SAE: Move H2E and PK flags to main sae_data

This maintains knowledge of whether H2E or PK was used as part of the
SAE authentication beyond the removal of temporary state needed during
that authentication. This makes it easier to use information about which
kind of SAE authentication was used at higher layer functionality.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-06-06 12:08:37 +03:00 committed by Jouni Malinen
parent bc908daace
commit cc22fb1b86
6 changed files with 30 additions and 33 deletions

View file

@ -439,7 +439,7 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
#ifdef CONFIG_SAE #ifdef CONFIG_SAE
if (hapd->conf->sae_pwe == 2 && if (hapd->conf->sae_pwe == 2 &&
sta->auth_alg == WLAN_AUTH_SAE && sta->auth_alg == WLAN_AUTH_SAE &&
sta->sae && sta->sae->tmp && !sta->sae->tmp->h2e && sta->sae && !sta->sae->h2e &&
elems.rsnxe && elems.rsnxe_len >= 1 && elems.rsnxe && elems.rsnxe_len >= 1 &&
(elems.rsnxe[0] & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) { (elems.rsnxe[0] & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) {
wpa_printf(MSG_INFO, "SAE: " MACSTR wpa_printf(MSG_INFO, "SAE: " MACSTR

View file

@ -483,7 +483,7 @@ static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
if (sta->sae->tmp) { if (sta->sae->tmp) {
rx_id = sta->sae->tmp->pw_id; rx_id = sta->sae->tmp->pw_id;
use_pt = sta->sae->tmp->h2e; use_pt = sta->sae->h2e;
#ifdef CONFIG_SAE_PK #ifdef CONFIG_SAE_PK
os_memcpy(sta->sae->tmp->own_addr, hapd->own_addr, ETH_ALEN); os_memcpy(sta->sae->tmp->own_addr, hapd->own_addr, ETH_ALEN);
os_memcpy(sta->sae->tmp->peer_addr, sta->addr, ETH_ALEN); os_memcpy(sta->sae->tmp->peer_addr, sta->addr, ETH_ALEN);
@ -594,9 +594,9 @@ static int auth_sae_send_commit(struct hostapd_data *hapd,
if (data == NULL) if (data == NULL)
return WLAN_STATUS_UNSPECIFIED_FAILURE; return WLAN_STATUS_UNSPECIFIED_FAILURE;
if (sta->sae->tmp && sta->sae->tmp->pk) if (sta->sae->tmp && sta->sae->pk)
status = WLAN_STATUS_SAE_PK; status = WLAN_STATUS_SAE_PK;
else if (sta->sae->tmp && sta->sae->tmp->h2e) else if (sta->sae->tmp && sta->sae->h2e)
status = WLAN_STATUS_SAE_HASH_TO_ELEMENT; status = WLAN_STATUS_SAE_HASH_TO_ELEMENT;
else else
status = WLAN_STATUS_SUCCESS; status = WLAN_STATUS_SUCCESS;
@ -921,11 +921,11 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
case SAE_NOTHING: case SAE_NOTHING:
if (auth_transaction == 1) { if (auth_transaction == 1) {
if (sta->sae->tmp) { if (sta->sae->tmp) {
sta->sae->tmp->h2e = sta->sae->h2e =
(status_code == (status_code ==
WLAN_STATUS_SAE_HASH_TO_ELEMENT || WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
status_code == WLAN_STATUS_SAE_PK); status_code == WLAN_STATUS_SAE_PK);
sta->sae->tmp->pk = sta->sae->pk =
status_code == WLAN_STATUS_SAE_PK; status_code == WLAN_STATUS_SAE_PK;
} }
ret = auth_sae_send_commit(hapd, sta, bssid, ret = auth_sae_send_commit(hapd, sta, bssid,
@ -1440,7 +1440,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
"SAE: Request anti-clogging token from " "SAE: Request anti-clogging token from "
MACSTR, MAC2STR(sta->addr)); MACSTR, MAC2STR(sta->addr));
if (sta->sae->tmp) if (sta->sae->tmp)
h2e = sta->sae->tmp->h2e; h2e = sta->sae->h2e;
if (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT || if (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
status_code == WLAN_STATUS_SAE_PK) status_code == WLAN_STATUS_SAE_PK)
h2e = 1; h2e = 1;
@ -3405,7 +3405,7 @@ static int check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
if (hapd->conf->sae_pwe == 2 && if (hapd->conf->sae_pwe == 2 &&
sta->auth_alg == WLAN_AUTH_SAE && sta->auth_alg == WLAN_AUTH_SAE &&
sta->sae && sta->sae->tmp && !sta->sae->tmp->h2e && sta->sae && !sta->sae->h2e &&
elems.rsnxe && elems.rsnxe_len >= 1 && elems.rsnxe && elems.rsnxe_len >= 1 &&
(elems.rsnxe[0] & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) { (elems.rsnxe[0] & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) {
wpa_printf(MSG_INFO, "SAE: " MACSTR wpa_printf(MSG_INFO, "SAE: " MACSTR

View file

@ -1364,8 +1364,8 @@ int sae_prepare_commit(const u8 *addr1, const u8 *addr2,
identifier) < 0)) identifier) < 0))
return -1; return -1;
sae->tmp->h2e = 0; sae->h2e = 0;
sae->tmp->pk = 0; sae->pk = 0;
return sae_derive_commit(sae); return sae_derive_commit(sae);
} }
@ -1434,7 +1434,7 @@ int sae_prepare_commit_pt(struct sae_data *sae, const struct sae_pt *pt,
return -1; return -1;
} }
sae->tmp->h2e = 1; sae->h2e = 1;
return sae_derive_commit(sae); return sae_derive_commit(sae);
} }
@ -1559,14 +1559,14 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k)
* When SAE-PK is used, * When SAE-PK is used,
* KCK || PMK || KEK = KDF-Hash-Length(keyseed, "SAE-PK keys", context) * KCK || PMK || KEK = KDF-Hash-Length(keyseed, "SAE-PK keys", context)
*/ */
if (!sae->tmp->h2e) if (!sae->h2e)
hash_len = SHA256_MAC_LEN; hash_len = SHA256_MAC_LEN;
else if (sae->tmp->dh) else if (sae->tmp->dh)
hash_len = sae_ffc_prime_len_2_hash_len(prime_len); hash_len = sae_ffc_prime_len_2_hash_len(prime_len);
else else
hash_len = sae_ecc_prime_len_2_hash_len(prime_len); hash_len = sae_ecc_prime_len_2_hash_len(prime_len);
if (sae->tmp->h2e && (sae->tmp->own_rejected_groups || if (sae->h2e && (sae->tmp->own_rejected_groups ||
sae->tmp->peer_rejected_groups)) { sae->tmp->peer_rejected_groups)) {
struct wpabuf *own, *peer; struct wpabuf *own, *peer;
own = sae->tmp->own_rejected_groups; own = sae->tmp->own_rejected_groups;
@ -1617,13 +1617,13 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k)
* octets). */ * octets). */
crypto_bignum_to_bin(tmp, val, sizeof(val), sae->tmp->order_len); crypto_bignum_to_bin(tmp, val, sizeof(val), sae->tmp->order_len);
wpa_hexdump(MSG_DEBUG, "SAE: PMKID", val, SAE_PMKID_LEN); wpa_hexdump(MSG_DEBUG, "SAE: PMKID", val, SAE_PMKID_LEN);
if (!sae->tmp->pk && if (!sae->pk &&
sae_kdf_hash(hash_len, keyseed, "SAE KCK and PMK", sae_kdf_hash(hash_len, keyseed, "SAE KCK and PMK",
val, sae->tmp->order_len, val, sae->tmp->order_len,
keys, hash_len + SAE_PMK_LEN) < 0) keys, hash_len + SAE_PMK_LEN) < 0)
goto fail; goto fail;
#ifdef CONFIG_SAE_PK #ifdef CONFIG_SAE_PK
if (sae->tmp->pk && if (sae->pk &&
sae_kdf_hash(hash_len, keyseed, "SAE-PK keys", sae_kdf_hash(hash_len, keyseed, "SAE-PK keys",
val, sae->tmp->order_len, val, sae->tmp->order_len,
keys, 2 * hash_len + SAE_PMK_LEN) < 0) keys, 2 * hash_len + SAE_PMK_LEN) < 0)
@ -1635,7 +1635,7 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k)
os_memcpy(sae->pmk, keys + hash_len, SAE_PMK_LEN); os_memcpy(sae->pmk, keys + hash_len, SAE_PMK_LEN);
os_memcpy(sae->pmkid, val, SAE_PMKID_LEN); os_memcpy(sae->pmkid, val, SAE_PMKID_LEN);
#ifdef CONFIG_SAE_PK #ifdef CONFIG_SAE_PK
if (sae->tmp->pk) { if (sae->pk) {
os_memcpy(sae->tmp->kek, keys + hash_len + SAE_PMK_LEN, os_memcpy(sae->tmp->kek, keys + hash_len + SAE_PMK_LEN,
hash_len); hash_len);
sae->tmp->kek_len = hash_len; sae->tmp->kek_len = hash_len;
@ -1677,7 +1677,7 @@ int sae_write_commit(struct sae_data *sae, struct wpabuf *buf,
return -1; return -1;
wpabuf_put_le16(buf, sae->group); /* Finite Cyclic Group */ wpabuf_put_le16(buf, sae->group); /* Finite Cyclic Group */
if (!sae->tmp->h2e && token) { if (!sae->h2e && token) {
wpabuf_put_buf(buf, token); wpabuf_put_buf(buf, token);
wpa_hexdump(MSG_DEBUG, "SAE: Anti-clogging token", wpa_hexdump(MSG_DEBUG, "SAE: Anti-clogging token",
wpabuf_head(token), wpabuf_len(token)); wpabuf_head(token), wpabuf_len(token));
@ -1718,7 +1718,7 @@ int sae_write_commit(struct sae_data *sae, struct wpabuf *buf,
identifier); identifier);
} }
if (sae->tmp->h2e && sae->tmp->own_rejected_groups) { if (sae->h2e && sae->tmp->own_rejected_groups) {
wpa_hexdump_buf(MSG_DEBUG, "SAE: own Rejected Groups", wpa_hexdump_buf(MSG_DEBUG, "SAE: own Rejected Groups",
sae->tmp->own_rejected_groups); sae->tmp->own_rejected_groups);
wpabuf_put_u8(buf, WLAN_EID_EXTENSION); wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
@ -1728,7 +1728,7 @@ int sae_write_commit(struct sae_data *sae, struct wpabuf *buf,
wpabuf_put_buf(buf, sae->tmp->own_rejected_groups); wpabuf_put_buf(buf, sae->tmp->own_rejected_groups);
} }
if (sae->tmp->h2e && token) { if (sae->h2e && token) {
wpabuf_put_u8(buf, WLAN_EID_EXTENSION); wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
wpabuf_put_u8(buf, 1 + wpabuf_len(token)); wpabuf_put_u8(buf, 1 + wpabuf_len(token));
wpabuf_put_u8(buf, WLAN_EID_EXT_ANTI_CLOGGING_TOKEN); wpabuf_put_u8(buf, WLAN_EID_EXT_ANTI_CLOGGING_TOKEN);

View file

@ -59,8 +59,6 @@ struct sae_temporary_data {
u8 bssid[ETH_ALEN]; u8 bssid[ETH_ALEN];
struct wpabuf *own_rejected_groups; struct wpabuf *own_rejected_groups;
struct wpabuf *peer_rejected_groups; struct wpabuf *peer_rejected_groups;
unsigned int h2e:1;
unsigned int pk:1;
unsigned int own_addr_higher:1; unsigned int own_addr_higher:1;
#ifdef CONFIG_SAE_PK #ifdef CONFIG_SAE_PK
@ -106,6 +104,8 @@ struct sae_data {
int group; int group;
unsigned int sync; /* protocol instance variable: Sync */ unsigned int sync; /* protocol instance variable: Sync */
u16 rc; /* protocol instance variable: Rc (received send-confirm) */ u16 rc; /* protocol instance variable: Rc (received send-confirm) */
unsigned int h2e:1;
unsigned int pk:1;
struct sae_temporary_data *tmp; struct sae_temporary_data *tmp;
}; };

View file

@ -528,7 +528,7 @@ int sae_check_confirm_pk(struct sae_data *sae, const u8 *ies, size_t ies_len)
if (!tmp) if (!tmp)
return -1; return -1;
if (!tmp->pk || tmp->ap_pk) if (!sae->pk || tmp->ap_pk)
return 0; return 0;
if (tmp->kek_len != 32 && tmp->kek_len != 48 && tmp->kek_len != 64) { if (tmp->kek_len != 32 && tmp->kek_len != 48 && tmp->kek_len != 64) {

View file

@ -128,8 +128,8 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
os_memcmp(bssid, wpa_s->sme.sae.tmp->bssid, ETH_ALEN) == 0) { os_memcmp(bssid, wpa_s->sme.sae.tmp->bssid, ETH_ALEN) == 0) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"SAE: Reuse previously generated PWE on a retry with the same AP"); "SAE: Reuse previously generated PWE on a retry with the same AP");
use_pt = wpa_s->sme.sae.tmp->h2e; use_pt = wpa_s->sme.sae.h2e;
use_pk = wpa_s->sme.sae.tmp->pk; use_pk = wpa_s->sme.sae.pk;
goto reuse_data; goto reuse_data;
} }
if (sme_set_sae_group(wpa_s) < 0) { if (sme_set_sae_group(wpa_s) < 0) {
@ -190,7 +190,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
if (wpa_s->sme.sae.tmp) { if (wpa_s->sme.sae.tmp) {
os_memcpy(wpa_s->sme.sae.tmp->bssid, bssid, ETH_ALEN); os_memcpy(wpa_s->sme.sae.tmp->bssid, bssid, ETH_ALEN);
if (use_pt && use_pk) if (use_pt && use_pk)
wpa_s->sme.sae.tmp->pk = 1; wpa_s->sme.sae.pk = 1;
#ifdef CONFIG_SAE_PK #ifdef CONFIG_SAE_PK
os_memcpy(wpa_s->sme.sae.tmp->own_addr, wpa_s->own_addr, os_memcpy(wpa_s->sme.sae.tmp->own_addr, wpa_s->own_addr,
ETH_ALEN); ETH_ALEN);
@ -1266,8 +1266,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
wpabuf_free(wpa_s->sme.sae_token); wpabuf_free(wpa_s->sme.sae_token);
token_pos = data + sizeof(le16); token_pos = data + sizeof(le16);
token_len = len - sizeof(le16); token_len = len - sizeof(le16);
if (wpa_s->sme.sae.tmp) h2e = wpa_s->sme.sae.h2e;
h2e = wpa_s->sme.sae.tmp->h2e;
if (h2e) { if (h2e) {
if (token_len < 3) { if (token_len < 3) {
wpa_dbg(wpa_s, MSG_DEBUG, wpa_dbg(wpa_s, MSG_DEBUG,
@ -1348,20 +1347,18 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
"SAE: Ignore commit message while waiting for confirm"); "SAE: Ignore commit message while waiting for confirm");
return 0; return 0;
} }
if (wpa_s->sme.sae.tmp && wpa_s->sme.sae.tmp->h2e && if (wpa_s->sme.sae.h2e && status_code == WLAN_STATUS_SUCCESS) {
status_code == WLAN_STATUS_SUCCESS) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"SAE: Unexpected use of status code 0 in SAE commit when H2E was expected"); "SAE: Unexpected use of status code 0 in SAE commit when H2E was expected");
return -1; return -1;
} }
if (wpa_s->sme.sae.tmp && if ((!wpa_s->sme.sae.h2e || wpa_s->sme.sae.pk) &&
(!wpa_s->sme.sae.tmp->h2e || wpa_s->sme.sae.tmp->pk) &&
status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT) { status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"SAE: Unexpected use of status code for H2E in SAE commit when H2E was not expected"); "SAE: Unexpected use of status code for H2E in SAE commit when H2E was not expected");
return -1; return -1;
} }
if (wpa_s->sme.sae.tmp && !wpa_s->sme.sae.tmp->pk && if (!wpa_s->sme.sae.pk &&
status_code == WLAN_STATUS_SAE_PK) { status_code == WLAN_STATUS_SAE_PK) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"SAE: Unexpected use of status code for PK in SAE commit when PK was not expected"); "SAE: Unexpected use of status code for PK in SAE commit when PK was not expected");