[RFC PATCH] wpa_s: use open authentication to reassociate with SAE AP

Sergey Matyukevich <sergey.matyukevich.os@xxxxxxxxxxxxx> · Fri, 29 Mar 2019 11:22:32 +0000

For reassociation with the same AP wpa_supplicant attempts to use
cached PMKSA. For this purpose PMKID is passed in RSN IE in ASSOC
request. In the case of SAE AP, open authentication shall be used
during reassociation. Otherwise cached PMKID become invalid after
full SAE authentication.

Current implementation correctly handles SoftMAC drivers. However
for FullMAC drivers complete SAE authentication is performed.
As a result, first reassociation attempt fails.

This patch fixes FullMAC driver behavior by reseting authentication
algorithm to WPA_AUTH_ALG_OPEN when reassociating with SAE AP.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@xxxxxxxxxxxxx>
---
 wpa_supplicant/wpa_supplicant.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 7c9f58105..9277f8248 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2521,6 +2521,9 @@ static u8 * wpas_populate_assoc_ies(
 #ifdef CONFIG_MBO
 	const u8 *mbo_ie;
 #endif
+#ifdef CONFIG_SAE
+	int sae_pmksa_cached = 0;
+#endif /* CONFIG_SAE */
 #ifdef CONFIG_FILS
 	const u8 *realm, *username, *rrk;
 	size_t realm_len, username_len, rrk_len;
@@ -2558,8 +2561,12 @@ static u8 * wpas_populate_assoc_ies(
 #endif /* CONFIG_FILS */
 		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
 					    ssid, try_opportunistic,
-					    cache_id, 0) == 0)
+					    cache_id, 0) == 0) {
 			eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
+#ifdef CONFIG_SAE
+			sae_pmksa_cached = 1;
+#endif /* CONFIG_SAE */
+		}
 		wpa_ie_len = max_wpa_ie_len;
 		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
 					      wpa_ie, &wpa_ie_len)) {
@@ -2672,6 +2679,14 @@ static u8 * wpas_populate_assoc_ies(
 			"Overriding auth_alg selection: 0x%x", algs);
 	}
 
+#ifdef CONFIG_SAE
+	if (sae_pmksa_cached) {
+		wpa_dbg(wpa_s, MSG_DEBUG,
+			"SAE reaassoc: fallback to AUTH_ALG_OPEN");
+		algs = WPA_AUTH_ALG_OPEN;
+	}
+#endif /* CONFIG_SAE */
+
 #ifdef CONFIG_P2P
 	if (wpa_s->global->p2p) {
 		u8 *pos;
-- 
2.11.0


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap






