From 8ca638fb889c4dd3ba88d29aeebc7d970b51d036 Mon Sep 17 00:00:00 2001
From: James Prestwood <prestwoj@gmail.com>
Date: Wed, 8 Sep 2021 11:18:58 -0700
Subject: [PATCH] sae: fix a spec violation with duplicate commits

If a commit is received while in an accepted state the spec states
the scalar should be checked against the previous commit and if
equal the message should be silently dropped.
---
 src/sae.c | 28 +++++++++++++++++++++++++---
 1 file changed, 25 insertions(+), 3 deletions(-)

diff --git a/src/sae.c b/src/sae.c
index 62fd6c88..c14b646f 100644
--- a/src/sae.c
+++ b/src/sae.c
@@ -1182,10 +1182,32 @@ static int sae_verify_accepted(struct sae_sm *sm, uint16_t trans,
 {
 	uint16_t sc;
 
-	/* spec does not specify what to do here, so print and discard */
-	if (trans != SAE_STATE_CONFIRMED) {
+	/*
+	 * 12.4.8.6.1 Parent process behavior
+	 *
+	 * "Upon receipt of an SAE Commit message... and it is in Accepted
+	 * state, the scalar in the received frame is checked against the
+	 * peer-scalar used in authentication of the existing protocol instance
+	 * (in Accepted state). If it is identical, the frame shall be dropped"
+	 */
+	if (trans == SAE_STATE_COMMITTED) {
+		bool drop;
+		unsigned int nbytes = l_ecc_curve_get_scalar_bytes(sm->curve);
+		struct l_ecc_scalar *p_scalar;
+
+		if (len < nbytes + 2)
+			return -EMSGSIZE;
+
+		p_scalar = l_ecc_scalar_new(sm->curve, frame + 2, nbytes);
+
+		drop = l_ecc_scalars_are_equal(sm->p_scalar, p_scalar);
+		l_ecc_scalar_free(p_scalar);
+
+		if (drop)
+			return -EBADMSG;
+
 		l_error("received transaction %u in accepted state", trans);
-		return -EBADMSG;
+		return -EPROTO;
 	}
 
 	if (sm->sync > SAE_SYNC_MAX)