Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-02-20 02:53:03 -05:00
Code Issues Projects Releases Wiki Activity

SAE: Expose sae_write_commit() error cases to callers

Browse Source 
Check whether an error is reported from any of the functions that could
in theory fail and if so, do not proceed with the partially filled SAE
commit buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2020-03-08 16:59:42 +02:00
parent 7f1f69e897
commit 10223b501b
5 changed files with 32 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/ap/ieee802_11.c
View File

@ -536,10 +536,13 @@ static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN + buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN +
(rx_id ? 3 + os_strlen(rx_id) : 0)); (rx_id ? 3 + os_strlen(rx_id) : 0));
if (buf == NULL) if (buf &&
return NULL; sae_write_commit(sta->sae, buf, sta->sae->tmp ?
sae_write_commit(sta->sae, buf, sta->sae->tmp ? sta->sae->tmp->anti_clogging_token : NULL,
sta->sae->tmp->anti_clogging_token : NULL, rx_id); rx_id) < 0) {
wpabuf_free(buf);
buf = NULL;
}
return buf; return buf;
} }

3
src/common/common_module_tests.c
View File

@ -434,7 +434,8 @@ static int sae_tests(void)
goto fail; goto fail;
/* Check that output matches the test vector */ /* Check that output matches the test vector */
sae_write_commit(&sae, buf, NULL, pwid); if (sae_write_commit(&sae, buf, NULL, pwid) < 0)
goto fail;
wpa_hexdump_buf(MSG_DEBUG, "SAE: Commit message", buf); wpa_hexdump_buf(MSG_DEBUG, "SAE: Commit message", buf);
if (wpabuf_len(buf) != sizeof(local_commit) || if (wpabuf_len(buf) != sizeof(local_commit) ||

26
src/common/sae.c
View File

@ -1623,13 +1623,13 @@ int sae_process_commit(struct sae_data *sae)
} }
void sae_write_commit(struct sae_data *sae, struct wpabuf *buf, int sae_write_commit(struct sae_data *sae, struct wpabuf *buf,
const struct wpabuf *token, const char *identifier) const struct wpabuf *token, const char *identifier)
{ {
u8 *pos; u8 *pos;
if (sae->tmp == NULL) if (sae->tmp == NULL)
return; return -1;
wpabuf_put_le16(buf, sae->group); /* Finite Cyclic Group */ wpabuf_put_le16(buf, sae->group); /* Finite Cyclic Group */
if (!sae->tmp->h2e && token) { if (!sae->tmp->h2e && token) {
@ -1638,23 +1638,27 @@ void sae_write_commit(struct sae_data *sae, struct wpabuf *buf,
wpabuf_head(token), wpabuf_len(token)); wpabuf_head(token), wpabuf_len(token));
} }
pos = wpabuf_put(buf, sae->tmp->prime_len); pos = wpabuf_put(buf, sae->tmp->prime_len);
crypto_bignum_to_bin(sae->tmp->own_commit_scalar, pos, if (crypto_bignum_to_bin(sae->tmp->own_commit_scalar, pos,
sae->tmp->prime_len, sae->tmp->prime_len); sae->tmp->prime_len, sae->tmp->prime_len) < 0)
return -1;
wpa_hexdump(MSG_DEBUG, "SAE: own commit-scalar", wpa_hexdump(MSG_DEBUG, "SAE: own commit-scalar",
pos, sae->tmp->prime_len); pos, sae->tmp->prime_len);
if (sae->tmp->ec) { if (sae->tmp->ec) {
pos = wpabuf_put(buf, 2 * sae->tmp->prime_len); pos = wpabuf_put(buf, 2 * sae->tmp->prime_len);
crypto_ec_point_to_bin(sae->tmp->ec, if (crypto_ec_point_to_bin(sae->tmp->ec,
sae->tmp->own_commit_element_ecc, sae->tmp->own_commit_element_ecc,
pos, pos + sae->tmp->prime_len); pos, pos + sae->tmp->prime_len) < 0)
return -1;
wpa_hexdump(MSG_DEBUG, "SAE: own commit-element(x)", wpa_hexdump(MSG_DEBUG, "SAE: own commit-element(x)",
pos, sae->tmp->prime_len); pos, sae->tmp->prime_len);
wpa_hexdump(MSG_DEBUG, "SAE: own commit-element(y)", wpa_hexdump(MSG_DEBUG, "SAE: own commit-element(y)",
pos + sae->tmp->prime_len, sae->tmp->prime_len); pos + sae->tmp->prime_len, sae->tmp->prime_len);
} else { } else {
pos = wpabuf_put(buf, sae->tmp->prime_len); pos = wpabuf_put(buf, sae->tmp->prime_len);
crypto_bignum_to_bin(sae->tmp->own_commit_element_ffc, pos, if (crypto_bignum_to_bin(sae->tmp->own_commit_element_ffc, pos,
sae->tmp->prime_len, sae->tmp->prime_len); sae->tmp->prime_len,
sae->tmp->prime_len) < 0)
return -1;
wpa_hexdump(MSG_DEBUG, "SAE: own commit-element", wpa_hexdump(MSG_DEBUG, "SAE: own commit-element",
pos, sae->tmp->prime_len); pos, sae->tmp->prime_len);
} }
@ -1688,6 +1692,8 @@ void sae_write_commit(struct sae_data *sae, struct wpabuf *buf,
"SAE: Anti-clogging token (in container)", "SAE: Anti-clogging token (in container)",
token); token);
} }
return 0;
} }

4
src/common/sae.h
View File

@ -88,8 +88,8 @@ int sae_prepare_commit_pt(struct sae_data *sae, const struct sae_pt *pt,
const u8 *addr1, const u8 *addr2, const u8 *addr1, const u8 *addr2,
int *rejected_groups); int *rejected_groups);
int sae_process_commit(struct sae_data *sae); int sae_process_commit(struct sae_data *sae);
void sae_write_commit(struct sae_data *sae, struct wpabuf *buf, int sae_write_commit(struct sae_data *sae, struct wpabuf *buf,
const struct wpabuf *token, const char *identifier); const struct wpabuf *token, const char *identifier);
u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len, u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
const u8 **token, size_t *token_len, int *allowed_groups, const u8 **token, size_t *token_len, int *allowed_groups,
int h2e); int h2e);

7
wpa_supplicant/sme.c
View File

@ -182,8 +182,11 @@ reuse_data:
wpabuf_put_le16(buf, use_pt ? WLAN_STATUS_SAE_HASH_TO_ELEMENT : wpabuf_put_le16(buf, use_pt ? WLAN_STATUS_SAE_HASH_TO_ELEMENT :
WLAN_STATUS_SUCCESS); WLAN_STATUS_SUCCESS);
} }
sae_write_commit(&wpa_s->sme.sae, buf, wpa_s->sme.sae_token, if (sae_write_commit(&wpa_s->sme.sae, buf, wpa_s->sme.sae_token,
ssid->sae_password_id); ssid->sae_password_id) < 0) {
wpabuf_free(buf);
return NULL;
}
if (ret_use_pt) if (ret_use_pt)
*ret_use_pt = use_pt; *ret_use_pt = use_pt;