DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

SAE: Verify that own/peer commit-scalar and COMMIT-ELEMENT are different

Browse source 
This check explicitly for reflection attack and stops authentication
immediately if that is detected instead of continuing to the following
4-way handshake that would fail due to the attacker not knowing the key
from the SAE exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-06-23 22:30:15 +03:00
parent 4e7e68890a
commit 6a58444d27
4 changed files with 47 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/ap/ieee802_11.c
View file

@ -769,6 +769,12 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
((const u8 *) mgmt) + len -
mgmt->u.auth.variable, &token,
&token_len, hapd->conf->sae_groups);
if (resp == SAE_SILENTLY_DISCARD) {
wpa_printf(MSG_DEBUG,
"SAE: Drop commit message from " MACSTR " due to reflection attack",
MAC2STR(sta->addr));
return;
}
if (token && check_sae_token(hapd, sta->addr, token, token_len)
< 0) {
wpa_printf(MSG_DEBUG, "SAE: Drop commit message with "