SAE: Tell sae_parse_commit() whether H2E is used

This will be needed to help parsing the received SAE commit.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 0152cf5631f1faafe9115b951ecd02eb7eaa77e5..b1d520874d964b9901544921acbb651a9e9c6f91 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1139,7 +1139,8 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
                resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
                                        ((const u8 *) mgmt) + len -
                                        mgmt->u.auth.variable, &token,
-                                       &token_len, groups);
+                                       &token_len, groups, status_code ==
+                                       WLAN_STATUS_SAE_HASH_TO_ELEMENT);
                if (resp == SAE_SILENTLY_DISCARD) {
                        wpa_printf(MSG_DEBUG,
                                   "SAE: Drop commit message from " MACSTR " due to reflection attack",

diff --git a/src/common/common_module_tests.c b/src/common/common_module_tests.c
index 30c52476bbed8a3f622ea50be76dbd7a445980fd..0263709ecdb8ce03cccfb11e7fcb46bf8d97db04 100644 (file)
--- a/src/common/common_module_tests.c
+++ b/src/common/common_module_tests.c
@@ -377,7 +377,7 @@ static int sae_tests(void)
        }
 
        if (sae_parse_commit(&sae, peer_commit, sizeof(peer_commit), NULL, NULL,
-                   NULL) != 0 ||
+                            NULL, 0) != 0 ||
            sae_process_commit(&sae) < 0)
                goto fail;
 

diff --git a/src/common/sae.c b/src/common/sae.c
index 3960914072807bad4962f5326dbcdf16865611e9..30a5e187dd1a7bc445915c8a467a95f99039ab8f 100644 (file)
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -1099,7 +1099,8 @@ static int sae_parse_password_identifier(struct sae_data *sae,
 
 
 u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
-                    const u8 **token, size_t *token_len, int *allowed_groups)
+                    const u8 **token, size_t *token_len, int *allowed_groups,
+                    int h2e)
 {
        const u8 *pos = data, *end = data + len;
        u16 res;

diff --git a/src/common/sae.h b/src/common/sae.h
index 10f9302e3d63e68c98a41ba2358b0e8f03fbfa65..ef7cf9167bad89bbf61a3679a3a1772ad7c843f5 100644 (file)
--- a/src/common/sae.h
+++ b/src/common/sae.h
@@ -72,7 +72,8 @@ int sae_process_commit(struct sae_data *sae);
 void sae_write_commit(struct sae_data *sae, struct wpabuf *buf,
                      const struct wpabuf *token, const char *identifier);
 u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
-                    const u8 **token, size_t *token_len, int *allowed_groups);
+                    const u8 **token, size_t *token_len, int *allowed_groups,
+                    int h2e);
 void sae_write_confirm(struct sae_data *sae, struct wpabuf *buf);
 int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len);
 u16 sae_group_allowed(struct sae_data *sae, int *allowed_groups, u16 group);

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index ad533a148186b11c2cc494432dbe90f59831d1de..0e42542d94433fa17372d8e5f8d733dab994a615 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -1150,7 +1150,8 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
                if (groups && groups[0] <= 0)
                        groups = NULL;
                res = sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,
-                                      groups);
+                                      groups, status_code ==
+                                      WLAN_STATUS_SAE_HASH_TO_ELEMENT);
                if (res == SAE_SILENTLY_DISCARD) {
                        wpa_printf(MSG_DEBUG,
                                   "SAE: Drop commit message due to reflection attack");