Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-02-19 10:33:05 -05:00
Code Issues Projects Releases Wiki Activity

OWE: Try all supported DH groups automatically on STA

Browse Source 
If a specific DH group for OWE is not set with the owe_group parameter,
try all supported DH groups (currently 19, 20, 21) one by one if the AP
keeps rejecting groups with the status code 77.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2017-12-27 21:06:02 +02:00
parent cc15799f6d
commit 2cb40e9f40
5 changed files with 49 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wpa_supplicant/config_ssid.h
View File

@ -889,7 +889,8 @@ struct wpa_ssid {
/** /**
* owe_group - OWE DH Group * owe_group - OWE DH Group
* *
* 0 = use default (19) * 0 = use default (19) first and then try all supported groups one by
* one if AP rejects the selected group
* 1-65535 DH Group to use for OWE * 1-65535 DH Group to use for OWE
* *
* Groups 19 (NIST P-256), 20 (NIST P-384), and 21 (NIST P-521) are * Groups 19 (NIST P-256), 20 (NIST P-384), and 21 (NIST P-521) are

20
wpa_supplicant/events.c
View File

@ -3986,6 +3986,26 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
data->assoc_reject.timeout_reason : ""); data->assoc_reject.timeout_reason : "");
wpa_s->assoc_status_code = data->assoc_reject.status_code; wpa_s->assoc_status_code = data->assoc_reject.status_code;
wpas_notify_assoc_status_code(wpa_s); wpas_notify_assoc_status_code(wpa_s);
#ifdef CONFIG_OWE
if (data->assoc_reject.status_code ==
WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
wpa_s->key_mgmt == WPA_KEY_MGMT_OWE &&
wpa_s->current_ssid &&
wpa_s->current_ssid->owe_group == 0 &&
wpa_s->last_owe_group != 21) {
struct wpa_ssid *ssid = wpa_s->current_ssid;
struct wpa_bss *bss = wpa_s->current_bss;
wpa_printf(MSG_DEBUG,
"OWE: Try next supported DH group");
wpas_connect_work_done(wpa_s);
wpa_supplicant_mark_disassoc(wpa_s);
wpa_supplicant_connect(wpa_s, bss, ssid);
break;
}
#endif /* CONFIG_OWE */
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
sme_event_assoc_reject(wpa_s, data); sme_event_assoc_reject(wpa_s, data);
else { else {

14
wpa_supplicant/sme.c
View File

@ -1204,10 +1204,20 @@ void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,
if (auth_type == WLAN_AUTH_OPEN && if (auth_type == WLAN_AUTH_OPEN &&
wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) { wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
struct wpabuf *owe_ie; struct wpabuf *owe_ie;
u16 group = OWE_DH_GROUP; u16 group;
if (wpa_s->current_ssid && wpa_s->current_ssid->owe_group) if (wpa_s->current_ssid && wpa_s->current_ssid->owe_group) {
group = wpa_s->current_ssid->owe_group; group = wpa_s->current_ssid->owe_group;
} else {
if (wpa_s->last_owe_group == 19)
group = 20;
else if (wpa_s->last_owe_group == 20)
group = 21;
else
group = OWE_DH_GROUP;
}
wpa_s->last_owe_group = group;
wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
owe_ie = owe_build_assoc_req(wpa_s->wpa, group); owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
if (!owe_ie) { if (!owe_ie) {
wpa_printf(MSG_ERROR, wpa_printf(MSG_ERROR,

16
wpa_supplicant/wpa_supplicant.c
View File

@ -2617,10 +2617,20 @@ static u8 * wpas_populate_assoc_ies(
if (algs == WPA_AUTH_ALG_OPEN && if (algs == WPA_AUTH_ALG_OPEN &&
ssid->key_mgmt == WPA_KEY_MGMT_OWE) { ssid->key_mgmt == WPA_KEY_MGMT_OWE) {
struct wpabuf *owe_ie; struct wpabuf *owe_ie;
u16 group = OWE_DH_GROUP; u16 group;
if (ssid->owe_group) if (ssid->owe_group) {
group = ssid->owe_group; group = ssid->owe_group;
} else {
if (wpa_s->last_owe_group == 19)
group = 20;
else if (wpa_s->last_owe_group == 20)
group = 21;
else
group = OWE_DH_GROUP;
}
wpa_s->last_owe_group = group;
wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
owe_ie = owe_build_assoc_req(wpa_s->wpa, group); owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
if (owe_ie && if (owe_ie &&
wpabuf_len(owe_ie) <= max_wpa_ie_len - wpa_ie_len) { wpabuf_len(owe_ie) <= max_wpa_ie_len - wpa_ie_len) {
@ -3405,6 +3415,7 @@ void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
wpa_s->disconnected = 0; wpa_s->disconnected = 0;
wpa_s->reassociate = 1; wpa_s->reassociate = 1;
wpa_s->last_owe_group = 0;
if (wpa_s->connect_without_scan || if (wpa_s->connect_without_scan ||
wpa_supplicant_fast_associate(wpa_s) != 1) { wpa_supplicant_fast_associate(wpa_s) != 1) {
@ -6659,6 +6670,7 @@ void wpas_request_connection(struct wpa_supplicant *wpa_s)
wpa_s->extra_blacklist_count = 0; wpa_s->extra_blacklist_count = 0;
wpa_s->disconnected = 0; wpa_s->disconnected = 0;
wpa_s->reassociate = 1; wpa_s->reassociate = 1;
wpa_s->last_owe_group = 0;
if (wpa_supplicant_fast_associate(wpa_s) != 1) if (wpa_supplicant_fast_associate(wpa_s) != 1)
wpa_supplicant_req_scan(wpa_s, 0, 0); wpa_supplicant_req_scan(wpa_s, 0, 0);

1
wpa_supplicant/wpa_supplicant_i.h
View File

@ -751,6 +751,7 @@ struct wpa_supplicant {
int set_ap_uapsd; int set_ap_uapsd;
int ap_uapsd; int ap_uapsd;
int auth_alg; int auth_alg;
u16 last_owe_group;
#ifdef CONFIG_SME #ifdef CONFIG_SME
struct { struct {