mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
WPS: Allow SAE configuration to be added automatically for PSK
The new wpa_supplicant configuration parameter wps_cred_add_sae=1 can be used to request wpa_supplicant to add SAE configuration whenever WPS is used to provision WPA2-PSK credentials and the credential includes a passphrase (instead of PSK). This can be used to enable WPA3-Personal transition mode with both SAE and PSK enabled and also with PMF enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
fc30f99b34
commit
339dc8bd6b
@ -4753,6 +4753,7 @@ static const struct global_parse_data global_fields[] = {
|
||||
{ FUNC(os_version), CFG_CHANGED_OS_VERSION },
|
||||
{ STR(config_methods), CFG_CHANGED_CONFIG_METHODS },
|
||||
{ INT_RANGE(wps_cred_processing, 0, 2), 0 },
|
||||
{ INT_RANGE(wps_cred_add_sae, 0, 1), 0 },
|
||||
{ FUNC(wps_vendor_ext_m1), CFG_CHANGED_VENDOR_EXTENSION },
|
||||
#endif /* CONFIG_WPS */
|
||||
#ifdef CONFIG_P2P
|
||||
|
@ -745,6 +745,16 @@ struct wpa_config {
|
||||
*/
|
||||
int wps_cred_processing;
|
||||
|
||||
/**
|
||||
* wps_cred_add_sae - Whether to enable SAE automatically for WPS
|
||||
*
|
||||
* 0 = only add the explicitly listed WPA2-PSK configuration
|
||||
* 1 = add both the WPA2-PSK and SAE configuration and enable PMF so
|
||||
* that the station gets configured in WPA3-Personal transition mode
|
||||
* (supports both WPA2-Personal (PSK) and WPA3-Personal (SAE) APs).
|
||||
*/
|
||||
int wps_cred_add_sae;
|
||||
|
||||
#define MAX_SEC_DEVICE_TYPES 5
|
||||
/**
|
||||
* sec_device_types - Secondary Device Types (P2P)
|
||||
|
@ -1187,6 +1187,9 @@ static void wpa_config_write_global(FILE *f, struct wpa_config *config)
|
||||
if (config->wps_cred_processing)
|
||||
fprintf(f, "wps_cred_processing=%d\n",
|
||||
config->wps_cred_processing);
|
||||
if (config->wps_cred_add_sae)
|
||||
fprintf(f, "wps_cred_add_sae=%d\n",
|
||||
config->wps_cred_add_sae);
|
||||
if (config->wps_vendor_ext_m1) {
|
||||
int i, len = wpabuf_len(config->wps_vendor_ext_m1);
|
||||
const u8 *p = wpabuf_head_u8(config->wps_vendor_ext_m1);
|
||||
|
@ -255,6 +255,8 @@ static int wpa_config_read_global(struct wpa_config *config, HKEY hk)
|
||||
errors++;
|
||||
wpa_config_read_reg_dword(hk, TEXT("wps_cred_processing"),
|
||||
&config->wps_cred_processing);
|
||||
wpa_config_read_reg_dword(hk, TEXT("wps_cred_add_sae"),
|
||||
&config->wps_cred_add_sae);
|
||||
#endif /* CONFIG_WPS */
|
||||
#ifdef CONFIG_P2P
|
||||
config->p2p_ssid_postfix = wpa_config_read_reg_string(
|
||||
@ -604,6 +606,8 @@ static int wpa_config_write_global(struct wpa_config *config, HKEY hk)
|
||||
}
|
||||
wpa_config_write_reg_dword(hk, TEXT("wps_cred_processing"),
|
||||
config->wps_cred_processing, 0);
|
||||
wpa_config_write_reg_dword(hk, TEXT("wps_cred_add_sae"),
|
||||
config->wps_cred_add_sae, 0);
|
||||
#endif /* CONFIG_WPS */
|
||||
#ifdef CONFIG_P2P
|
||||
wpa_config_write_reg_string(hk, "p2p_ssid_postfix",
|
||||
|
@ -282,6 +282,14 @@ fast_reauth=1
|
||||
# to external program(s)
|
||||
#wps_cred_processing=0
|
||||
|
||||
# Whether to enable SAE (WPA3-Personal transition mode) automatically for
|
||||
# WPA2-PSK credentials received using WPS.
|
||||
# 0 = only add the explicitly listed WPA2-PSK configuration (default)
|
||||
# 1 = add both the WPA2-PSK and SAE configuration and enable PMF so that the
|
||||
# station gets configured in WPA3-Personal transition mode (supports both
|
||||
# WPA2-Personal (PSK) and WPA3-Personal (SAE) APs).
|
||||
#wps_cred_add_sae=0
|
||||
|
||||
# Vendor attribute in WPS M1, e.g., Windows 7 Vertical Pairing
|
||||
# The vendor attribute contents to be added in M1 (hex string)
|
||||
#wps_vendor_ext_m1=000137100100020001
|
||||
|
@ -530,11 +530,18 @@ static int wpa_supplicant_wps_cred(void *ctx,
|
||||
case WPS_AUTH_WPA2PSK:
|
||||
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
|
||||
ssid->key_mgmt = WPA_KEY_MGMT_PSK;
|
||||
if (wpa_s->conf->wps_cred_add_sae &&
|
||||
cred->key_len != 2 * PMK_LEN) {
|
||||
ssid->key_mgmt |= WPA_KEY_MGMT_SAE;
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
}
|
||||
ssid->proto = WPA_PROTO_RSN;
|
||||
break;
|
||||
}
|
||||
|
||||
if (ssid->key_mgmt == WPA_KEY_MGMT_PSK) {
|
||||
if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) {
|
||||
if (cred->key_len == 2 * PMK_LEN) {
|
||||
if (hexstr2bin((const char *) cred->key, ssid->psk,
|
||||
PMK_LEN)) {
|
||||
|
Loading…
Reference in New Issue
Block a user