DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

SAE: Add support for Anti-Clogging mechanism

Browse source 
hostapd can now be configured to use anti-clogging mechanism based on
the new sae_anti_clogging_threshold parameter (which is
dot11RSNASAEAntiCloggingThreshold in the standard). The token is
generated using a temporary key and the peer station's MAC address.
wpa_supplicant will re-try SAE authentication with the token included if
commit message is rejected with a token request.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2012-12-31 16:58:36 +02:00
parent 4838ff3ef4
commit d136c376f2
10 changed files with 163 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

29
src/common/sae.c
View file

@ -487,21 +487,28 @@ int sae_process_commit(struct sae_data *sae)
}
void sae_write_commit(struct sae_data *sae, struct wpabuf *buf)
void sae_write_commit(struct sae_data *sae, struct wpabuf *buf,
const struct wpabuf *token)
{
wpabuf_put_le16(buf, 19); /* Finite Cyclic Group */
/* TODO: Anti-Clogging Token (if requested) */
if (token)
wpabuf_put_buf(buf, token);
wpabuf_put_data(buf, sae->own_commit_scalar, 32);
wpabuf_put_data(buf, sae->own_commit_element, 2 * 32);
}
u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len)
u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
const u8 **token, size_t *token_len)
{
const u8 *pos = data, *end = data + len;
size_t val_len;
wpa_hexdump(MSG_DEBUG, "SAE: Commit fields", data, len);
if (token)
*token = NULL;
if (token_len)
*token_len = 0;
/* Check Finite Cyclic Group */
if (pos + 2 > end)
@ -514,6 +521,16 @@ u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len)
pos += 2;
val_len = 32;
if (pos + 3 * val_len < end) {
size_t tlen = end - (pos + 3 * val_len);
wpa_hexdump(MSG_DEBUG, "SAE: Anti-Clogging Token", pos, tlen);
if (token)
*token = pos;
if (token_len)
*token_len = tlen;
pos += tlen;
}
if (pos + val_len > end) {
wpa_printf(MSG_DEBUG, "SAE: Not enough data for scalar");
return WLAN_STATUS_UNSPECIFIED_FAILURE;
@ -547,12 +564,6 @@ u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len)
sae->peer_commit_element, val_len);
wpa_hexdump(MSG_DEBUG, "SAE: Peer commit-element(y)",
sae->peer_commit_element + val_len, val_len);
pos += 2 * val_len;
if (end > pos) {
wpa_hexdump(MSG_DEBUG, "SAE: Unexpected extra data in commit",
pos, end - pos);
}
return WLAN_STATUS_SUCCESS;
}

6
src/common/sae.h
View file

@ -29,8 +29,10 @@ int sae_prepare_commit(const u8 *addr1, const u8 *addr2,
const u8 *password, size_t password_len,
struct sae_data *sae);
int sae_process_commit(struct sae_data *sae);
void sae_write_commit(struct sae_data *sae, struct wpabuf *buf);
u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len);
void sae_write_commit(struct sae_data *sae, struct wpabuf *buf,
const struct wpabuf *token);
u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
const u8 **token, size_t *token_len);
void sae_write_confirm(struct sae_data *sae, struct wpabuf *buf);
int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len);