aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2017-11-03 15:49:45 (GMT)
committerJouni Malinen <j@w1.fi>2017-11-03 17:59:46 (GMT)
commit29ab69e4b02d156a3eced3bf953c2832674b921f (patch)
tree0668973086a2b0f1f27e6c3d4b445906af5876d6 /wpa_supplicant
parent84d53c775c67e8f9fe2f16334403e38e8e179035 (diff)
downloadhostap-29ab69e4b02d156a3eced3bf953c2832674b921f.zip
hostap-29ab69e4b02d156a3eced3bf953c2832674b921f.tar.gz
hostap-29ab69e4b02d156a3eced3bf953c2832674b921f.tar.bz2
DPP: PKEX counter t
Add limit on number of failed attempts that could have used PKEX code. If the limit (5) is reached, drop the PKEX state (including the code) and report this on the control interface to indicate that a new code needs to be entered due to possible attack. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'wpa_supplicant')
-rw-r--r--wpa_supplicant/dpp_supplicant.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 87131f5..74dbb93 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -1437,6 +1437,8 @@ wpas_dpp_tx_pkex_status(struct wpa_supplicant *wpa_s,
if (wpa_s->dpp_pkex->failed) {
wpa_printf(MSG_DEBUG,
"DPP: Terminate PKEX exchange due to an earlier error");
+ if (wpa_s->dpp_pkex->t > wpa_s->dpp_pkex->own_bi->pkex_t)
+ wpa_s->dpp_pkex->own_bi->pkex_t = wpa_s->dpp_pkex->t;
dpp_pkex_free(wpa_s->dpp_pkex);
wpa_s->dpp_pkex = NULL;
}
@@ -1558,6 +1560,8 @@ wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
if (pkex->failed) {
wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
+ if (pkex->t > pkex->own_bi->pkex_t)
+ pkex->own_bi->pkex_t = pkex->t;
dpp_pkex_free(wpa_s->dpp_pkex);
wpa_s->dpp_pkex = NULL;
}
@@ -1664,6 +1668,7 @@ void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
u8 crypto_suite;
enum dpp_public_action_frame_type type;
const u8 *hdr;
+ unsigned int pkex_t;
if (len < DPP_HDR_LEN)
return;
@@ -1730,6 +1735,17 @@ void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
"DPP: Ignored unsupported frame subtype %d", type);
break;
}
+
+ if (wpa_s->dpp_pkex)
+ pkex_t = wpa_s->dpp_pkex->t;
+ else if (wpa_s->dpp_pkex_bi)
+ pkex_t = wpa_s->dpp_pkex_bi->pkex_t;
+ else
+ pkex_t = 0;
+ if (pkex_t >= PKEX_COUNTER_T_LIMIT) {
+ wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_PKEX_T_LIMIT "id=0");
+ wpas_dpp_pkex_remove(wpa_s, "*");
+ }
}
@@ -2009,6 +2025,7 @@ int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd)
return -1;
}
wpa_s->dpp_pkex_bi = own_bi;
+ own_bi->pkex_t = 0; /* clear pending errors on new code */
os_free(wpa_s->dpp_pkex_identifier);
wpa_s->dpp_pkex_identifier = NULL;