SAE: Verify that STA negotiated H2E if it claims to support it

author Jouni Malinen <jouni@codeaurora.org>

Fri, 18 Oct 2019 09:38:11 +0000 (12:38 +0300)

committer Jouni Malinen <j@w1.fi>

Fri, 18 Oct 2019 09:48:28 +0000 (12:48 +0300)
author Jouni Malinen <jouni@codeaurora.org>
Fri, 18 Oct 2019 09:38:11 +0000 (12:38 +0300)
committer Jouni Malinen <j@w1.fi>
Fri, 18 Oct 2019 09:48:28 +0000 (12:48 +0300)
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c

index f863c98694bc79f0ff1e78baf84b910928e85abd..3198bd563b0c572893a507a5e0e7532062eae207 100644 (file)
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -16,6 +16,7 @@
  #include "common/ieee802_11_common.h"
  #include "common/wpa_ctrl.h"
  #include "common/dpp.h"
+#include "common/sae.h"
  #include "crypto/random.h"
  #include "p2p/p2p.h"
  #include "wps/wps.h"
@@ -398,6 +399,20 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
                         }
                 }
  #endif /* CONFIG_IEEE80211R_AP */
+#ifdef CONFIG_SAE
+               if (hapd->conf->sae_pwe == 2 &&
+                   sta->auth_alg == WLAN_AUTH_SAE &&
+                   sta->sae && sta->sae->tmp && !sta->sae->tmp->h2e &&
+                   elems.rsnxe && elems.rsnxe_len >= 1 &&
+                   (elems.rsnxe[0] & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) {
+                       wpa_printf(MSG_INFO, "SAE: " MACSTR
+                                  " indicates support for SAE H2E, but did not use it",
+                                  MAC2STR(sta->addr));
+                       status = WLAN_STATUS_UNSPECIFIED_FAILURE;
+                       reason = WLAN_REASON_UNSPECIFIED;
+                       goto fail;
+               }
+#endif /* CONFIG_SAE */
         } else if (hapd->conf->wps_state) {
  #ifdef CONFIG_WPS
                 struct wpabuf *wps;
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c

index 7cd00624f5e39471c9b290dbec2bc4c9a9a138a5..c45009cedafe65faac2ce4fa23e8b097e7a57035 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -3252,6 +3252,17 @@ static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
                                    MAC2STR(sta->addr), sta->auth_alg);
                         return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
                 }
+
+               if (hapd->conf->sae_pwe == 2 &&
+                   sta->auth_alg == WLAN_AUTH_SAE &&
+                   sta->sae && sta->sae->tmp && !sta->sae->tmp->h2e &&
+                   elems.rsnxe && elems.rsnxe_len >= 1 &&
+                   (elems.rsnxe[0] & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) {
+                       wpa_printf(MSG_INFO, "SAE: " MACSTR
+                                  " indicates support for SAE H2E, but did not use it",
+                                  MAC2STR(sta->addr));
+                       return WLAN_STATUS_UNSPECIFIED_FAILURE;
+               }
  #endif /* CONFIG_SAE */
  
  #ifdef CONFIG_OWE
author	Jouni Malinen <jouni@codeaurora.org>
	Fri, 18 Oct 2019 09:38:11 +0000 (12:38 +0300)
committer	Jouni Malinen <j@w1.fi>
	Fri, 18 Oct 2019 09:48:28 +0000 (12:48 +0300)
src/ap/drv_callbacks.c		patch \| blob \| blame \| history
src/ap/ieee802_11.c		patch \| blob \| blame \| history