wpa_supplicant: Add SAE handshake support for WPA3-PSK

Under WPA3-Personal, SAE authentication is used to derive PMK which is more secure and immune to offline dictionary attacks. 1. Add modules to generate SAE commit/confirm for the handshake 2. Add modules that build and parse SAE data in Auth frames 3. Add WPA3 association and key mgmt definitions 4. Invert y-bit while solving for ECC co-ordinate - Once an X co-ordinate is obtained, solving for Y co-ordinate using an elliptical curve equation results in 2 possible values, Y and (P - Y), where p is the prime number. The co-ordinates are used for deriving keys in SAE handshake. As par the 802.11 spec if LSB of X is same as LSB of Y then Y is chosen, (P - Y) otherwise. This is not what is implemented, so fix this behavior to obtain the correct Y co-ordinate.
2025-10-15 00:27:20 +00:00 · 2019-11-21 12:41:12 +05:30
parent aceb141d2b
commit da07b2b4a7
14 changed files with 464 additions and 72 deletions
--- a/components/wpa_supplicant/src/common/sae.h
+++ b/components/wpa_supplicant/src/common/sae.h
@@ -5,14 +5,12 @@
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */
-
 #ifdef CONFIG_WPA3_SAE

 #ifndef SAE_H
 #define SAE_H

 #include "esp_err.h"
-
 #include "utils/includes.h"
 #include "utils/common.h"
 #include "utils/wpa_debug.h"
@@ -47,6 +45,7 @@ struct sae_temporary_data {
 	struct crypto_bignum *prime_buf;
 	struct crypto_bignum *order_buf;
 	struct wpabuf *anti_clogging_token;
+	char *pw_id;
 };

 enum {
@@ -54,32 +53,38 @@ enum {
 	SAE_MSG_CONFIRM = 2,
 };

+enum sae_state {
+	SAE_NOTHING, SAE_COMMITTED, SAE_CONFIRMED, SAE_ACCEPTED
+};
+
 struct sae_data {
-	enum { SAE_NOTHING, SAE_COMMITTED, SAE_CONFIRMED, SAE_ACCEPTED } state;
+	enum sae_state state;
 	u16 send_confirm;
 	u8 pmk[SAE_PMK_LEN];
 	u8 pmkid[SAE_PMKID_LEN];
 	struct crypto_bignum *peer_commit_scalar;
-	u16 group;
-	int sync;
+	int group;
+	unsigned int sync; /* protocol instance variable: Sync */
+	u16 rc; /* protocol instance variable: Rc (received send-confirm) */
 	struct sae_temporary_data *tmp;
 };

-int sae_set_group(struct sae_data *sae, u16 group);
+int sae_set_group(struct sae_data *sae, int group);
 void sae_clear_temp_data(struct sae_data *sae);
 void sae_clear_data(struct sae_data *sae);

 int sae_prepare_commit(const u8 *addr1, const u8 *addr2,
 		       const u8 *password, size_t password_len,
-		       struct sae_data *sae);
+		       const char *identifier, struct sae_data *sae);
 int sae_process_commit(struct sae_data *sae);
 void sae_write_commit(struct sae_data *sae, struct wpabuf *buf,
-		      const struct wpabuf *token);
+		      const struct wpabuf *token, const char *identifier);
 u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
 		     const u8 **token, size_t *token_len, int *allowed_groups);
 void sae_write_confirm(struct sae_data *sae, struct wpabuf *buf);
 int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len);
 u16 sae_group_allowed(struct sae_data *sae, int *allowed_groups, u16 group);
+const char * sae_state_txt(enum sae_state state);

 #endif /* SAE_H */
 #endif /* CONFIG_WPA3_SAE */