SAE: Tell sae_parse_commit() whether H2E is used

This will be needed to help parsing the received SAE commit.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-09-07 18:33:02 +03:00 committed by Jouni Malinen
parent 316156739c
commit 86f6084862
5 changed files with 9 additions and 5 deletions

View file

@ -1139,7 +1139,8 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable, resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
((const u8 *) mgmt) + len - ((const u8 *) mgmt) + len -
mgmt->u.auth.variable, &token, mgmt->u.auth.variable, &token,
&token_len, groups); &token_len, groups, status_code ==
WLAN_STATUS_SAE_HASH_TO_ELEMENT);
if (resp == SAE_SILENTLY_DISCARD) { if (resp == SAE_SILENTLY_DISCARD) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"SAE: Drop commit message from " MACSTR " due to reflection attack", "SAE: Drop commit message from " MACSTR " due to reflection attack",

View file

@ -377,7 +377,7 @@ static int sae_tests(void)
} }
if (sae_parse_commit(&sae, peer_commit, sizeof(peer_commit), NULL, NULL, if (sae_parse_commit(&sae, peer_commit, sizeof(peer_commit), NULL, NULL,
NULL) != 0 || NULL, 0) != 0 ||
sae_process_commit(&sae) < 0) sae_process_commit(&sae) < 0)
goto fail; goto fail;

View file

@ -1099,7 +1099,8 @@ static int sae_parse_password_identifier(struct sae_data *sae,
u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len, u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
const u8 **token, size_t *token_len, int *allowed_groups) const u8 **token, size_t *token_len, int *allowed_groups,
int h2e)
{ {
const u8 *pos = data, *end = data + len; const u8 *pos = data, *end = data + len;
u16 res; u16 res;

View file

@ -72,7 +72,8 @@ int sae_process_commit(struct sae_data *sae);
void sae_write_commit(struct sae_data *sae, struct wpabuf *buf, void sae_write_commit(struct sae_data *sae, struct wpabuf *buf,
const struct wpabuf *token, const char *identifier); const struct wpabuf *token, const char *identifier);
u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len, u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
const u8 **token, size_t *token_len, int *allowed_groups); const u8 **token, size_t *token_len, int *allowed_groups,
int h2e);
void sae_write_confirm(struct sae_data *sae, struct wpabuf *buf); void sae_write_confirm(struct sae_data *sae, struct wpabuf *buf);
int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len); int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len);
u16 sae_group_allowed(struct sae_data *sae, int *allowed_groups, u16 group); u16 sae_group_allowed(struct sae_data *sae, int *allowed_groups, u16 group);

View file

@ -1150,7 +1150,8 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
if (groups && groups[0] <= 0) if (groups && groups[0] <= 0)
groups = NULL; groups = NULL;
res = sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL, res = sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,
groups); groups, status_code ==
WLAN_STATUS_SAE_HASH_TO_ELEMENT);
if (res == SAE_SILENTLY_DISCARD) { if (res == SAE_SILENTLY_DISCARD) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"SAE: Drop commit message due to reflection attack"); "SAE: Drop commit message due to reflection attack");