DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

SAE: Allow enabled groups to be configured

Browse source 
hostapd.conf sae_groups parameter can now be used to limit the set of
groups that the AP allows for SAE. Similarly, sae_groups parameter is
wpa_supplicant.conf can be used to set the preferred order of groups. By
default, all implemented groups are enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2013-01-01 16:23:47 +02:00
parent e056f93e60
commit 625f202a74
13 changed files with 145 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/ap/ap_config.c
View file

@ -521,6 +521,8 @@ static void hostapd_config_free_bss(struct hostapd_bss_config *conf)
#endif /* CONFIG_HS20 */
wpabuf_free(conf->vendor_elements);
os_free(conf->sae_groups);
}

1
src/ap/ap_config.h
View file

@ -457,6 +457,7 @@ struct hostapd_bss_config {
struct wpabuf *vendor_elements;
unsigned int sae_anti_clogging_threshold;
int *sae_groups;
};

2
src/ap/ieee802_11.c
View file

@ -460,7 +460,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
((const u8 *) mgmt) + len -
mgmt->u.auth.variable, &token,
&token_len);
&token_len, hapd->conf->sae_groups);
if (token && check_sae_token(hapd, sta->addr, token, token_len)
< 0) {
wpa_printf(MSG_DEBUG, "SAE: Drop commit message with "

15
src/common/sae.c
View file

@ -470,7 +470,7 @@ void sae_write_commit(struct sae_data *sae, struct wpabuf *buf,
u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
const u8 **token, size_t *token_len)
const u8 **token, size_t *token_len, int *allowed_groups)
{
const u8 *pos = data, *end = data + len;
u16 group;
@ -485,6 +485,19 @@ u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
if (pos + 2 > end)
return WLAN_STATUS_UNSPECIFIED_FAILURE;
group = WPA_GET_LE16(pos);
if (allowed_groups) {
int i;
for (i = 0; allowed_groups[i] >= 0; i++) {
if (allowed_groups[i] == group)
break;
}
if (allowed_groups[i] != group) {
wpa_printf(MSG_DEBUG, "SAE: Proposed group %u not "
"enabled in the current configuration",
group);
return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
}
}
if (sae->state == SAE_COMMITTED && group != sae->group) {
wpa_printf(MSG_DEBUG, "SAE: Do not allow group to be changed");
return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;

2
src/common/sae.h
View file

@ -43,7 +43,7 @@ int sae_process_commit(struct sae_data *sae);
void sae_write_commit(struct sae_data *sae, struct wpabuf *buf,
const struct wpabuf *token);
u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
const u8 **token, size_t *token_len);
const u8 **token, size_t *token_len, int *allowed_groups);
void sae_write_confirm(struct sae_data *sae, struct wpabuf *buf);
int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len);