aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/sme.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2012-12-31 14:58:36 (GMT)
committerJouni Malinen <j@w1.fi>2013-01-12 15:51:52 (GMT)
commitd136c376f2aa5414ad30f345085a00971e2156aa (patch)
treea334870ae8f0825e3455f778f346bc35abdfb999 /wpa_supplicant/sme.c
parent4838ff3ef4cc2c77eed68885deca090d041d63c1 (diff)
downloadhostap-d136c376f2aa5414ad30f345085a00971e2156aa.zip
hostap-d136c376f2aa5414ad30f345085a00971e2156aa.tar.gz
hostap-d136c376f2aa5414ad30f345085a00971e2156aa.tar.bz2
SAE: Add support for Anti-Clogging mechanism
hostapd can now be configured to use anti-clogging mechanism based on the new sae_anti_clogging_threshold parameter (which is dot11RSNASAEAntiCloggingThreshold in the standard). The token is generated using a temporary key and the peer station's MAC address. wpa_supplicant will re-try SAE authentication with the token included if commit message is rejected with a token request. Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wpa_supplicant/sme.c')
-rw-r--r--wpa_supplicant/sme.c27
1 files changed, 24 insertions, 3 deletions
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 814beb7..3aabe17 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -47,6 +47,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
const u8 *bssid)
{
struct wpabuf *buf;
+ size_t len;
if (ssid->passphrase == NULL) {
wpa_printf(MSG_DEBUG, "SAE: No password available");
@@ -61,13 +62,14 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
return NULL;
}
- buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN);
+ len = wpa_s->sme.sae_token ? wpabuf_len(wpa_s->sme.sae_token) : 0;
+ buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + len);
if (buf == NULL)
return NULL;
wpabuf_put_le16(buf, 1); /* Transaction seq# */
wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
- sae_write_commit(&wpa_s->sme.sae, buf);
+ sae_write_commit(&wpa_s->sme.sae, buf, wpa_s->sme.sae_token);
return buf;
}
@@ -406,6 +408,19 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
"status code %u", auth_transaction, status_code);
wpa_hexdump(MSG_DEBUG, "SME: SAE fields", data, len);
+ if (auth_transaction == 1 &&
+ status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
+ wpa_s->sme.sae.state == SAE_COMMITTED &&
+ wpa_s->current_bss && wpa_s->current_ssid) {
+ wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE anti-clogging token "
+ "requested");
+ wpabuf_free(wpa_s->sme.sae_token);
+ wpa_s->sme.sae_token = wpabuf_alloc_copy(data, len);
+ sme_send_authentication(wpa_s, wpa_s->current_bss,
+ wpa_s->current_ssid, 1);
+ return 0;
+ }
+
if (status_code != WLAN_STATUS_SUCCESS)
return -1;
@@ -416,7 +431,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
return -1;
if (wpa_s->sme.sae.state != SAE_COMMITTED)
return -1;
- if (sae_parse_commit(&wpa_s->sme.sae, data, len) !=
+ if (sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL) !=
WLAN_STATUS_SUCCESS)
return -1;
@@ -426,6 +441,8 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
return -1;
}
+ wpabuf_free(wpa_s->sme.sae_token);
+ wpa_s->sme.sae_token = NULL;
sme_send_authentication(wpa_s, wpa_s->current_bss,
wpa_s->current_ssid, 0);
return 0;
@@ -795,6 +812,10 @@ void sme_deinit(struct wpa_supplicant *wpa_s)
#ifdef CONFIG_IEEE80211W
sme_stop_sa_query(wpa_s);
#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_SAE
+ wpabuf_free(wpa_s->sme.sae_token);
+ wpa_s->sme.sae_token = NULL;
+#endif /* CONFIG_SAE */
eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);