station: network: rework ERP/FILS code path

This refactors some code to eliminate getting the ERP entry twice by simply returning it from network_has_erp_identity (now renamed to network_get_erp_cache). In addition this code was moved into station_build_handshake_rsn and properly cleaned up in case there was an error or if a FILS AKM was not chosen.
2025-10-31 21:27:30 +01:00 · 2021-08-03 14:40:43 -07:00 · 2021-08-03 14:40:43 -07:00 · 630c2c2a08
commit 630c2c2a08
parent 236bb27cdd
3 changed files with 30 additions and 22 deletions
--- a/src/network.c
+++ b/src/network.c
@ -1056,7 +1056,7 @@ static bool match_bss(const void *a, const void *b)
 	return a == b;
 }

-bool network_has_erp_identity(struct network *network)
+struct erp_cache_entry *network_get_erp_cache(struct network *network)
 {
 	struct erp_cache_entry *cache;
 	struct l_settings *settings;
@ -1066,16 +1066,16 @@ bool network_has_erp_identity(struct network *network)

 	settings = network_get_settings(network);
 	if (!settings)
-		return false;
+		return NULL;

 	check_id = l_settings_get_string(settings, "Security", "EAP-Identity");
 	if (!check_id)
-		return false;
+		return NULL;

 	cache = erp_cache_get(network_get_ssid(network));
 	if (!cache) {
 		l_free(check_id);
-		return false;
+		return NULL;
 	}

 	identity = erp_cache_entry_get_identity(cache);
@ -1083,17 +1083,19 @@ bool network_has_erp_identity(struct network *network)
 	ret = strcmp(check_id, identity) == 0;

 	l_free(check_id);
-	erp_cache_put(cache);

 	/*
 	 * The settings file must have change out from under us. In this
 	 * case we want to remove the ERP entry because it is no longer
 	 * valid.
 	 */
-	if (!ret)
+	if (!ret) {
+		erp_cache_put(cache);
 		erp_cache_remove(identity);
+		return NULL;
+	}

-	return ret;
+	return cache;
 }

 const struct l_queue_entry *network_bss_list_get_entries(
--- a/src/network.h
+++ b/src/network.h
@ -29,6 +29,7 @@ struct station;
 struct network;
 struct scan_bss;
 struct handshake_state;
+struct erp_cache_entry;

 void network_connected(struct network *network);
 void network_disconnected(struct network *network);
@ -87,7 +88,7 @@ void network_blacklist_add(struct network *network, struct scan_bss *bss);
 const struct iovec *network_get_extra_ies(struct network *network,
 						size_t *num_elems);

-bool network_has_erp_identity(struct network *network);
+struct erp_cache_entry *network_get_erp_cache(struct network *network);

 const struct l_queue_entry *network_bss_list_get_entries(
 						struct network *network);
--- a/src/station.c
+++ b/src/station.c
@ -743,7 +743,7 @@ static int station_build_handshake_rsn(struct handshake_state *hs,
 {
 	enum security security = network_get_security(network);
 	bool add_mde = false;
-	bool fils_hint = false;
+	struct erp_cache_entry *erp_cache = NULL;

 	struct ie_rsn_info bss_info;
 	uint8_t rsne_buf[256];
@ -764,10 +764,10 @@ static int station_build_handshake_rsn(struct handshake_state *hs,
 	 * wiphy may select FILS if supported by the AP.
 	 */
 	if (security == SECURITY_8021X && hs->support_fils)
-		fils_hint = network_has_erp_identity(network);
+		erp_cache = network_get_erp_cache(network);

 	info.akm_suites = wiphy_select_akm(wiphy, bss, security,
-							&bss_info, fils_hint);
+						&bss_info, erp_cache != NULL);

 	/*
 	 * Special case for OWE. With OWE we still need to build up the
@ -848,6 +848,19 @@ build_ie:
 	if (IE_AKM_IS_FT(info.akm_suites))
 		add_mde = true;

+	/*
+	 * If FILS was chosen, the ERP cache has been verified to exist. Take
+	 * a reference now so it remains valid (in case of expiration) until
+	 * FILS starts.
+	 */
+	if (hs->akm_suite & (IE_RSN_AKM_SUITE_FILS_SHA256 |
+				IE_RSN_AKM_SUITE_FILS_SHA384 |
+				IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 |
+				IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384))
+		hs->erp_cache = erp_cache;
+	else if (erp_cache)
+		erp_cache_put(erp_cache);
+
 open_network:
 	if (security == SECURITY_NONE)
 		/* Perform FT association if available */
@ -867,6 +880,9 @@ open_network:
 	return 0;

 not_supported:
+	if (erp_cache)
+		erp_cache_put(erp_cache);
+
 	return -ENOTSUP;
 }

@ -889,17 +905,6 @@ static struct handshake_state *station_handshake_setup(struct station *station,
 	if (network_handshake_setup(network, hs) < 0)
 		goto not_supported;

-	/*
-	 * If FILS was chosen, the ERP cache has been verified to exist. We
-	 * wait to get it until here because at this point so there are no
-	 * failure paths before fils_sm_new
-	 */
-	if (hs->akm_suite & (IE_RSN_AKM_SUITE_FILS_SHA256 |
-				IE_RSN_AKM_SUITE_FILS_SHA384 |
-				IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 |
-				IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384))
-		hs->erp_cache = erp_cache_get(network_get_ssid(network));
-
 	return hs;

 not_supported: