[PATCH 1/3] network: copy station_has_erp_identity

[PATCH 1/3] network: copy station_has_erp_identity

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 2035 bytes --]

This API is internal to station, but acts only on the network
object so it is being moved into network.c and exposed.
---
 src/network.c | 41 +++++++++++++++++++++++++++++++++++++++++
 src/network.h |  2 ++
 2 files changed, 43 insertions(+)

diff --git a/src/network.c b/src/network.c
index 53fc98a1..8b68f9e1 100644
--- a/src/network.c
+++ b/src/network.c
@@ -50,6 +50,7 @@
 #include "src/network.h"
 #include "src/blacklist.h"
 #include "src/util.h"
+#include "src/erp.h"
 
 static uint32_t known_networks_watch;
 static uint32_t anqp_watch;
@@ -720,6 +721,46 @@ static bool match_bss(const void *a, const void *b)
 	return a == b;
 }
 
+bool network_has_erp_identity(struct network *network)
+{
+	struct erp_cache_entry *cache;
+	struct l_settings *settings;
+	char *check_id;
+	const char *identity;
+	bool ret;
+
+	settings = network_get_settings(network);
+	if (!settings)
+		return false;
+
+	check_id = l_settings_get_string(settings, "Security", "EAP-Identity");
+	if (!check_id)
+		return false;
+
+	cache = erp_cache_get(network_get_ssid(network));
+	if (!cache) {
+		l_free(check_id);
+		return false;
+	}
+
+	identity = erp_cache_entry_get_identity(cache);
+
+	ret = strcmp(check_id, identity) == 0;
+
+	l_free(check_id);
+	erp_cache_put(cache);
+
+	/*
+	 * The settings file must have change out from under us. In this
+	 * case we want to remove the ERP entry because it is no longer
+	 * valid.
+	 */
+	if (!ret)
+		erp_cache_remove(identity);
+
+	return ret;
+}
+
 struct scan_bss *network_bss_select(struct network *network,
 						bool fallback_to_blacklist)
 {
diff --git a/src/network.h b/src/network.h
index 17890496..84fc4fba 100644
--- a/src/network.h
+++ b/src/network.h
@@ -79,3 +79,5 @@ void network_blacklist_add(struct network *network, struct scan_bss *bss);
 
 const struct iovec *network_get_extra_ies(struct network *network,
 						size_t *num_elems);
+
+bool network_has_erp_identity(struct network *network);
-- 
2.26.2

[PATCH 2/3] station: update to use network_has_erp_identity

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 1753 bytes --]

---
 src/station.c | 42 +-----------------------------------------
 1 file changed, 1 insertion(+), 41 deletions(-)

diff --git a/src/station.c b/src/station.c
index 79ba23dc..ae9d1f24 100644
--- a/src/station.c
+++ b/src/station.c
@@ -755,46 +755,6 @@ static void station_handshake_event(struct handshake_state *hs,
 	va_end(args);
 }
 
-static bool station_has_erp_identity(struct network *network)
-{
-	struct erp_cache_entry *cache;
-	struct l_settings *settings;
-	char *check_id;
-	const char *identity;
-	bool ret;
-
-	settings = network_get_settings(network);
-	if (!settings)
-		return false;
-
-	check_id = l_settings_get_string(settings, "Security", "EAP-Identity");
-	if (!check_id)
-		return false;
-
-	cache = erp_cache_get(network_get_ssid(network));
-	if (!cache) {
-		l_free(check_id);
-		return false;
-	}
-
-	identity = erp_cache_entry_get_identity(cache);
-
-	ret = strcmp(check_id, identity) == 0;
-
-	l_free(check_id);
-	erp_cache_put(cache);
-
-	/*
-	 * The settings file must have change out from under us. In this
-	 * case we want to remove the ERP entry because it is no longer
-	 * valid.
-	 */
-	if (!ret)
-		erp_cache_remove(identity);
-
-	return ret;
-}
-
 static int station_build_handshake_rsn(struct handshake_state *hs,
 					struct wiphy *wiphy,
 					struct network *network,
@@ -823,7 +783,7 @@ static int station_build_handshake_rsn(struct handshake_state *hs,
 	 * wiphy may select FILS if supported by the AP.
 	 */
 	if (security == SECURITY_8021X && hs->support_fils)
-		fils_hint = station_has_erp_identity(network);
+		fils_hint = network_has_erp_identity(network);
 
 	info.akm_suites = wiphy_select_akm(wiphy, bss, fils_hint);
 
-- 
2.26.2

[PATCH 3/3] wiphy: add fils_hint to wiphy_can_connect

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 3470 bytes --]

A prior commit refactored the AKM selection in wiphy.c. This
ended up breaking FILS tests due to the hard coding of a
false fils_hint in wiphy_select_akm. Since our FILS tests
only advertise FILS AKMs wiphy_can_connect would return false
for these networks.

Similar to wiphy_select_akm, add a fils hint parameter to
wiphy_can_connect and pass that down directly to wiphy_select_akm.
---
 src/network.c | 3 ++-
 src/station.c | 3 ++-
 src/wiphy.c   | 5 +++--
 src/wiphy.h   | 3 ++-
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/network.c b/src/network.c
index 8b68f9e1..1b1f7f86 100644
--- a/src/network.c
+++ b/src/network.c
@@ -768,6 +768,7 @@ struct scan_bss *network_bss_select(struct network *network,
 	struct wiphy *wiphy = station_get_wiphy(network->station);
 	const struct l_queue_entry *bss_entry;
 	struct scan_bss *candidate = NULL;
+	bool fils_hint = network_has_erp_identity(network);
 
 	for (bss_entry = l_queue_get_entries(bss_list); bss_entry;
 			bss_entry = bss_entry->next) {
@@ -776,7 +777,7 @@ struct scan_bss *network_bss_select(struct network *network,
 		switch (network_get_security(network)) {
 		case SECURITY_PSK:
 		case SECURITY_8021X:
-			if (!wiphy_can_connect(wiphy, bss))
+			if (!wiphy_can_connect(wiphy, bss, fils_hint))
 				continue;
 			/* fall through */
 		case SECURITY_NONE:
diff --git a/src/station.c b/src/station.c
index ae9d1f24..8a940cc6 100644
--- a/src/station.c
+++ b/src/station.c
@@ -1938,6 +1938,7 @@ static bool station_roam_scan_notify(int err, struct l_queue *bss_list,
 	uint16_t mdid;
 	enum security orig_security, security;
 	bool seen = false;
+	bool fils_hint = network_has_erp_identity(network);
 
 	if (err) {
 		station_roam_failed(station);
@@ -1994,7 +1995,7 @@ static bool station_roam_scan_notify(int err, struct l_queue *bss_list,
 
 		seen = true;
 
-		if (!wiphy_can_connect(station->wiphy, bss))
+		if (!wiphy_can_connect(station->wiphy, bss, fils_hint))
 			goto next;
 
 		if (blacklist_contains_bss(bss->addr))
diff --git a/src/wiphy.c b/src/wiphy.c
index 7d5dc4b5..7d491913 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -397,7 +397,8 @@ const struct scan_freq_set *wiphy_get_supported_freqs(
 	return wiphy->supported_freqs;
 }
 
-bool wiphy_can_connect(struct wiphy *wiphy, struct scan_bss *bss)
+bool wiphy_can_connect(struct wiphy *wiphy, struct scan_bss *bss,
+			bool fils_hint)
 {
 	struct ie_rsn_info rsn_info;
 	int r;
@@ -416,7 +417,7 @@ bool wiphy_can_connect(struct wiphy *wiphy, struct scan_bss *bss)
 					rsn_info.group_management_cipher))
 			return false;
 
-		return wiphy_select_akm(wiphy, bss, false);
+		return wiphy_select_akm(wiphy, bss, fils_hint);
 	} else if (r != -ENOENT)
 		return false;
 
diff --git a/src/wiphy.h b/src/wiphy.h
index 50fcb182..c5891f73 100644
--- a/src/wiphy.h
+++ b/src/wiphy.h
@@ -78,7 +78,8 @@ const char *wiphy_get_path(struct wiphy *wiphy);
 uint32_t wiphy_get_supported_bands(struct wiphy *wiphy);
 const struct scan_freq_set *wiphy_get_supported_freqs(
 						const struct wiphy *wiphy);
-bool wiphy_can_connect(struct wiphy *wiphy, struct scan_bss *bss);
+bool wiphy_can_connect(struct wiphy *wiphy, struct scan_bss *bss,
+				bool fils_hint);
 bool wiphy_supports_cmds_auth_assoc(struct wiphy *wiphy);
 bool wiphy_can_randomize_mac_addr(struct wiphy *wiphy);
 bool wiphy_rrm_capable(struct wiphy *wiphy);
-- 
2.26.2

Re: [PATCH 1/3] network: copy station_has_erp_identity

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 368 bytes --]

Hi James,

On 4/27/21 1:06 PM, James Prestwood wrote:
> This API is internal to station, but acts only on the network
> object so it is being moved into network.c and exposed.
> ---
>   src/network.c | 41 +++++++++++++++++++++++++++++++++++++++++
>   src/network.h |  2 ++
>   2 files changed, 43 insertions(+)
> 

All applied, thanks.

Regards,
-Denis