[PATCH 1/5] AP: only set SAE_H2E selector if SAE is required

Benjamin Berg <benjamin@xxxxxxxxxxxxxxxx> · Wed, 8 Jan 2025 10:10:29 +0100

From: Benjamin Berg <benjamin.berg@xxxxxxxxx>

Setting a selector mandates the STA to not try to connect in case it
does not implement the feature. However, in the case of SAE_H2E this may
not be a hard requirement if the client is permitted to use another
algorithm to begin with.

Signed-off-by: Benjamin Berg <benjamin.berg@xxxxxxxxx>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@xxxxxxxxx>
---
 src/ap/ieee802_11.c | 4 ++--
 src/common/defs.h   | 9 +++++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index a9ed6eb0fa..cc737f6bc2 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -139,7 +139,7 @@ u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
 	h2e_required = (hapd->conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
 			hostapd_sae_pw_id_in_use(hapd->conf) == 2) &&
 		hapd->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK &&
-		wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt);
+		wpa_key_mgmt_only_sae(hapd->conf->wpa_key_mgmt);
 	if (h2e_required)
 		num++;
 	if (num > 8) {
@@ -206,7 +206,7 @@ u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid)
 	h2e_required = (hapd->conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
 			hostapd_sae_pw_id_in_use(hapd->conf) == 2) &&
 		hapd->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK &&
-		wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt);
+		wpa_key_mgmt_only_sae(hapd->conf->wpa_key_mgmt);
 	if (h2e_required)
 		num++;
 	if (num <= 8)
diff --git a/src/common/defs.h b/src/common/defs.h
index f58977039d..37b5a8382a 100644
--- a/src/common/defs.h
+++ b/src/common/defs.h
@@ -129,6 +129,15 @@ static inline int wpa_key_mgmt_sae_ext_key(int akm)
 			 WPA_KEY_MGMT_FT_SAE_EXT_KEY));
 }
 
+static inline int wpa_key_mgmt_only_sae(int akm)
+{
+	return wpa_key_mgmt_sae(akm) &&
+	       !(akm & ~(WPA_KEY_MGMT_SAE |
+			 WPA_KEY_MGMT_SAE_EXT_KEY |
+			 WPA_KEY_MGMT_FT_SAE |
+			 WPA_KEY_MGMT_FT_SAE_EXT_KEY));
+}
+
 static inline int wpa_key_mgmt_fils(int akm)
 {
 	return !!(akm & (WPA_KEY_MGMT_FILS_SHA256 |
-- 
2.47.1


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap






