sae: support reception of Confirm frame by AP

Experimental AP-mode support for receiving a Confirm frame when in the COMMITTED state. The AP will reply with a Confirm frame. Note that when acting as an AP, on reception of a Commit frame, the AP only replies with a Commit frame. The protocols allows to also already send the Confirm frame, but older clients may not support simultaneously receiving a Commit and Confirm frame.
2024-11-22 14:49:24 +01:00 · 2024-05-05 17:30:31 -07:00 · 2024-05-05 17:30:31 -07:00 · b9e4dfbd40
commit b9e4dfbd40
parent 2e80a09184
1 changed files with 39 additions and 13 deletions
--- a/src/sae.c
+++ b/src/sae.c
@ -887,9 +887,14 @@ static int sae_process_confirm(struct sae_sm *sm, const uint8_t *from,

 	sm->state = SAE_STATE_ACCEPTED;

-	sae_debug("Sending Associate to "MAC, MAC_STR(sm->handshake->aa));
-
+	if (!sm->handshake->authenticator) {
+		sae_debug("Sending Associate to "
+				MAC, MAC_STR(sm->handshake->aa));
 		sm->tx_assoc(sm->user_data);
+	} else {
+		if (!sae_send_confirm(sm))
+			return -EPROTO;
+	}

 	return 0;
 }
@ -1039,16 +1044,37 @@ static int sae_verify_committed(struct sae_sm *sm, uint16_t transaction,
 	unsigned int skip;
 	struct ie_tlv_iter iter;

+	if (sm->handshake->authenticator &&
+			transaction == SAE_STATE_CONFIRMED) {
+		enum l_checksum_type hash =
+			crypto_sae_hash_from_ecc_prime_len(sm->sae_type,
+				l_ecc_curve_get_scalar_bytes(sm->curve));
+		size_t hash_len = l_checksum_digest_length(hash);
+
+		if (len < hash_len + 2) {
+			l_error("SAE: Confirm packet too short");
+			return -EBADMSG;
+		}
+
+		/*
+		 * TODO: Add extra functionality such as supporting
+		 * anti-clogging tokens and tracking rejected groups. Note
+		 * that the cryptographic confirm field value will be checked
+		 * at a later point.
+		 */
+
+		return 0;
+	} else if (transaction == SAE_STATE_CONFIRMED) {
 		/*
 		 * Upon receipt of a Con event...
 		 * Then the protocol instance checks the value of Sync. If it
-	 * is greater than dot11RSNASAESync, the protocol instance shall send a
-	 * Del event to the parent process and transition back to Nothing state.
-	 * If Sync is not greater than dot11RSNASAESync, the protocol instance
-	 * shall increment Sync, transmit the last SAE Commit message sent to
-	 * the peer...
+		 * is greater than dot11RSNASAESync, the protocol instance
+		 * shall send a Del event to the parent process and transition
+		 * back to Nothing state.
+		 * If Sync is not greater than dot11RSNASAESync, the protocol
+		 * instance shall increment Sync, transmit the last SAE Commit
+		 * message sent to the peer...
 		 */
-	if (transaction == SAE_STATE_CONFIRMED) {
 		if (sm->sync > SAE_SYNC_MAX)
 			return -ETIMEDOUT;