3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 04:32:37 +01:00

sae: add sae_sm_set_force_group_19

Setter which forces the use of group 19 rather than the group order
that ELL provides. Certain APs have been found to have buggy group
negotiation and only work if group 19 is tried first, and only. When
an AP like this this is found (based on vendor OUI match) SAE will
use group 19 unconditionally, and fail if group 19 does not work.
Other groups could be tried upon failure but per the spec group 19
must be supported so there isn't much use in trying other, optional
groups.
This commit is contained in:
James Prestwood 2021-08-25 10:12:56 -07:00 committed by Denis Kenzior
parent 194b4cf60e
commit 6680a771e8
2 changed files with 31 additions and 0 deletions

View File

@ -83,6 +83,8 @@ struct sae_sm {
sae_tx_associate_func_t tx_assoc;
void *user_data;
enum crypto_sae sae_type;
bool force_default_group : 1;
};
static enum mmpdu_status_code sae_status_code(struct sae_sm *sm)
@ -139,6 +141,24 @@ static int sae_choose_next_group(struct sae_sm *sm)
const unsigned int *ecc_groups = l_ecc_supported_ike_groups();
bool reset = sm->group_retry >= 0;
/*
* If this is a buggy AP in which group negotiation is broken use the
* default group 19 and fail if this is a retry.
*/
if (sm->sae_type == CRYPTO_SAE_LOOPING && sm->force_default_group) {
if (sm->group_retry != -1) {
l_warn("Forced default group but was rejected!");
return -ENOENT;
}
l_debug("Forcing default SAE group 19");
sm->group_retry++;
sm->group = 19;
goto get_curve;
}
do {
sm->group_retry++;
@ -151,6 +171,8 @@ static int sae_choose_next_group(struct sae_sm *sm)
sae_reset_state(sm);
sm->group = ecc_groups[sm->group_retry];
get_curve:
sm->curve = l_ecc_curve_from_ike_group(sm->group);
return 0;
@ -1298,6 +1320,13 @@ bool sae_sm_is_h2e(struct auth_proto *ap)
return sm->sae_type != CRYPTO_SAE_LOOPING;
}
void sae_sm_set_force_group_19(struct auth_proto *ap)
{
struct sae_sm *sm = l_container_of(ap, struct sae_sm, ap);
sm->force_default_group = true;
}
static void sae_free(struct auth_proto *ap)
{
struct sae_sm *sm = l_container_of(ap, struct sae_sm, ap);

View File

@ -30,6 +30,8 @@ typedef void (*sae_tx_associate_func_t)(void *user_data);
bool sae_sm_is_h2e(struct auth_proto *ap);
void sae_sm_set_force_group_19(struct auth_proto *ap);
struct auth_proto *sae_sm_new(struct handshake_state *hs,
sae_tx_authenticate_func_t tx_auth,
sae_tx_associate_func_t tx_assoc,