DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

PASN: Change PASN flows to use SAE H2E only

Browse source 
Do so for both wpa_supplicant and hostapd. While this was not explicitly
required in IEEE P802.11az/D3.0, likely direction for the draft is to
start requiring use of H2E for all cases where SAE is used with PASN.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This commit is contained in:
Ilan Peer 2021-04-08 12:06:24 +03:00 committed by Jouni Malinen
parent d9c566b1b8
commit 79f87f4734
2 changed files with 57 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

20
src/ap/ieee802_11.c
View file

@ -2383,11 +2383,12 @@ static int pasn_wd_handle_sae_commit(struct hostapd_data *hapd,
struct wpabuf *wd)
{
struct pasn_data *pasn = sta->pasn;
const char *password = NULL;
const char *password;
const u8 *data;
size_t buf_len;
u16 res, alg, seq, status;
int groups[] = { pasn->group, 0 };
struct sae_pt *pt = NULL;
int ret;
if (!wd)
@ -2409,8 +2410,8 @@ static int pasn_wd_handle_sae_commit(struct hostapd_data *hapd,
wpa_printf(MSG_DEBUG, "PASN: SAE commit: alg=%u, seq=%u, status=%u",
alg, seq, status);
/* TODO: SAE H2E */
if (alg != WLAN_AUTH_SAE || seq != 1 || status != WLAN_STATUS_SUCCESS) {
if (alg != WLAN_AUTH_SAE || seq != 1 ||
status != WLAN_STATUS_SAE_HASH_TO_ELEMENT) {
wpa_printf(MSG_DEBUG, "PASN: Dropping peer SAE commit");
return -1;
}
@ -2424,15 +2425,14 @@ static int pasn_wd_handle_sae_commit(struct hostapd_data *hapd,
return -1;
}
password = sae_get_password(hapd, sta, NULL, NULL, NULL, NULL);
if (!password) {
wpa_printf(MSG_DEBUG, "PASN: No SAE password found");
password = sae_get_password(hapd, sta, NULL, NULL, &pt, NULL);
if (!password || !pt) {
wpa_printf(MSG_DEBUG, "PASN: No SAE PT found");
return -1;
}
ret = sae_prepare_commit(hapd->own_addr, sta->addr,
(const u8 *) password, os_strlen(password), 0,
&pasn->sae);
ret = sae_prepare_commit_pt(&pasn->sae, pt, hapd->own_addr, sta->addr,
NULL, NULL);
if (ret) {
wpa_printf(MSG_DEBUG, "PASN: Failed to prepare SAE commit");
return -1;
@ -2529,7 +2529,7 @@ static struct wpabuf * pasn_get_sae_wd(struct hostapd_data *hapd,
len_ptr = wpabuf_put(buf, 2);
wpabuf_put_le16(buf, WLAN_AUTH_SAE);
wpabuf_put_le16(buf, 1);
wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
wpabuf_put_le16(buf, WLAN_STATUS_SAE_HASH_TO_ELEMENT);
/* Write the actual commit and update the length accordingly */
sae_write_commit(&pasn->sae, buf, NULL, 0);