mesh: Support simple SAE group negotiation case

This allows the simplest case of SAE group negotiation to occur by
selecting the next available group if the peer STA indicates the
previous one was not supported. This is not yet sufficient to cover all
cases, e.g., when both STAs need to change their groups, but at least
some cases are no covered.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 781afa2..f6fca67 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -518,6 +518,9 @@ static void auth_sae_retransmit_timer(void *eloop_ctx, void *eloop_data)
        if (sae_check_big_sync(sta))
                return;
        sta->sae->sync++;
+       wpa_printf(MSG_DEBUG, "SAE: Auth SAE retransmit timer for " MACSTR
+                  " (sync=%d state=%d)",
+                  MAC2STR(sta->addr), sta->sae->sync, sta->sae->state);
 
        switch (sta->sae->state) {
        case SAE_COMMITTED:
@@ -724,6 +727,44 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
 }
 
 
+static void sae_pick_next_group(struct hostapd_data *hapd, struct sta_info *sta)
+{
+       struct sae_data *sae = sta->sae;
+       int i, *groups = hapd->conf->sae_groups;
+
+       if (sae->state != SAE_COMMITTED)
+               return;
+
+       wpa_printf(MSG_DEBUG, "SAE: Previously selected group: %d", sae->group);
+
+       for (i = 0; groups && groups[i] > 0; i++) {
+               if (sae->group == groups[i])
+                       break;
+       }
+
+       if (!groups || groups[i] <= 0) {
+               wpa_printf(MSG_DEBUG,
+                          "SAE: Previously selected group not found from the current configuration");
+               return;
+       }
+
+       for (;;) {
+               i++;
+               if (groups[i] <= 0) {
+                       wpa_printf(MSG_DEBUG,
+                                  "SAE: No alternative group enabled");
+                       return;
+               }
+
+               if (sae_set_group(sae, groups[i]) < 0)
+                       continue;
+
+               break;
+       }
+       wpa_printf(MSG_DEBUG, "SAE: Selected new group: %d", groups[i]);
+}
+
+
 static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
                            const struct ieee80211_mgmt *mgmt, size_t len,
                            u16 auth_transaction, u16 status_code)
@@ -811,6 +852,16 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
                        return;
                }
 
+               if ((hapd->conf->mesh & MESH_ENABLED) &&
+                   status_code ==
+                   WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
+                   sta->sae->tmp) {
+                       wpa_printf(MSG_DEBUG,
+                                  "SAE: Peer did not accept our SAE group");
+                       sae_pick_next_group(hapd, sta);
+                       goto remove_sta;
+               }
+
                if (status_code != WLAN_STATUS_SUCCESS)
                        goto remove_sta;