mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 10:54:03 -05:00
SAE: Allow PMKID to be added into Association Request frame following SAE
IEEE Std 802.11-2016 does not require this behavior from a SAE STA, but it is not disallowed either, so it is useful to have an option to identify the derived PMKSA in the immediately following Association Request frames. This is disabled by default (i.e., no change to previous behavior) and can be enabled with a global wpa_supplicant configuration parameter sae_pmkid_in_assoc=1. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
2ca23faf1c
commit
d2b2083843
@ -4828,6 +4828,7 @@ static const struct global_parse_data global_fields[] = {
|
||||
{ INT(okc), 0 },
|
||||
{ INT(pmf), 0 },
|
||||
{ FUNC(sae_groups), 0 },
|
||||
{ INT_RANGE(sae_pmkid_in_assoc, 0, 1), 0 },
|
||||
{ INT(dtim_period), 0 },
|
||||
{ INT(beacon_int), 0 },
|
||||
{ FUNC(ap_vendor_elements), 0 },
|
||||
|
@ -1164,6 +1164,11 @@ struct wpa_config {
|
||||
*/
|
||||
int *sae_groups;
|
||||
|
||||
/**
|
||||
* sae_pmkid_in_assoc - Whether to include PMKID in SAE Assoc Req
|
||||
*/
|
||||
int sae_pmkid_in_assoc;
|
||||
|
||||
/**
|
||||
* dtim_period - Default DTIM period in Beacon intervals
|
||||
*
|
||||
|
@ -1390,6 +1390,10 @@ static void wpa_config_write_global(FILE *f, struct wpa_config *config)
|
||||
fprintf(f, "\n");
|
||||
}
|
||||
|
||||
if (config->sae_pmkid_in_assoc)
|
||||
fprintf(f, "sae_pmkid_in_assoc=%d\n",
|
||||
config->sae_pmkid_in_assoc);
|
||||
|
||||
if (config->ap_vendor_elements) {
|
||||
int i, len = wpabuf_len(config->ap_vendor_elements);
|
||||
const u8 *p = wpabuf_head_u8(config->ap_vendor_elements);
|
||||
|
@ -1197,6 +1197,37 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
|
||||
}
|
||||
|
||||
|
||||
static int sme_sae_set_pmk(struct wpa_supplicant *wpa_s)
|
||||
{
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"SME: SAE completed - setting PMK for 4-way handshake");
|
||||
wpa_sm_set_pmk(wpa_s->wpa, wpa_s->sme.sae.pmk, PMK_LEN,
|
||||
wpa_s->sme.sae.pmkid, wpa_s->pending_bssid);
|
||||
if (wpa_s->conf->sae_pmkid_in_assoc) {
|
||||
/* Update the own RSNE contents now that we have set the PMK
|
||||
* and added a PMKSA cache entry based on the successfully
|
||||
* completed SAE exchange. In practice, this will add the PMKID
|
||||
* into RSNE. */
|
||||
if (wpa_s->sme.assoc_req_ie_len + 2 + PMKID_LEN >
|
||||
sizeof(wpa_s->sme.assoc_req_ie)) {
|
||||
wpa_msg(wpa_s, MSG_WARNING,
|
||||
"RSN: Not enough room for inserting own PMKID into RSNE");
|
||||
return -1;
|
||||
}
|
||||
if (wpa_insert_pmkid(wpa_s->sme.assoc_req_ie,
|
||||
&wpa_s->sme.assoc_req_ie_len,
|
||||
wpa_s->sme.sae.pmkid) < 0)
|
||||
return -1;
|
||||
wpa_hexdump(MSG_DEBUG,
|
||||
"SME: Updated Association Request IEs",
|
||||
wpa_s->sme.assoc_req_ie,
|
||||
wpa_s->sme.assoc_req_ie_len);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
void sme_external_auth_mgmt_rx(struct wpa_supplicant *wpa_s,
|
||||
const u8 *auth_frame, size_t len)
|
||||
{
|
||||
@ -1230,10 +1261,8 @@ void sme_external_auth_mgmt_rx(struct wpa_supplicant *wpa_s,
|
||||
if (res != 1)
|
||||
return;
|
||||
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"SME: SAE completed - setting PMK for 4-way handshake");
|
||||
wpa_sm_set_pmk(wpa_s->wpa, wpa_s->sme.sae.pmk, PMK_LEN,
|
||||
wpa_s->sme.sae.pmkid, wpa_s->pending_bssid);
|
||||
if (sme_sae_set_pmk(wpa_s) < 0)
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1286,10 +1315,8 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
|
||||
if (res != 1)
|
||||
return;
|
||||
|
||||
wpa_printf(MSG_DEBUG, "SME: SAE completed - setting PMK for "
|
||||
"4-way handshake");
|
||||
wpa_sm_set_pmk(wpa_s->wpa, wpa_s->sme.sae.pmk, PMK_LEN,
|
||||
wpa_s->sme.sae.pmkid, wpa_s->pending_bssid);
|
||||
if (sme_sae_set_pmk(wpa_s) < 0)
|
||||
return;
|
||||
}
|
||||
#endif /* CONFIG_SAE */
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user