From owner-dev-commits-src-all@freebsd.org Mon Apr 12 23:48:12 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 862965E2691 for ; Mon, 12 Apr 2021 23:48:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FK55m33Z2z3JCR; Mon, 12 Apr 2021 23:48:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5BC1220844; Mon, 12 Apr 2021 23:48:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 13CNmCuc043844; Mon, 12 Apr 2021 23:48:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 13CNmC8X043843; Mon, 12 Apr 2021 23:48:12 GMT (envelope-from git) Date: Mon, 12 Apr 2021 23:48:12 GMT Message-Id: <202104122348.13CNmC8X043843@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org From: Cy Schubert Subject: git: efec8223892b - vendor/wpa - wpa: Import wpa_supplicant/hostapd commit f91680c15 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/vendor/wpa X-Git-Reftype: branch X-Git-Commit: efec8223892b3e677acb46eae84ec3534989971f Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Apr 2021 23:48:12 -0000 The branch vendor/wpa has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=efec8223892b3e677acb46eae84ec3534989971f commit efec8223892b3e677acb46eae84ec3534989971f Author: Cy Schubert AuthorDate: 2021-04-12 23:39:23 +0000 Commit: Cy Schubert CommitDate: 2021-04-12 23:46:23 +0000 wpa: Import wpa_supplicant/hostapd commit f91680c15 This is the April update to vendor/wpa committed upstream 2021/04/07. --- hostapd/config_file.c | 33 ++- hostapd/ctrl_iface.c | 33 +++ hostapd/hostapd.conf | 24 +- src/ap/airtime_policy.c | 4 + src/ap/ap_config.c | 5 + src/ap/ap_config.h | 11 + src/ap/ap_drv_ops.h | 13 + src/ap/dpp_hostapd.c | 17 +- src/ap/drv_callbacks.c | 4 +- src/ap/hostapd.c | 6 +- src/ap/hostapd.h | 2 + src/ap/ieee802_11.c | 123 ++++++-- src/ap/ieee802_11_shared.c | 69 +---- src/ap/sta_info.h | 1 + src/ap/wpa_auth.c | 8 +- src/ap/wpa_auth_ft.c | 3 +- src/common/common_module_tests.c | 131 +++------ src/common/ieee802_11_common.c | 29 ++ src/common/ieee802_11_common.h | 3 + src/common/qca-vendor.h | 42 +++ src/common/sae.c | 59 ++-- src/common/sae.h | 2 +- src/common/wpa_common.c | 4 +- src/common/wpa_common.h | 4 +- src/crypto/crypto_openssl.c | 2 + src/drivers/driver.h | 6 + src/drivers/driver_nl80211.c | 65 +++- src/drivers/driver_nl80211_capa.c | 2 +- src/eap_common/eap_sim_common.c | 24 ++ src/rsn_supp/wpa.c | 12 +- src/rsn_supp/wpa_ft.c | 8 +- src/wps/wps_registrar.c | 40 +-- tests/hwsim/example-hostapd.config | 1 + tests/hwsim/hostapd.py | 16 +- tests/hwsim/test_ap_eap.py | 1 + tests/hwsim/test_ap_ft.py | 30 +- tests/hwsim/test_ap_ht.py | 69 +++-- tests/hwsim/test_ap_params.py | 61 ++++ tests/hwsim/test_ap_psk.py | 16 + tests/hwsim/test_ap_track.py | 32 ++ tests/hwsim/test_ap_wps.py | 108 ++++++- tests/hwsim/test_dpp.py | 524 +++++++++++++++++++++++++++++++++ tests/hwsim/test_eap_proto.py | 8 +- tests/hwsim/test_fils.py | 51 ++++ tests/hwsim/test_he.py | 22 +- tests/hwsim/test_ieee8021x.py | 17 ++ tests/hwsim/test_mbo.py | 31 +- tests/hwsim/test_mscs.py | 231 +++++++++++++++ tests/hwsim/test_multi_ap.py | 12 +- tests/hwsim/test_ocv.py | 57 +++- tests/hwsim/test_p2p_discovery.py | 51 ++++ tests/hwsim/test_pasn.py | 235 ++++++++++++--- tests/hwsim/test_pmksa_cache.py | 14 + tests/hwsim/test_rrm.py | 14 + tests/hwsim/test_wnm.py | 37 ++- tests/hwsim/test_wpas_ctrl.py | 10 + tests/hwsim/vm/inside.sh | 5 + wpa_supplicant/ctrl_iface.c | 216 ++++++++++++-- wpa_supplicant/ctrl_iface.h | 10 +- wpa_supplicant/ctrl_iface_named_pipe.c | 5 +- wpa_supplicant/ctrl_iface_udp.c | 6 +- wpa_supplicant/ctrl_iface_unix.c | 43 ++- wpa_supplicant/eapol_test.c | 6 +- wpa_supplicant/events.c | 7 +- wpa_supplicant/mesh_rsn.c | 1 - wpa_supplicant/pasn_supplicant.c | 196 +++++++++--- wpa_supplicant/preauth_test.c | 6 +- wpa_supplicant/robust_av.c | 2 +- wpa_supplicant/sme.c | 1 - wpa_supplicant/wpa_supplicant.c | 10 +- wpa_supplicant/wpa_supplicant_i.h | 7 +- 71 files changed, 2511 insertions(+), 447 deletions(-) diff --git a/hostapd/config_file.c b/hostapd/config_file.c index fd9bc0e9fced..e05c81366d9b 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -2332,6 +2332,22 @@ fail: #endif /* CONFIG_DPP2 */ +static int get_hex_config(u8 *buf, size_t max_len, int line, + const char *field, const char *val) +{ + size_t hlen = os_strlen(val), len = hlen / 2; + u8 tmp[EXT_CAPA_MAX_LEN]; + + os_memset(tmp, 0, EXT_CAPA_MAX_LEN); + if (hlen & 1 || len > EXT_CAPA_MAX_LEN || hexstr2bin(val, tmp, len)) { + wpa_printf(MSG_ERROR, "Line %d: Invalid %s", line, field); + return -1; + } + os_memcpy(buf, tmp, EXT_CAPA_MAX_LEN); + return 0; +} + + static int hostapd_config_fill(struct hostapd_config *conf, struct hostapd_bss_config *bss, const char *buf, char *pos, int line) @@ -2458,12 +2474,13 @@ static int hostapd_config_fill(struct hostapd_config *conf, bss->ieee802_1x = atoi(pos); } else if (os_strcmp(buf, "eapol_version") == 0) { int eapol_version = atoi(pos); - #ifdef CONFIG_MACSEC - if (eapol_version < 1 || eapol_version > 3) { + int max_ver = 3; #else /* CONFIG_MACSEC */ - if (eapol_version < 1 || eapol_version > 2) { + int max_ver = 2; #endif /* CONFIG_MACSEC */ + + if (eapol_version < 1 || eapol_version > max_ver) { wpa_printf(MSG_ERROR, "Line %d: invalid EAPOL version (%d): '%s'.", line, eapol_version, pos); @@ -4675,7 +4692,17 @@ static int hostapd_config_fill(struct hostapd_config *conf, line, pos); return 1; } + } else if (os_strcmp(buf, "pasn_comeback_after") == 0) { + bss->pasn_comeback_after = atoi(pos); #endif /* CONFIG_PASN */ + } else if (os_strcmp(buf, "ext_capa_mask") == 0) { + if (get_hex_config(bss->ext_capa_mask, EXT_CAPA_MAX_LEN, + line, "ext_capa_mask", pos)) + return 1; + } else if (os_strcmp(buf, "ext_capa") == 0) { + if (get_hex_config(bss->ext_capa, EXT_CAPA_MAX_LEN, + line, "ext_capa", pos)) + return 1; } else { wpa_printf(MSG_ERROR, "Line %d: unknown configuration item '%s'", diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c index 62fa51e91c20..b39f40252f29 100644 --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c @@ -1469,6 +1469,8 @@ static int hostapd_ctrl_iface_set(struct hostapd_data *hapd, char *cmd) hapd->ext_mgmt_frame_handling = atoi(value); } else if (os_strcasecmp(cmd, "ext_eapol_frame_io") == 0) { hapd->ext_eapol_frame_io = atoi(value); + } else if (os_strcasecmp(cmd, "force_backlog_bytes") == 0) { + hapd->force_backlog_bytes = atoi(value); #ifdef CONFIG_DPP } else if (os_strcasecmp(cmd, "dpp_config_obj_override") == 0) { os_free(hapd->dpp_config_obj_override); @@ -2562,6 +2564,34 @@ static int hostapd_ctrl_get_pmk(struct hostapd_data *hapd, const char *cmd, return wpa_snprintf_hex(buf, buflen, pmk, pmk_len); } + +static int hostapd_ctrl_register_frame(struct hostapd_data *hapd, + const char *cmd) +{ + u16 type; + char *pos, *end; + u8 match[10]; + size_t match_len; + bool multicast = false; + + type = strtol(cmd, &pos, 16); + if (*pos != ' ') + return -1; + pos++; + end = os_strchr(pos, ' '); + if (end) { + match_len = end - pos; + multicast = os_strstr(end, "multicast") != NULL; + } else { + match_len = os_strlen(pos) / 2; + } + if (hexstr2bin(pos, match, match_len)) + return -1; + + return hostapd_drv_register_frame(hapd, type, match, match_len, + multicast); +} + #endif /* CONFIG_TESTING_OPTIONS */ @@ -3646,6 +3676,9 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd, } else if (os_strncmp(buf, "GET_PMK ", 8) == 0) { reply_len = hostapd_ctrl_get_pmk(hapd, buf + 8, reply, reply_size); + } else if (os_strncmp(buf, "REGISTER_FRAME ", 15) == 0) { + if (hostapd_ctrl_register_frame(hapd, buf + 16) < 0) + reply_len = -1; #endif /* CONFIG_TESTING_OPTIONS */ } else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) { if (hostapd_ctrl_iface_chan_switch(hapd->iface, buf + 12)) diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index e3ee8b2a0c1b..7932cb862f48 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -877,18 +877,31 @@ wmm_ac_vo_acm=0 #he_mu_edca_ac_vo_timer=255 # Spatial Reuse Parameter Set +# +# SR Control field value +# B0 = PSR Disallowed +# B1 = Non-SRG OBSS PD SR Disallowed +# B2 = Non-SRG Offset Present +# B3 = SRG Information Present +# B4 = HESIGA_Spatial_reuse_value15_allowed #he_spr_sr_control +# +# Non-SRG OBSS PD Max Offset (included if he_spr_sr_control B2=1) #he_spr_non_srg_obss_pd_max_offset + +# SRG OBSS PD Min Offset (included if he_spr_sr_control B3=1) #he_spr_srg_obss_pd_min_offset +# +# SRG OBSS PD Max Offset (included if he_spr_sr_control B3=1) #he_spr_srg_obss_pd_max_offset # -# SPR SRG BSS Color +# SPR SRG BSS Color (included if he_spr_sr_control B3=1) # This config represents SRG BSS Color Bitmap field of Spatial Reuse Parameter # Set element that indicates the BSS color values used by members of the # SRG of which the transmitting STA is a member. The value is in range of 0-63. #he_spr_srg_bss_colors=1 2 10 63 # -# SPR SRG Partial BSSID +# SPR SRG Partial BSSID (included if he_spr_sr_control B3=1) # This config represents SRG Partial BSSID Bitmap field of Spatial Reuse # Parameter Set element that indicates the Partial BSSID values used by members # of the SRG of which the transmitting STA is a member. The value range @@ -2038,6 +2051,13 @@ own_ip_addr=127.0.0.1 # http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-10 #pasn_groups=19 20 21 +# PASN comeback after time in TUs +# In case the AP is temporarily unable to handle a PASN authentication exchange +# due to a too large number of parallel operations, this value indicates to the +# peer after how many TUs it can try the PASN exchange again. +# (default: 10 TUs) +#pasn_comeback_after=10 + ##### IEEE 802.11r configuration ############################################## # Mobility Domain identifier (dot11FTMobilityDomainID, MDID) diff --git a/src/ap/airtime_policy.c b/src/ap/airtime_policy.c index 1e67f0d5996e..abe817c5b015 100644 --- a/src/ap/airtime_policy.c +++ b/src/ap/airtime_policy.c @@ -79,6 +79,10 @@ static void count_backlogged_sta(struct hostapd_data *hapd) for (sta = hapd->sta_list; sta; sta = sta->next) { if (hostapd_drv_read_sta_data(hapd, &data, sta->addr)) continue; +#ifdef CONFIG_TESTING_OPTIONS + if (hapd->force_backlog_bytes) + data.backlog_bytes = 1; +#endif /* CONFIG_TESTING_OPTIONS */ if (data.backlog_bytes > 0) set_new_backlog_time(hapd, sta, &now); diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index 452386b7e5de..7b6249bbe5cf 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -165,6 +165,11 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss) #ifdef CONFIG_TESTING_OPTIONS bss->sae_commit_status = -1; #endif /* CONFIG_TESTING_OPTIONS */ + +#ifdef CONFIG_PASN + /* comeback after 10 TUs */ + bss->pasn_comeback_after = 10; +#endif /* CONFIG_PASN */ } diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 8aeb03107af2..95bd79873a59 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -267,6 +267,8 @@ struct airtime_sta_weight { u8 addr[ETH_ALEN]; }; +#define EXT_CAPA_MAX_LEN 15 + /** * struct hostapd_bss_config - Per-BSS configuration */ @@ -880,9 +882,18 @@ struct hostapd_bss_config { #endif /* CONFIG_TESTING_OPTIONS */ int *pasn_groups; + + /* + * The time in TUs after which the non-AP STA is requested to retry the + * PASN authentication in case there are too many parallel operations. + */ + u16 pasn_comeback_after; #endif /* CONFIG_PASN */ unsigned int unsol_bcast_probe_resp_interval; + + u8 ext_capa_mask[EXT_CAPA_MAX_LEN]; + u8 ext_capa[EXT_CAPA_MAX_LEN]; }; /** diff --git a/src/ap/ap_drv_ops.h b/src/ap/ap_drv_ops.h index a42070116771..61c8f64eb471 100644 --- a/src/ap/ap_drv_ops.h +++ b/src/ap/ap_drv_ops.h @@ -403,4 +403,17 @@ static inline int hostapd_drv_driver_cmd(struct hostapd_data *hapd, } #endif /* ANDROID */ +#ifdef CONFIG_TESTING_OPTIONS +static inline int +hostapd_drv_register_frame(struct hostapd_data *hapd, u16 type, + const u8 *match, size_t match_len, + bool multicast) +{ + if (!hapd->driver || !hapd->drv_priv || !hapd->driver->register_frame) + return -1; + return hapd->driver->register_frame(hapd->drv_priv, type, match, + match_len, multicast); +} +#endif /* CONFIG_TESTING_OPTIONS */ + #endif /* AP_DRV_OPS */ diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c index e1e5a3ac4bb3..aaeb94c2f53b 100644 --- a/src/ap/dpp_hostapd.c +++ b/src/ap/dpp_hostapd.c @@ -915,7 +915,8 @@ static void hostapd_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token, wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); return; } - if (!resp || status_code != WLAN_STATUS_SUCCESS) { + if (result != GAS_QUERY_AP_SUCCESS || + !resp || status_code != WLAN_STATUS_SUCCESS) { wpa_printf(MSG_DEBUG, "DPP: GAS query did not succeed"); goto fail; } @@ -1189,6 +1190,7 @@ static void hostapd_dpp_rx_conf_result(struct hostapd_data *hapd, const u8 *src, wpa_printf(MSG_DEBUG, "DPP: Wait for Connection Status Result"); eloop_cancel_timeout(hostapd_dpp_config_result_wait_timeout, hapd, NULL); + auth->waiting_conn_status_result = 1; eloop_cancel_timeout( hostapd_dpp_conn_status_result_wait_timeout, hapd, NULL); @@ -1981,6 +1983,19 @@ hostapd_dpp_gas_req_handler(struct hostapd_data *hapd, const u8 *sa, wpa_printf(MSG_DEBUG, "DPP: No matching exchange in progress"); return NULL; } + + if (hapd->dpp_auth_ok_on_ack && auth->configurator) { + wpa_printf(MSG_DEBUG, + "DPP: Have not received ACK for Auth Confirm yet - assume it was received based on this GAS request"); + /* hostapd_dpp_auth_success() would normally have been called + * from TX status handler, but since there was no such handler + * call yet, simply send out the event message and proceed with + * exchange. */ + wpa_msg(hapd->msg_ctx, MSG_INFO, + DPP_EVENT_AUTH_SUCCESS "init=1"); + hapd->dpp_auth_ok_on_ack = 0; + } + wpa_hexdump(MSG_DEBUG, "DPP: Received Configuration Request (GAS Query Request)", query, query_len); diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c index 290d354a016c..ec5abf166b23 100644 --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c @@ -459,8 +459,8 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, if (hapd->conf->sae_pwe == 2 && sta->auth_alg == WLAN_AUTH_SAE && sta->sae && !sta->sae->h2e && - elems.rsnxe && elems.rsnxe_len >= 1 && - (elems.rsnxe[0] & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) { + ieee802_11_rsnx_capab_len(elems.rsnxe, elems.rsnxe_len, + WLAN_RSNX_CAPAB_SAE_H2E)) { wpa_printf(MSG_INFO, "SAE: " MACSTR " indicates support for SAE H2E, but did not use it", MAC2STR(sta->addr)); diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c index 7bb0f097669b..e9aae6dcf2f5 100644 --- a/src/ap/hostapd.c +++ b/src/ap/hostapd.c @@ -107,7 +107,8 @@ static void hostapd_reload_bss(struct hostapd_data *hapd) return; if (hapd->conf->wmm_enabled < 0) - hapd->conf->wmm_enabled = hapd->iconf->ieee80211n; + hapd->conf->wmm_enabled = hapd->iconf->ieee80211n | + hapd->iconf->ieee80211ax; #ifndef CONFIG_NO_RADIUS radius_client_reconfig(hapd->radius, hapd->conf->radius); @@ -1173,7 +1174,8 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first) } if (conf->wmm_enabled < 0) - conf->wmm_enabled = hapd->iconf->ieee80211n; + conf->wmm_enabled = hapd->iconf->ieee80211n | + hapd->iconf->ieee80211ax; #ifdef CONFIG_IEEE80211R_AP if (is_zero_ether_addr(conf->r1_key_holder)) diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h index 44f566a42403..07d0aaa92100 100644 --- a/src/ap/hostapd.h +++ b/src/ap/hostapd.h @@ -354,6 +354,8 @@ struct hostapd_data { int last_bigtk_key_idx; u8 last_bigtk[WPA_BIGTK_MAX_LEN]; size_t last_bigtk_len; + + bool force_backlog_bytes; #endif /* CONFIG_TESTING_OPTIONS */ #ifdef CONFIG_MBO diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 72d102f44e21..b404e84affe5 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -572,7 +572,7 @@ static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd, if (update && !use_pt && sae_prepare_commit(hapd->own_addr, sta->addr, - (u8 *) password, os_strlen(password), rx_id, + (u8 *) password, os_strlen(password), sta->sae) < 0) { wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE"); return NULL; @@ -702,13 +702,15 @@ static int use_anti_clogging(struct hostapd_data *hapd) for (sta = hapd->sta_list; sta; sta = sta->next) { #ifdef CONFIG_SAE - if (!sta->sae) - continue; - if (sta->sae->state != SAE_COMMITTED && - sta->sae->state != SAE_CONFIRMED) - continue; - open++; + if (sta->sae && + (sta->sae->state == SAE_COMMITTED || + sta->sae->state == SAE_CONFIRMED)) + open++; #endif /* CONFIG_SAE */ +#ifdef CONFIG_PASN + if (sta->pasn && sta->pasn->ecdh) + open++; +#endif /* CONFIG_PASN */ if (open >= hapd->conf->anti_clogging_threshold) return 1; } @@ -806,7 +808,8 @@ static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd, if (buf == NULL) return NULL; - wpabuf_put_le16(buf, group); /* Finite Cyclic Group */ + if (group) + wpabuf_put_le16(buf, group); /* Finite Cyclic Group */ if (h2e) { /* Encapsulate Anti-clogging Token field in a container IE */ @@ -2380,11 +2383,12 @@ static int pasn_wd_handle_sae_commit(struct hostapd_data *hapd, struct wpabuf *wd) { struct pasn_data *pasn = sta->pasn; - const char *password = NULL; + const char *password; const u8 *data; size_t buf_len; u16 res, alg, seq, status; int groups[] = { pasn->group, 0 }; + struct sae_pt *pt = NULL; int ret; if (!wd) @@ -2406,8 +2410,8 @@ static int pasn_wd_handle_sae_commit(struct hostapd_data *hapd, wpa_printf(MSG_DEBUG, "PASN: SAE commit: alg=%u, seq=%u, status=%u", alg, seq, status); - /* TODO: SAE H2E */ - if (alg != WLAN_AUTH_SAE || seq != 1 || status != WLAN_STATUS_SUCCESS) { + if (alg != WLAN_AUTH_SAE || seq != 1 || + status != WLAN_STATUS_SAE_HASH_TO_ELEMENT) { wpa_printf(MSG_DEBUG, "PASN: Dropping peer SAE commit"); return -1; } @@ -2421,15 +2425,14 @@ static int pasn_wd_handle_sae_commit(struct hostapd_data *hapd, return -1; } - password = sae_get_password(hapd, sta, NULL, NULL, NULL, NULL); - if (!password) { - wpa_printf(MSG_DEBUG, "PASN: No SAE password found"); + password = sae_get_password(hapd, sta, NULL, NULL, &pt, NULL); + if (!password || !pt) { + wpa_printf(MSG_DEBUG, "PASN: No SAE PT found"); return -1; } - ret = sae_prepare_commit(hapd->own_addr, sta->addr, - (const u8 *) password, os_strlen(password), 0, - &pasn->sae); + ret = sae_prepare_commit_pt(&pasn->sae, pt, hapd->own_addr, sta->addr, + NULL, NULL); if (ret) { wpa_printf(MSG_DEBUG, "PASN: Failed to prepare SAE commit"); return -1; @@ -2526,7 +2529,7 @@ static struct wpabuf * pasn_get_sae_wd(struct hostapd_data *hapd, len_ptr = wpabuf_put(buf, 2); wpabuf_put_le16(buf, WLAN_AUTH_SAE); wpabuf_put_le16(buf, 1); - wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); + wpabuf_put_le16(buf, WLAN_STATUS_SAE_HASH_TO_ELEMENT); /* Write the actual commit and update the length accordingly */ sae_write_commit(&pasn->sae, buf, NULL, 0); @@ -2643,7 +2646,7 @@ static void pasn_fils_auth_resp(struct hostapd_data *hapd, wpabuf_head(pasn->secret), wpabuf_len(pasn->secret), &sta->pasn->ptk, sta->pasn->akmp, - sta->pasn->cipher, WPA_KDK_MAX_LEN); + sta->pasn->cipher, sta->pasn->kdk_len); if (ret) { wpa_printf(MSG_DEBUG, "PASN: FILS: Failed to derive PTK"); goto fail; @@ -2880,7 +2883,7 @@ pasn_derive_keys(struct hostapd_data *hapd, struct sta_info *sta, ret = pasn_pmk_to_ptk(pmk, pmk_len, sta->addr, hapd->own_addr, wpabuf_head(secret), wpabuf_len(secret), &sta->pasn->ptk, sta->pasn->akmp, - sta->pasn->cipher, WPA_KDK_MAX_LEN); + sta->pasn->cipher, sta->pasn->kdk_len); if (ret) { wpa_printf(MSG_DEBUG, "PASN: Failed to derive PTK"); return -1; @@ -2891,6 +2894,54 @@ pasn_derive_keys(struct hostapd_data *hapd, struct sta_info *sta, } +static void handle_auth_pasn_comeback(struct hostapd_data *hapd, + struct sta_info *sta, u16 group) +{ + struct wpabuf *buf, *comeback; + int ret; + + wpa_printf(MSG_DEBUG, + "PASN: Building comeback frame 2. Comeback after=%u", + hapd->conf->pasn_comeback_after); + + buf = wpabuf_alloc(1500); + if (!buf) + return; + + wpa_pasn_build_auth_header(buf, hapd->own_addr, hapd->own_addr, + sta->addr, 2, + WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY); + + /* + * Do not include the group as a part of the token since it is not going + * to be used. + */ + comeback = auth_build_token_req(hapd, 0, sta->addr, 0); + if (!comeback) { + wpa_printf(MSG_DEBUG, + "PASN: Failed sending auth with comeback"); + wpabuf_free(buf); + return; + } + + wpa_pasn_add_parameter_ie(buf, group, + WPA_PASN_WRAPPED_DATA_NO, + NULL, 0, comeback, + hapd->conf->pasn_comeback_after); + wpabuf_free(comeback); + + wpa_printf(MSG_DEBUG, + "PASN: comeback: STA=" MACSTR, MAC2STR(sta->addr)); + + ret = hostapd_drv_send_mlme(hapd, wpabuf_head(buf), wpabuf_len(buf), 0, + NULL, 0, 0); + if (ret) + wpa_printf(MSG_INFO, "PASN: Failed to send comeback frame 2"); + + wpabuf_free(buf); +} + + static int handle_auth_pasn_resp(struct hostapd_data *hapd, struct sta_info *sta, struct rsn_pmksa_cache_entry *pmksa, @@ -3100,6 +3151,15 @@ static void handle_auth_pasn_1(struct hostapd_data *hapd, struct sta_info *sta, sta->pasn->akmp = rsn_data.key_mgmt; sta->pasn->cipher = rsn_data.pairwise_cipher; + if (hapd->conf->force_kdk_derivation || + ((hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF) && + ieee802_11_rsnx_capab_len(elems.rsnxe, elems.rsnxe_len, + WLAN_RSNX_CAPAB_SECURE_LTF))) + sta->pasn->kdk_len = WPA_KDK_MAX_LEN; + else + sta->pasn->kdk_len = 0; + wpa_printf(MSG_DEBUG, "PASN: kdk_len=%zu", sta->pasn->kdk_len); + if (!elems.pasn_params || !elems.pasn_params_len) { wpa_printf(MSG_DEBUG, "PASN: No PASN Parameters element found"); @@ -3133,6 +3193,25 @@ static void handle_auth_pasn_1(struct hostapd_data *hapd, struct sta_info *sta, goto send_resp; } + if (pasn_params.comeback) { + wpa_printf(MSG_DEBUG, "PASN: Checking peer comeback token"); + + ret = check_comeback_token(hapd, sta->addr, + pasn_params.comeback, + pasn_params.comeback_len); + + if (ret) { + wpa_printf(MSG_DEBUG, "PASN: Invalid comeback token"); + status = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto send_resp; + } + } else if (use_anti_clogging(hapd)) { + wpa_printf(MSG_DEBUG, "PASN: Respond with comeback"); + handle_auth_pasn_comeback(hapd, sta, pasn_params.group); + ap_free_sta(hapd, sta); + return; + } + sta->pasn->ecdh = crypto_ecdh_init(pasn_params.group); if (!sta->pasn->ecdh) { wpa_printf(MSG_DEBUG, "PASN: Failed to init ECDH"); @@ -4614,8 +4693,8 @@ static int check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, if (hapd->conf->sae_pwe == 2 && sta->auth_alg == WLAN_AUTH_SAE && sta->sae && !sta->sae->h2e && - elems.rsnxe && elems.rsnxe_len >= 1 && - (elems.rsnxe[0] & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) { + ieee802_11_rsnx_capab_len(elems.rsnxe, elems.rsnxe_len, + WLAN_RSNX_CAPAB_SAE_H2E)) { wpa_printf(MSG_INFO, "SAE: " MACSTR " indicates support for SAE H2E, but did not use it", MAC2STR(sta->addr)); diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c index d0074f6ba220..4bff9e591883 100644 --- a/src/ap/ieee802_11_shared.c +++ b/src/ap/ieee802_11_shared.c @@ -451,70 +451,10 @@ static void hostapd_ext_capab_byte(struct hostapd_data *hapd, u8 *pos, int idx) u8 * hostapd_eid_ext_capab(struct hostapd_data *hapd, u8 *eid) { u8 *pos = eid; - u8 len = 0, i; - - if (hapd->conf->qos_map_set_len || - (hapd->conf->tdls & (TDLS_PROHIBIT | TDLS_PROHIBIT_CHAN_SWITCH))) - len = 5; - if (len < 4 && - (hapd->conf->time_advertisement == 2 || hapd->conf->interworking)) - len = 4; - if (len < 3 && - (hapd->conf->wnm_sleep_mode || hapd->conf->bss_transition)) - len = 3; - if (len < 1 && - (hapd->iconf->obss_interval || - (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_CSA))) - len = 1; - if (len < 2 && - (hapd->conf->proxy_arp || hapd->conf->coloc_intf_reporting)) - len = 2; - if (len < 7 && hapd->conf->ssid.utf8_ssid) - len = 7; - if (len < 9 && - (hapd->conf->ftm_initiator || hapd->conf->ftm_responder)) - len = 9; -#ifdef CONFIG_WNM_AP - if (len < 4) - len = 4; -#endif /* CONFIG_WNM_AP */ -#ifdef CONFIG_HS20 - if (hapd->conf->hs20 && len < 6) - len = 6; -#endif /* CONFIG_HS20 */ -#ifdef CONFIG_MBO - if (hapd->conf->mbo_enabled && len < 6) - len = 6; -#endif /* CONFIG_MBO */ -#ifdef CONFIG_FILS - if ((!(hapd->conf->wpa & WPA_PROTO_RSN) || - !wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt)) && len < 10) - len = 10; -#endif /* CONFIG_FILS */ -#ifdef CONFIG_IEEE80211AX - if (len < 10 && hapd->iconf->ieee80211ax && - hostapd_get_he_twt_responder(hapd, IEEE80211_MODE_AP)) - len = 10; -#endif /* CONFIG_IEEE80211AX */ -#ifdef CONFIG_SAE - if (len < 11 && hapd->conf->wpa && - wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) && - hostapd_sae_pw_id_in_use(hapd->conf)) - len = 11; -#endif /* CONFIG_SAE */ - if (len < 11 && hapd->conf->beacon_prot && - (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION)) - len = 11; -#ifdef CONFIG_SAE_PK - if (len < 12 && hapd->conf->wpa && - wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) && - hostapd_sae_pk_exclusively(hapd->conf)) - len = 12; -#endif /* CONFIG_SAE_PK */ + u8 len = EXT_CAPA_MAX_LEN, i; + if (len < hapd->iface->extended_capa_len) len = hapd->iface->extended_capa_len; - if (len == 0) - return eid; *pos++ = WLAN_EID_EXT_CAPAB; *pos++ = len; @@ -525,6 +465,11 @@ u8 * hostapd_eid_ext_capab(struct hostapd_data *hapd, u8 *eid) *pos &= ~hapd->iface->extended_capa_mask[i]; *pos |= hapd->iface->extended_capa[i]; } + + if (i < EXT_CAPA_MAX_LEN) { + *pos &= ~hapd->conf->ext_capa_mask[i]; + *pos |= hapd->conf->ext_capa[i]; + } } while (len > 0 && eid[1 + len] == 0) { diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h index efa48e7e3d8d..27e72f9a0164 100644 --- a/src/ap/sta_info.h +++ b/src/ap/sta_info.h @@ -88,6 +88,7 @@ struct pasn_data { u16 group; u8 trans_seq; u8 wrapped_data_format; + size_t kdk_len; u8 hash[SHA384_MAC_LEN]; struct wpa_ptk ptk; diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 6c791e26b0b7..59cd46aa4601 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -2283,8 +2283,7 @@ static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce, if (sm->wpa_auth->conf.force_kdk_derivation || (sm->wpa_auth->conf.secure_ltf && - sm->rsnxe && sm->rsnxe_len >= 4 && - sm->rsnxe[3] & BIT(WLAN_RSNX_CAPAB_SECURE_LTF - 8))) + ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF))) kdk_len = WPA_KDK_MAX_LEN; else kdk_len = 0; @@ -2338,8 +2337,7 @@ int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk, if (sm->wpa_auth->conf.force_kdk_derivation || (sm->wpa_auth->conf.secure_ltf && - sm->rsnxe && sm->rsnxe_len >= 4 && - sm->rsnxe[3] & BIT(WLAN_RSNX_CAPAB_SECURE_LTF - 8))) + ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF))) kdk_len = WPA_KDK_MAX_LEN; else kdk_len = 0; @@ -4267,7 +4265,7 @@ int wpa_wnmsleep_bigtk_subelem(struct wpa_state_machine *sm, u8 *pos) wpa_printf(MSG_DEBUG, "WNM: BIGTK Key ID %u in WNM-Sleep Mode exit", gsm->GN_bigtk); wpa_hexdump_key(MSG_DEBUG, "WNM: BIGTK in WNM-Sleep Mode exit", - gsm->IGTK[gsm->GN_bigtk - 6], len); + gsm->BIGTK[gsm->GN_bigtk - 6], len); return pos - start; } diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c index 32b745651ace..e80086b93d8d 100644 --- a/src/ap/wpa_auth_ft.c +++ b/src/ap/wpa_auth_ft.c @@ -3198,8 +3198,7 @@ pmk_r1_derived: if (sm->wpa_auth->conf.force_kdk_derivation || (sm->wpa_auth->conf.secure_ltf && - sm->rsnxe && sm->rsnxe_len >= 4 && - sm->rsnxe[3] & BIT(WLAN_RSNX_CAPAB_SECURE_LTF - 8))) + ieee802_11_rsnx_capab(sm->rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF))) kdk_len = WPA_KDK_MAX_LEN; else kdk_len = 0; diff --git a/src/common/common_module_tests.c b/src/common/common_module_tests.c index 50ce1923c120..8aba713f92ba 100644 --- a/src/common/common_module_tests.c +++ b/src/common/common_module_tests.c @@ -256,87 +256,69 @@ static int sae_tests(void) #ifdef CONFIG_SAE struct sae_data sae; int ret = -1; - /* IEEE P802.11-REVmd/D2.1, Annex J.10 */ - const u8 addr1[ETH_ALEN] = { 0x82, 0x7b, 0x91, 0x9d, 0xd4, 0xb9 }; - const u8 addr2[ETH_ALEN] = { 0x1e, 0xec, 0x49, 0xea, 0x64, 0x88 }; + /* IEEE Std 802.11-2020, Annex J.10 */ + const u8 addr1[ETH_ALEN] = { 0x4d, 0x3f, 0x2f, 0xff, 0xe3, 0x87 }; + const u8 addr2[ETH_ALEN] = { 0xa5, 0xd8, 0xaa, 0x95, 0x8e, 0x3c }; const char *ssid = "byteme"; const char *pw = "mekmitasdigoat"; const char *pwid = "psk4internet"; const u8 local_rand[] = { - 0xa9, 0x06, 0xf6, 0x1e, 0x4d, 0x3a, 0x5d, 0x4e, - 0xb2, 0x96, 0x5f, 0xf3, 0x4c, 0xf9, 0x17, 0xdd, - 0x04, 0x44, 0x45, 0xc8, 0x78, 0xc1, 0x7c, 0xa5, - 0xd5, 0xb9, 0x37, 0x86, 0xda, 0x9f, 0x83, 0xcf + 0x99, 0x24, 0x65, 0xfd, 0x3d, 0xaa, 0x3c, 0x60, + 0xaa, 0x65, 0x65, 0xb7, 0xf6, 0x2a, 0x2a, 0x7f, + 0x2e, 0x12, 0xdd, 0x12, 0xf1, 0x98, 0xfa, 0xf4, + 0xfb, 0xed, 0x89, 0xd7, 0xff, 0x1a, 0xce, 0x94 }; const u8 local_mask[] = { - 0x42, 0x34, 0xb4, 0xfb, 0x17, 0xaa, 0x43, 0x5c, - 0x52, 0xfb, 0xfd, 0xeb, 0xe6, 0x40, 0x39, 0xb4, - 0x34, 0x78, 0x20, 0x0e, 0x54, 0xff, 0x7b, 0x6e, - 0x07, 0xb6, 0x9c, 0xad, 0x74, 0x15, 0x3c, 0x15 + 0x95, 0x07, 0xa9, 0x0f, 0x77, 0x7a, 0x04, 0x4d, + 0x6a, 0x08, 0x30, 0xb9, 0x1e, 0xa3, 0xd5, 0xdd, + 0x70, 0xbe, 0xce, 0x44, 0xe1, 0xac, 0xff, 0xb8, + 0x69, 0x83, 0xb5, 0xe1, 0xbf, 0x9f, 0xb3, 0x22 }; const u8 local_commit[] = { - 0x13, 0x00, 0xeb, 0x3b, 0xab, 0x19, 0x64, 0xe4, - 0xa0, 0xab, 0x05, 0x92, 0x5d, 0xdf, 0x33, 0x39, - 0x51, 0x91, 0x38, 0xbc, 0x65, 0xd6, 0xcd, 0xc0, - 0xf8, 0x13, 0xdd, 0x6f, 0xd4, 0x34, 0x4e, 0xb4, - 0xbf, 0xe4, 0x4b, 0x5c, 0x21, 0x59, 0x76, 0x58, - 0xf4, 0xe3, 0xed, 0xdf, 0xb4, 0xb9, 0x9f, 0x25, - 0xb4, 0xd6, 0x54, 0x0f, 0x32, 0xff, 0x1f, 0xd5, - 0xc5, 0x30, 0xc6, 0x0a, 0x79, 0x44, 0x48, 0x61, - 0x0b, 0xc6, 0xde, 0x3d, 0x92, 0xbd, 0xbb, 0xd4, - 0x7d, 0x93, 0x59, 0x80, 0xca, 0x6c, 0xf8, 0x98, - 0x8a, 0xb6, 0x63, 0x0b, 0xe6, 0x76, 0x4c, 0x88, - 0x5c, 0xeb, 0x97, 0x93, 0x97, 0x0f, 0x69, 0x52, - 0x17, 0xee, 0xff, 0x0d, 0x21, 0x70, 0x73, 0x6b, - 0x34, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, - 0x74 + 0x13, 0x00, 0x2e, 0x2c, 0x0f, 0x0d, 0xb5, 0x24, + 0x40, 0xad, 0x14, 0x6d, 0x96, 0x71, 0x14, 0xce, + 0x00, 0x5c, 0xe1, 0xea, 0xb0, 0xaa, 0x2c, 0x2e, + 0x5c, 0x28, 0x71, 0xb7, 0x74, 0xf6, 0xc2, 0x57, + 0x5c, 0x65, 0xd5, 0xad, 0x9e, 0x00, 0x82, 0x97, + 0x07, 0xaa, 0x36, 0xba, 0x8b, 0x85, 0x97, 0x38, + 0xfc, 0x96, 0x1d, 0x08, 0x24, 0x35, 0x05, 0xf4, + 0x7c, 0x03, 0x53, 0x76, 0xd7, 0xac, 0x4b, 0xc8, + 0xd7, 0xb9, 0x50, 0x83, 0xbf, 0x43, 0x82, 0x7d, + 0x0f, 0xc3, 0x1e, 0xd7, 0x78, 0xdd, 0x36, 0x71, + 0xfd, 0x21, 0xa4, 0x6d, 0x10, 0x91, 0xd6, 0x4b, + 0x6f, 0x9a, 0x1e, 0x12, 0x72, 0x62, 0x13, 0x25, + 0xdb, 0xe1 }; const u8 peer_commit[] = { - 0x13, 0x00, 0x55, 0x64, 0xf0, 0x45, 0xb2, 0xea, - 0x1e, 0x56, 0x6c, 0xf1, 0xdd, 0x74, 0x1f, 0x70, - 0xd9, 0xbe, 0x35, 0xd2, 0xdf, 0x5b, 0x9a, 0x55, - 0x02, 0x94, 0x6e, 0xe0, 0x3c, 0xf8, 0xda, 0xe2, - 0x7e, 0x1e, 0x05, 0xb8, 0x43, 0x0e, 0xb7, 0xa9, - 0x9e, 0x24, 0x87, 0x7c, 0xe6, 0x9b, 0xaf, 0x3d, - 0xc5, 0x80, 0xe3, 0x09, 0x63, 0x3d, 0x6b, 0x38, - 0x5f, 0x83, 0xee, 0x1c, 0x3e, 0xc3, 0x59, 0x1f, - 0x1a, 0x53, 0x93, 0xc0, 0x6e, 0x80, 0x5d, 0xdc, - 0xeb, 0x2f, 0xde, 0x50, 0x93, 0x0d, 0xd7, 0xcf, - 0xeb, 0xb9, 0x87, 0xc6, 0xff, 0x96, 0x66, 0xaf, - 0x16, 0x4e, 0xb5, 0x18, 0x4d, 0x8e, 0x66, 0x62, - 0xed, 0x6a, 0xff, 0x0d, 0x21, 0x70, 0x73, 0x6b, - 0x34, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, - 0x74 + 0x13, 0x00, 0x59, 0x1b, 0x96, 0xf3, 0x39, 0x7f, + 0xb9, 0x45, 0x10, 0x08, 0x48, 0xe7, 0xb5, 0x50, + 0x54, 0x3b, 0x67, 0x20, 0xd8, 0x83, 0x37, 0xee, + 0x93, 0xfc, 0x49, 0xfd, 0x6d, 0xf7, 0xe0, 0x8b, + 0x52, 0x23, 0xe7, 0x1b, 0x9b, 0xb0, 0x48, 0xd3, + 0x87, 0x3f, 0x20, 0x55, 0x69, 0x53, 0xa9, 0x6c, + 0x91, 0x53, 0x6f, 0xd8, 0xee, 0x6c, 0xa9, 0xb4, + 0xa6, 0x8a, 0x14, 0x8b, 0x05, 0x6a, 0x90, 0x9b, + 0xe0, 0x3e, 0x83, 0xae, 0x20, 0x8f, 0x60, 0xf8, + 0xef, 0x55, 0x37, 0x85, 0x80, 0x74, 0xdb, 0x06, + 0x68, 0x70, 0x32, 0x39, 0x98, 0x62, 0x99, 0x9b, + 0x51, 0x1e, 0x0a, 0x15, 0x52, 0xa5, 0xfe, 0xa3, + 0x17, 0xc2 }; const u8 kck[] = { - 0x59, 0x9d, 0x6f, 0x1e, 0x27, 0x54, 0x8b, 0xe8, - 0x49, 0x9d, 0xce, 0xed, 0x2f, 0xec, 0xcf, 0x94, - 0x81, 0x8c, 0xe1, 0xc7, 0x9f, 0x1b, 0x4e, 0xb3, - 0xd6, 0xa5, 0x32, 0x28, 0xa0, 0x9b, 0xf3, 0xed + 0x1e, 0x73, 0x3f, 0x6d, 0x9b, 0xd5, 0x32, 0x56, + 0x28, 0x73, 0x04, 0x33, 0x88, 0x31, 0xb0, 0x9a, + 0x39, 0x40, 0x6d, 0x12, 0x10, 0x17, 0x07, 0x3a, + 0x5c, 0x30, 0xdb, 0x36, 0xf3, 0x6c, 0xb8, 0x1a }; const u8 pmk[] = { - 0x7a, 0xea, 0xd8, 0x6f, 0xba, 0x4c, 0x32, 0x21, - 0xfc, 0x43, 0x7f, 0x5f, 0x14, 0xd7, 0x0d, 0x85, - 0x4e, 0xa5, 0xd5, 0xaa, 0xc1, 0x69, 0x01, 0x16, - 0x79, 0x30, 0x81, 0xed, 0xa4, 0xd5, 0x57, 0xc5 + 0x4e, 0x4d, 0xfa, 0xb1, 0xa2, 0xdd, 0x8a, 0xc1, + 0xa9, 0x17, 0x90, 0xf9, 0x53, 0xfa, 0xaa, 0x45, + 0x2a, 0xe5, 0xc6, 0x87, 0x3a, 0xb7, 0x5b, 0x63, + 0x60, 0x5b, 0xa6, 0x63, 0xf8, 0xa7, 0xfe, 0x59 }; const u8 pmkid[] = { - 0x40, 0xa0, 0x9b, 0x60, 0x17, 0xce, 0xbf, 0x00, - 0x72, 0x84, 0x3b, 0x53, 0x52, 0xaa, 0x2b, 0x4f - }; - const u8 local_confirm[] = { - 0x01, 0x00, 0x12, 0xd9, 0xd5, 0xc7, 0x8c, 0x50, - 0x05, 0x26, 0xd3, 0x6c, 0x41, 0xdb, 0xc5, 0x6a, - 0xed, 0xf2, 0x91, 0x4c, 0xed, 0xdd, 0xd7, 0xca, - 0xd4, 0xa5, 0x8c, 0x48, 0xf8, 0x3d, 0xbd, 0xe9, - 0xfc, 0x77 - }; - const u8 peer_confirm[] = { - 0x01, 0x00, 0x02, 0x87, 0x1c, 0xf9, 0x06, 0x89, - 0x8b, 0x80, 0x60, 0xec, 0x18, 0x41, 0x43, 0xbe, - 0x77, 0xb8, 0xc0, 0x8a, 0x80, 0x19, 0xb1, 0x3e, - 0xb6, 0xd0, 0xae, 0xf0, 0xd8, 0x38, 0x3d, 0xfa, - 0xc2, 0xfd + 0x87, 0x47, 0xa6, 0x00, 0xee, 0xa3, 0xf9, 0xf2, + 0x24, 0x75, 0xdf, 0x58, 0xca, 0x1e, 0x54, 0x98 }; struct wpabuf *buf = NULL; struct crypto_bignum *mask = NULL; @@ -412,7 +394,7 @@ static int sae_tests(void) if (!buf || sae_set_group(&sae, 19) < 0 || sae_prepare_commit(addr1, addr2, (const u8 *) pw, os_strlen(pw), - pwid, &sae) < 0) + &sae) < 0) goto fail; /* Override local values based on SAE test vector */ @@ -434,7 +416,7 @@ static int sae_tests(void) goto fail; /* Check that output matches the test vector */ - if (sae_write_commit(&sae, buf, NULL, pwid) < 0) + if (sae_write_commit(&sae, buf, NULL, NULL) < 0) goto fail; wpa_hexdump_buf(MSG_DEBUG, "SAE: Commit message", buf); @@ -465,21 +447,6 @@ static int sae_tests(void) goto fail; } - buf->used = 0; - sae.send_confirm = 1; - sae_write_confirm(&sae, buf); - wpa_hexdump_buf(MSG_DEBUG, "SAE: Confirm message", buf); - - if (wpabuf_len(buf) != sizeof(local_confirm) || - os_memcmp(wpabuf_head(buf), local_confirm, - sizeof(local_confirm)) != 0) { - wpa_printf(MSG_ERROR, "SAE: Mismatch in local confirm"); - goto fail; - } - - if (sae_check_confirm(&sae, peer_confirm, sizeof(peer_confirm)) < 0) *** 3955 LINES SKIPPED ***