mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-11-25 17:59:25 +01:00
sae: support reception of Confirm frame by AP
Experimental AP-mode support for receiving a Confirm frame when in the COMMITTED state. The AP will reply with a Confirm frame. Note that when acting as an AP, on reception of a Commit frame, the AP only replies with a Commit frame. The protocols allows to also already send the Confirm frame, but older clients may not support simultaneously receiving a Commit and Confirm frame.
This commit is contained in:
parent
2e80a09184
commit
b9e4dfbd40
52
src/sae.c
52
src/sae.c
@ -887,9 +887,14 @@ static int sae_process_confirm(struct sae_sm *sm, const uint8_t *from,
|
||||
|
||||
sm->state = SAE_STATE_ACCEPTED;
|
||||
|
||||
sae_debug("Sending Associate to "MAC, MAC_STR(sm->handshake->aa));
|
||||
|
||||
sm->tx_assoc(sm->user_data);
|
||||
if (!sm->handshake->authenticator) {
|
||||
sae_debug("Sending Associate to "
|
||||
MAC, MAC_STR(sm->handshake->aa));
|
||||
sm->tx_assoc(sm->user_data);
|
||||
} else {
|
||||
if (!sae_send_confirm(sm))
|
||||
return -EPROTO;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -1039,16 +1044,37 @@ static int sae_verify_committed(struct sae_sm *sm, uint16_t transaction,
|
||||
unsigned int skip;
|
||||
struct ie_tlv_iter iter;
|
||||
|
||||
/*
|
||||
* Upon receipt of a Con event...
|
||||
* Then the protocol instance checks the value of Sync. If it
|
||||
* is greater than dot11RSNASAESync, the protocol instance shall send a
|
||||
* Del event to the parent process and transition back to Nothing state.
|
||||
* If Sync is not greater than dot11RSNASAESync, the protocol instance
|
||||
* shall increment Sync, transmit the last SAE Commit message sent to
|
||||
* the peer...
|
||||
*/
|
||||
if (transaction == SAE_STATE_CONFIRMED) {
|
||||
if (sm->handshake->authenticator &&
|
||||
transaction == SAE_STATE_CONFIRMED) {
|
||||
enum l_checksum_type hash =
|
||||
crypto_sae_hash_from_ecc_prime_len(sm->sae_type,
|
||||
l_ecc_curve_get_scalar_bytes(sm->curve));
|
||||
size_t hash_len = l_checksum_digest_length(hash);
|
||||
|
||||
if (len < hash_len + 2) {
|
||||
l_error("SAE: Confirm packet too short");
|
||||
return -EBADMSG;
|
||||
}
|
||||
|
||||
/*
|
||||
* TODO: Add extra functionality such as supporting
|
||||
* anti-clogging tokens and tracking rejected groups. Note
|
||||
* that the cryptographic confirm field value will be checked
|
||||
* at a later point.
|
||||
*/
|
||||
|
||||
return 0;
|
||||
} else if (transaction == SAE_STATE_CONFIRMED) {
|
||||
/*
|
||||
* Upon receipt of a Con event...
|
||||
* Then the protocol instance checks the value of Sync. If it
|
||||
* is greater than dot11RSNASAESync, the protocol instance
|
||||
* shall send a Del event to the parent process and transition
|
||||
* back to Nothing state.
|
||||
* If Sync is not greater than dot11RSNASAESync, the protocol
|
||||
* instance shall increment Sync, transmit the last SAE Commit
|
||||
* message sent to the peer...
|
||||
*/
|
||||
if (sm->sync > SAE_SYNC_MAX)
|
||||
return -ETIMEDOUT;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user