
||||
os_strcmp(bss->ssid.wpa_passphrase, pw->password) == 0)
|
||||
res = false;
|
||||
|
@ -671,6 +671,7 @@ struct hostapd_bss_config {
|
||||
int sae_reflection_attack;
|
||||
int sae_commit_status;
|
||||
int sae_pk_omit;
|
||||
int sae_pk_password_check_skip;
|
||||
struct wpabuf *sae_commit_override;
|
||||
struct wpabuf *rsne_override_eapol;
|
||||
struct wpabuf *rsnxe_override_eapol;
|
||||
|
Loading…
Reference in New Issue
Block a user