Jouni Malinen
09200a1166
SAE: Use EC group context for peer-commit-scalar validation
...
Do not use the hardcoded group19_order/group19_prime buffers for this to
allow group negotiation.
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
c5eb5b1999
SAE: Use EC group context for random number generation
...
Do not use the hardcoded group19_order/group19_prime buffers for this to
allow group negotiation.
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
ce46ec8df0
SAE: Store the group order in EC context data
...
This makes the SAE implementation a bit simpler by not having to build
the bignum for group order during execution.
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
4925b303db
SAE: Use defines for key lengths
...
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
7babd2539c
SAE: Add a define for maximum supported prime length
...
This can be used to increase buffer sizes when adding support for new
groups.
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
12e06dc228
SAE: Use sae->prime_len instead of hardcoded 32
...
This is needed to allow multiple groups to be supported.
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
19a5bd0a25
SAE: Use the EC context from struct sae_data
...
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
a46d72d7d7
SAE: Maintain EC group context in struct sae_data
...
This can be used to share same EC group context through the SAE
exchange.
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
aadabe7045
SAE: Use crypto wrappers instead of direct OpenSSL calls
...
This makes the SAE implementation independent of the crypto/bignum
library.
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
d136c376f2
SAE: Add support for Anti-Clogging mechanism
...
hostapd can now be configured to use anti-clogging mechanism based on
the new sae_anti_clogging_threshold parameter (which is
dot11RSNASAEAntiCloggingThreshold in the standard). The token is
generated using a temporary key and the peer station's MAC address.
wpa_supplicant will re-try SAE authentication with the token included if
commit message is rejected with a token request.
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
4838ff3ef4
SAE: Do not allow re-use of peer-scalar in a new protocol instance
...
IEEE Std 802.11-2012, 11.3.8.6.1: If there is a protocol instance for
the peer and it is in Authenticated state, the new Commit Message
shall be dropped if the peer-scalar is identical to the one used in
the existing protocol instance.
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
f2e9818f73
SAE: Add processing of the confirm message
...
This adds validation of the received confirm messages for SAE.
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
fb8fcc2950
SAE: Add generation of the confirm message fields
...
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
146f6c9a00
SAE: Add processing of the commit message
...
This adds validation of the received commit messages and key derivation
for SAE.
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
8e31e9550a
SAE: Add generation of the commit message fields
...
This adds derivation of PWE and the needed commit values so that the
full SAE commit message can be built.
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00