sae: add sae_sm_set_force_group_19
Setter which forces the use of group 19 rather than the group order that ELL provides. Certain APs have been found to have buggy group negotiation and only work if group 19 is tried first, and only. When an AP like this this is found (based on vendor OUI match) SAE will use group 19 unconditionally, and fail if group 19 does not work. Other groups could be tried upon failure but per the spec group 19 must be supported so there isn't much use in trying other, optional groups.
This commit is contained in:
James Prestwood
Denis Kenzior
parent
194b4cf60e
commit
6680a771e8
29
src/sae.c
29
src/sae.c
|
|
@ -83,6 +83,8 @@ struct sae_sm {
|
|||
sae_tx_associate_func_t tx_assoc;
|
||||
void *user_data;
|
||||
enum crypto_sae sae_type;
|
||||
|
||||
bool force_default_group : 1;
|
||||
};
|
||||
|
||||
static enum mmpdu_status_code sae_status_code(struct sae_sm *sm)
|
||||
|
|
@ -139,6 +141,24 @@ static int sae_choose_next_group(struct sae_sm *sm)
|
|||
const unsigned int *ecc_groups = l_ecc_supported_ike_groups();
|
||||
bool reset = sm->group_retry >= 0;
|
||||
|
||||
/*
|
||||
* If this is a buggy AP in which group negotiation is broken use the
|
||||
* default group 19 and fail if this is a retry.
|
||||
*/
|
||||
if (sm->sae_type == CRYPTO_SAE_LOOPING && sm->force_default_group) {
|
||||
if (sm->group_retry != -1) {
|
||||
l_warn("Forced default group but was rejected!");
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
l_debug("Forcing default SAE group 19");
|
||||
|
||||
sm->group_retry++;
|
||||
sm->group = 19;
|
||||
|
||||
goto get_curve;
|
||||
}
|
||||
|
||||
do {
|
||||
sm->group_retry++;
|
||||
|
||||
|
|
@ -151,6 +171,8 @@ static int sae_choose_next_group(struct sae_sm *sm)
|
|||
sae_reset_state(sm);
|
||||
|
||||
sm->group = ecc_groups[sm->group_retry];
|
||||
|
||||
get_curve:
|
||||
sm->curve = l_ecc_curve_from_ike_group(sm->group);
|
||||
|
||||
return 0;
|
||||
|
|
@ -1298,6 +1320,13 @@ bool sae_sm_is_h2e(struct auth_proto *ap)
|
|||
return sm->sae_type != CRYPTO_SAE_LOOPING;
|
||||
}
|
||||
|
||||
void sae_sm_set_force_group_19(struct auth_proto *ap)
|
||||
{
|
||||
struct sae_sm *sm = l_container_of(ap, struct sae_sm, ap);
|
||||
|
||||
sm->force_default_group = true;
|
||||
}
|
||||
|
||||
static void sae_free(struct auth_proto *ap)
|
||||
{
|
||||
struct sae_sm *sm = l_container_of(ap, struct sae_sm, ap);
|
||||
|
|
|
|||
|
|
@ -30,6 +30,8 @@ typedef void (*sae_tx_associate_func_t)(void *user_data);
|
|||
|
||||
bool sae_sm_is_h2e(struct auth_proto *ap);
|
||||
|
||||
void sae_sm_set_force_group_19(struct auth_proto *ap);
|
||||
|
||||
struct auth_proto *sae_sm_new(struct handshake_state *hs,
|
||||
sae_tx_authenticate_func_t tx_auth,
|
||||
sae_tx_associate_func_t tx_assoc,
|
||||
|
|
|
|||
Loading…
Reference in New Issue