3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-09 13:39:23 +01:00
Commit Graph

60 Commits

Author SHA1 Message Date
James Prestwood
73dd0602fd sae: verify peer element for valid point
The return from l_ecc_point_from_data was not being checked for NULL,
which would cause a segfault if the peer sent an invalid point.
This adds a check and fails the protocol if p_element is NULL, as the
spec defines.
2019-01-10 16:26:29 -06:00
James Prestwood
48f5a051bc sae: update SAE to use ELL API's 2019-01-10 14:28:02 -06:00
James Prestwood
0b42ca7c30 crypto: renamed hkdf_256
The RFC (5869) for this implementation defines two functions,
HKDF-Extract and HKDF-Expand. The existing 'hkdf_256' was implementing
the Extract function, so it was renamed appropriately. The name was
changed for consistency when the Expand function will be added in the
future.
2018-11-16 16:30:22 -06:00
Marcel Holtmann
42cfaeb265 sae: Use full include path local includes 2018-10-26 21:29:08 +02:00
James Prestwood
397bf9c0bd crypto: pwd: sae: Made H function common
The "H" function used by SAE and EAP-PWD was effectively the same
function, EAP-PWD just used a zero key for its calls. This removes
the duplicate implementations and merges them into crypto.c as
"hkdf_256".

Since EAP-PWD always uses a zero'ed key, passing in a NULL key to
hkdf_256 will actually use a 32 byte zero'ed array as the key. This
avoids the need for EAP-PWD to store or create a zero'ed key for
every call.

Both the original "H" functions never called va_end, so that was
added to hkdf_256.
2018-09-05 11:12:54 -05:00
James Prestwood
9c71d56444 sae: fix endianness issues
Replaced all calls of l_get_u16 with l_get_le16. This fixes
failures on big-endian hardware.
2018-08-23 12:23:59 -05:00
Denis Kenzior
99253a8689 sae: Fix Wformat warning
src/sae.c:714:3: warning: format ‘%ld’ expects argument of type ‘long
int’, but argument 6 has type ‘size_t’ [-Wformat=]
2018-08-21 10:19:39 -05:00
James Prestwood
b9fac0fd14 sae: fix sae to not hard code peer address
SAE is meant to work in a peer-to-peer fashion where neither side acts
as a dedicated authenticator or supplicant. This was not the case with
the current code. The handshake state authenticator address was hard
coded as the destination address for all packets, which will not work
when mesh comes into play. This also made unit testing the full SAE
procedure with two sae_sm's impossible.

This patch adds a peer address element to sae_sm which is filled with
either aa/spa based on the value of handshake->authenticator
2018-08-15 13:26:45 -05:00
James Prestwood
dd1885de11 sae: remove double sc increment
The send confirm counter is incremented before calling sae_send_confirm
in all cases, but the function itself was also incrementing sc after
sending the packet. This isn't critical to the successful execution of
SAE as the AP just uses the sc value in the packet but it did violate
the 802.11 spec.
2018-08-14 13:13:50 -05:00
James Prestwood
220fb61128 sae: implementation
SAE (Simultaneous Authentication of Equals) takes place during
authentication, and followed by EAPoL/4-way handshake. This
module handles the entire SAE commit/confirm exchange. This was
done similar to eapol.

SAE begins when sae_register is called. At this point a commit
message will be created and sent out which kicks off the SAE
authentication procedure.

The commit/confirm exchange is very similar to EAP-PWD, so all
the ecc utility functions could be re-used as-is. A few new ecc
utility functions were added to conform to the 80211 'blinding'
technique for computing the password element.
2018-08-13 20:40:59 -05:00