jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

SAE-PK: Update design for fingerprint encoding into password

Browse source 
Update the SAE-PK implementation to match the changes in the protocol
design:
- allow only Sec values 3 and 5 and encode this as a single bit field
  with multiple copies
- add a checksum character

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-08-05 17:44:32 +03:00 committed by Jouni Malinen
parent 02f4946172
commit 0a9d7b169e
7 changed files with 428 additions and 213 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
hostapd/sae_pk_gen.c
View file

@ -25,11 +25,15 @@ int main(int argc, char *argv[])
char *b64 = NULL, *pw = NULL, *pos, *src; char *b64 = NULL, *pw = NULL, *pos, *src;
int sec, j; int sec, j;
int ret = -1; int ret = -1;
u8 hash[SAE_MAX_HASH_LEN], fingerprint[SAE_MAX_HASH_LEN]; u8 hash[SAE_MAX_HASH_LEN];
char hash_hex[2 * SAE_MAX_HASH_LEN + 1];
u8 pw_base_bin[SAE_MAX_HASH_LEN];
u8 *dst;
int group; int group;
size_t hash_len; size_t hash_len;
unsigned long long i, expected; unsigned long long i, expected;
char m_hex[2 * SAE_PK_M_LEN + 1]; char m_hex[2 * SAE_PK_M_LEN + 1];
u32 sec_1b, val20;
wpa_debug_level = MSG_INFO; wpa_debug_level = MSG_INFO;
if (os_program_init() < 0) if (os_program_init() < 0)
@ -37,15 +41,17 @@ int main(int argc, char *argv[])
if (argc != 4) { if (argc != 4) {
fprintf(stderr, fprintf(stderr,
"usage: sae_pk_gen <DER ECPrivateKey file> <Sec:2..5> <SSID>\n"); "usage: sae_pk_gen <DER ECPrivateKey file> <Sec:3|5> <SSID>\n");
goto fail; goto fail;
} }
sec = atoi(argv[2]); sec = atoi(argv[2]);
if (sec < 2 || sec > 5) { if (sec != 3 && sec != 5) {
fprintf(stderr, "Invalid Sec value (allowed range: 2..5)\n"); fprintf(stderr,
"Invalid Sec value (allowed values: 3 and 5)\n");
goto fail; goto fail;
} }
sec_1b = sec == 3;
expected = 1; expected = 1;
for (j = 0; j < sec; j++) for (j = 0; j < sec; j++)
expected *= 256; expected *= 256;
@ -106,7 +112,7 @@ int main(int argc, char *argv[])
goto fail; goto fail;
} }
if (hash[0] == 0 && hash[1] == 0) { if (hash[0] == 0 && hash[1] == 0) {
if (sec == 2 || (hash[2] & 0xf0) == 0) if ((hash[2] & 0xf0) == 0)
fprintf(stderr, "\r%3.2f%%", fprintf(stderr, "\r%3.2f%%",
100.0 * (double) i / (double) expected); 100.0 * (double) i / (double) expected);
for (j = 2; j < sec; j++) { for (j = 2; j < sec; j++) {
@ -119,18 +125,14 @@ int main(int argc, char *argv[])
inc_byte_array(m, SAE_PK_M_LEN); inc_byte_array(m, SAE_PK_M_LEN);
} }
fprintf(stderr, "\nFound a valid hash in %llu iterations\n", i); if (wpa_snprintf_hex(m_hex, sizeof(m_hex), m, SAE_PK_M_LEN) < 0 ||
wpa_hexdump(MSG_DEBUG, "Valid hash", hash, hash_len); wpa_snprintf_hex(hash_hex, sizeof(hash_hex), hash, hash_len) < 0)
fingerprint[0] = (sec - 2) << 6 | hash[sec] >> 2; goto fail;
for (i = 1; i < hash_len - sec; i++) fprintf(stderr, "\nFound a valid hash in %llu iterations: %s\n",
fingerprint[i] = hash[sec + i - 1] << 6 | hash[sec + i] >> 2; i + 1, hash_hex);
wpa_hexdump(MSG_DEBUG, "Fingerprint part for password",
fingerprint, hash_len - sec);
b64 = base64_encode(der, der_len, NULL); b64 = base64_encode(der, der_len, NULL);
pw = sae_pk_base32_encode(fingerprint, (hash_len - sec) * 8 - 2); if (!b64)
if (!b64 || !pw ||
wpa_snprintf_hex(m_hex, sizeof(m_hex), m, SAE_PK_M_LEN) < 0)
goto fail; goto fail;
src = pos = b64; src = pos = b64;
while (*src) { while (*src) {
@ -140,10 +142,44 @@ int main(int argc, char *argv[])
} }
*pos = '\0'; *pos = '\0';
/* Skip 8*Sec bits and add Sec_1b as the every 20th bit starting with
* one. */
os_memset(pw_base_bin, 0, sizeof(pw_base_bin));
dst = pw_base_bin;
for (j = 0; j < 8 * (int) hash_len / 20; j++) {
val20 = sae_pk_get_be19(hash + sec);
val20 |= sec_1b << 19;
sae_pk_buf_shift_left_19(hash + sec, hash_len - sec);
if (j & 1) {
*dst |= (val20 >> 16) & 0x0f;
dst++;
*dst++ = (val20 >> 8) & 0xff;
*dst++ = val20 & 0xff;
} else {
*dst++ = (val20 >> 12) & 0xff;
*dst++ = (val20 >> 4) & 0xff;
*dst = (val20 << 4) & 0xf0;
}
}
if (wpa_snprintf_hex(hash_hex, sizeof(hash_hex),
pw_base_bin, hash_len - sec) >= 0)
fprintf(stderr, "PasswordBase binary data for base32: %s",
hash_hex);
pw = sae_pk_base32_encode(pw_base_bin, 20 * 3 - 5);
if (!pw)
goto fail;
printf("# SAE-PK password/M/private key for Sec=%d.\n", sec); printf("# SAE-PK password/M/private key for Sec=%d.\n", sec);
printf("# The password can be truncated from right to improve\n");
printf("# usability at the cost of security.\n");
printf("sae_password=%s|pk=%s:%s\n", pw, m_hex, b64); printf("sae_password=%s|pk=%s:%s\n", pw, m_hex, b64);
printf("# Longer passwords can be used for improved security at the cost of usability:\n");
for (j = 4; j <= ((int) hash_len * 8 + 5 - 8 * sec) / 19; j++) {
os_free(pw);
pw = sae_pk_base32_encode(pw_base_bin, 20 * j - 5);
if (pw)
printf("# %s\n", pw);
}
ret = 0; ret = 0;
fail: fail:

15
src/common/common_module_tests.c
View file

@ -551,19 +551,14 @@ fail:
static int sae_pk_tests(void) static int sae_pk_tests(void)
{ {
#ifdef CONFIG_SAE_PK #ifdef CONFIG_SAE_PK
const char *invalid[] = { "a2bc-de3f-ghi4-", "a2bcde3fghi4", "", NULL }; const char *invalid[] = { "a2bc-de3f-ghim-", "a2bcde3fghim", "", NULL };
struct { struct {
const char *pw; const char *pw;
const u8 *val; const u8 *val;
} valid[] = { } valid[] = {
{ "a2bc-de3f-ghi4", (u8 *) "\x06\x82\x21\x93\x65\x31\xd1\xc0" }, { "a2bc-de3f-ghim", (u8 *) "\x06\x82\x21\x93\x65\x31\xd0\xc0" },
{ "aaaa-aaaa-aaaa-a", { "aaaa-aaaa-aaaj", (u8 *) "\x00\x00\x00\x00\x00\x00\x00\x90" },
(u8 *) "\x00\x00\x00\x00\x00\x00\x00\x00\x00" }, { "7777-7777-777f", (u8 *) "\xff\xff\xff\xff\xff\xff\xfe\x50" },
{ "aaaa-aaaa-aaaa", (u8 *) "\x00\x00\x00\x00\x00\x00\x00\x00" },
{ "7777-7777-777", (u8 *) "\xff\xff\xff\xff\xff\xff\xfe" },
{ "7777-7777-7777", (u8 *) "\xff\xff\xff\xff\xff\xff\xff\xf0" },
{ "7777-7777-7777-7",
(u8 *) "\xff\xff\xff\xff\xff\xff\xff\xff\x80" },
{ NULL, NULL } { NULL, NULL }
}; };
int i; int i;
@ -617,7 +612,7 @@ static int sae_pk_tests(void)
} }
os_free(res); os_free(res);
b32 = sae_pk_base32_encode(val, bits); b32 = sae_pk_base32_encode(val, bits - 5);
if (!b32) { if (!b32) {
wpa_printf(MSG_ERROR, wpa_printf(MSG_ERROR,
"SAE-PK: Failed to encode password '%s'", "SAE-PK: Failed to encode password '%s'",

3
src/common/sae.c
View file

@ -112,9 +112,6 @@ void sae_clear_temp_data(struct sae_data *sae)
wpabuf_free(tmp->own_rejected_groups); wpabuf_free(tmp->own_rejected_groups);
wpabuf_free(tmp->peer_rejected_groups); wpabuf_free(tmp->peer_rejected_groups);
os_free(tmp->pw_id); os_free(tmp->pw_id);
#ifdef CONFIG_SAE_PK
bin_clear_free(tmp->pw, tmp->pw_len);
#endif /* CONFIG_SAE_PK */
bin_clear_free(tmp, sizeof(*tmp)); bin_clear_free(tmp, sizeof(*tmp));
sae->tmp = NULL; sae->tmp = NULL;
} }

8
src/common/sae.h
View file

@ -70,9 +70,11 @@ struct sae_temporary_data {
const struct sae_pk *ap_pk; const struct sae_pk *ap_pk;
u8 own_addr[ETH_ALEN]; u8 own_addr[ETH_ALEN];
u8 peer_addr[ETH_ALEN]; u8 peer_addr[ETH_ALEN];
u8 *pw; u8 fingerprint[SAE_MAX_HASH_LEN];
size_t pw_len; size_t fingerprint_bytes;
size_t fingerprint_bits;
size_t lambda; size_t lambda;
unsigned int sec;
u8 ssid[32]; u8 ssid[32];
size_t ssid_len; size_t ssid_len;
#ifdef CONFIG_TESTING_OPTIONS #ifdef CONFIG_TESTING_OPTIONS
@ -164,5 +166,7 @@ struct sae_pk * sae_parse_pk(const char *val);
int sae_write_confirm_pk(struct sae_data *sae, struct wpabuf *buf); int sae_write_confirm_pk(struct sae_data *sae, struct wpabuf *buf);
int sae_check_confirm_pk(struct sae_data *sae, const u8 *ies, size_t ies_len); int sae_check_confirm_pk(struct sae_data *sae, const u8 *ies, size_t ies_len);
int sae_hash(size_t hash_len, const u8 *data, size_t len, u8 *hash); int sae_hash(size_t hash_len, const u8 *data, size_t len, u8 *hash);
u32 sae_pk_get_be19(const u8 *buf);
void sae_pk_buf_shift_left_19(u8 *buf, size_t len);
#endif /* SAE_H */ #endif /* SAE_H */

326
src/common/sae_pk.c
View file

@ -23,40 +23,173 @@
static const char *sae_pk_base32_table = "abcdefghijklmnopqrstuvwxyz234567"; static const char *sae_pk_base32_table = "abcdefghijklmnopqrstuvwxyz234567";
static const u8 d_mult_table[] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31,
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0,
17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 16,
2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0, 1,
18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 16, 17,
3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2,
19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 16, 17, 18,
4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3,
20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 16, 17, 18, 19,
5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4,
21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 16, 17, 18, 19, 20,
6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5,
22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 16, 17, 18, 19, 20, 21,
7, 8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6,
23, 24, 25, 26, 27, 28, 29, 30, 31, 16, 17, 18, 19, 20, 21, 22,
8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7,
24, 25, 26, 27, 28, 29, 30, 31, 16, 17, 18, 19, 20, 21, 22, 23,
9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7, 8,
25, 26, 27, 28, 29, 30, 31, 16, 17, 18, 19, 20, 21, 22, 23, 24,
10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
26, 27, 28, 29, 30, 31, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25,
11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
27, 28, 29, 30, 31, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26,
12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,
28, 29, 30, 31, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27,
13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
29, 30, 31, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28,
14, 15, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,
30, 31, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29,
15, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
31, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30,
16, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17,
0, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1,
17, 16, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18,
1, 0, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2,
18, 17, 16, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19,
2, 1, 0, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3,
19, 18, 17, 16, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20,
3, 2, 1, 0, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4,
20, 19, 18, 17, 16, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21,
4, 3, 2, 1, 0, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5,
21, 20, 19, 18, 17, 16, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22,
5, 4, 3, 2, 1, 0, 15, 14, 13, 12, 11, 10, 9, 8, 7, 6,
22, 21, 20, 19, 18, 17, 16, 31, 30, 29, 28, 27, 26, 25, 24, 23,
6, 5, 4, 3, 2, 1, 0, 15, 14, 13, 12, 11, 10, 9, 8, 7,
23, 22, 21, 20, 19, 18, 17, 16, 31, 30, 29, 28, 27, 26, 25, 24,
7, 6, 5, 4, 3, 2, 1, 0, 15, 14, 13, 12, 11, 10, 9, 8,
24, 23, 22, 21, 20, 19, 18, 17, 16, 31, 30, 29, 28, 27, 26, 25,
8, 7, 6, 5, 4, 3, 2, 1, 0, 15, 14, 13, 12, 11, 10, 9,
25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 31, 30, 29, 28, 27, 26,
9, 8, 7, 6, 5, 4, 3, 2, 1, 0, 15, 14, 13, 12, 11, 10,
26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 31, 30, 29, 28, 27,
10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0, 15, 14, 13, 12, 11,
27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 31, 30, 29, 28,
11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0, 15, 14, 13, 12,
28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 31, 30, 29,
12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0, 15, 14, 13,
29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 31, 30,
13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0, 15, 14,
30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 31,
14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0, 15,
31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, 16,
15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0
};
static const u8 d_perm_table[] = {
7, 2, 1, 30, 16, 20, 27, 11, 31, 6, 8, 13, 29, 5, 10, 21,
22, 3, 24, 0, 23, 25, 12, 9, 28, 14, 4, 15, 17, 18, 19, 26
};
static u8 d_permute(u8 val, unsigned int iter)
{
if (iter == 0)
return val;
return d_permute(d_perm_table[val], iter - 1);
}
static u8 d_invert(u8 val)
{
if (val > 0 && val < 16)
return 16 - val;
return val;
}
static char d_check_char(const char *str, size_t len)
{
size_t i;
u8 val = 0;
u8 dtable[256];
unsigned int iter = 1;
int j;
os_memset(dtable, 0x80, 256);
for (i = 0; sae_pk_base32_table[i]; i++)
dtable[(u8) sae_pk_base32_table[i]] = i;
for (j = len - 1; j >= 0; j--) {
u8 c, p;
c = dtable[(u8) str[j]];
if (c == 0x80)
continue;
p = d_permute(c, iter);
iter++;
val = d_mult_table[val * 32 + p];
}
return sae_pk_base32_table[d_invert(val)];
}
bool sae_pk_valid_password(const char *pw) bool sae_pk_valid_password(const char *pw)
{ {
int pos, sec; int pos;
const char *idx; size_t i, pw_len = os_strlen(pw);
size_t pw_len = os_strlen(pw); u8 sec_1b;
u8 dtable[256];
/* Check whether the password is long enough to meet the minimum os_memset(dtable, 0x80, 256);
* required resistance to preimage attacks. This makes it less likely to for (i = 0; sae_pk_base32_table[i]; i++)
* recognize non-SAE-PK passwords as suitable for SAE-PK. */ dtable[(u8) sae_pk_base32_table[i]] = i;
if (pw_len < 1)
/* SAE-PK password has at least three four character components
* separated by hyphens. */
if (pw_len < 14 || pw_len % 5 != 4) {
wpa_printf(MSG_DEBUG, "SAE-PK: Not a valid password (length)");
return false; return false;
/* Fetch Sec from the two MSBs */ }
idx = os_strchr(sae_pk_base32_table, pw[0]);
if (!idx)
return false;
sec = (((u8) ((idx - sae_pk_base32_table) & 0x1f)) >> 3) + 2;
if ((sec == 2 && pw_len < 14) ||
(sec == 3 && pw_len < 13) ||
(sec == 4 && pw_len < 11) ||
(sec == 5 && pw_len < 9))
return false; /* too short password */
for (pos = 0; pw[pos]; pos++) { for (pos = 0; pw[pos]; pos++) {
if (pos && pos % 5 == 4) { if (pos && pos % 5 == 4) {
if (pw[pos] != '-') if (pw[pos] != '-') {
wpa_printf(MSG_DEBUG,
"SAE-PK: Not a valid password (separator)");
return false; return false;
}
continue; continue;
} }
if (!os_strchr(sae_pk_base32_table, pw[pos])) if (dtable[(u8) pw[pos]] == 0x80) {
wpa_printf(MSG_DEBUG,
"SAE-PK: Not a valid password (character)");
return false; return false;
} }
if (pos == 0) }
/* Verify that the checksum character is valid */
if (pw[pw_len - 1] != d_check_char(pw, pw_len - 1)) {
wpa_printf(MSG_DEBUG,
"SAE-PK: Not a valid password (checksum)");
return false; return false;
return pw[pos - 1] != '-'; }
/* Verify that Sec_1b bits match */
sec_1b = dtable[(u8) pw[0]] & BIT(4);
for (i = 5; i < pw_len; i += 5) {
if (sec_1b != (dtable[(u8) pw[i]] & BIT(4))) {
wpa_printf(MSG_DEBUG,
"SAE-PK: Not a valid password (Sec_1b)");
return false;
}
}
return true;
} }
@ -76,6 +209,7 @@ static char * add_char(const char *start, char *pos, u8 idx, size_t *bits)
} }
/* Base32 encode a password and add hyper separators and checksum */
char * sae_pk_base32_encode(const u8 *src, size_t len_bits) char * sae_pk_base32_encode(const u8 *src, size_t len_bits)
{ {
char *out, *pos; char *out, *pos;
@ -90,7 +224,7 @@ char * sae_pk_base32_encode(const u8 *src, size_t len_bits)
return NULL; return NULL;
olen = len * 8 / 5 + 1; olen = len * 8 / 5 + 1;
olen += olen / 4; /* hyphen separators */ olen += olen / 4; /* hyphen separators */
pos = out = os_zalloc(olen + 1); pos = out = os_zalloc(olen + 2); /* include room for ChkSum and nul */
if (!out) if (!out)
return NULL; return NULL;
@ -107,6 +241,8 @@ char * sae_pk_base32_encode(const u8 *src, size_t len_bits)
} }
} }
*pos = d_check_char(out, os_strlen(out));
return out; return out;
} }
@ -178,19 +314,107 @@ u8 * sae_pk_base32_decode(const char *src, size_t len, size_t *out_len)
} }
u32 sae_pk_get_be19(const u8 *buf)
{
return (buf[0] << 11) | (buf[1] << 3) | (buf[2] >> 5);
}
/* shift left by two octets and three bits; fill in zeros from right;
* len must be at least three */
void sae_pk_buf_shift_left_19(u8 *buf, size_t len)
{
u8 *dst, *src, *end;
dst = buf;
src = buf + 2;
end = buf + len;
while (src + 1 < end) {
*dst++ = (src[0] << 3) | (src[1] >> 5);
src++;
}
*dst++ = *src << 3;
*dst++ = 0;
*dst++ = 0;
}
static void sae_pk_buf_shift_left_1(u8 *buf, size_t len)
{
u8 *dst, *src, *end;
dst = buf;
src = buf;
end = buf + len;
while (src + 1 < end) {
*dst++ = (src[0] << 1) | (src[1] >> 7);
src++;
}
*dst++ = *src << 1;
}
int sae_pk_set_password(struct sae_data *sae, const char *password) int sae_pk_set_password(struct sae_data *sae, const char *password)
{ {
struct sae_temporary_data *tmp = sae->tmp; struct sae_temporary_data *tmp = sae->tmp;
size_t len; size_t len, pw_len;
u8 *pw, *pos;
int bits;
u32 val = 0, val19;
unsigned int val_bits = 0;
len = os_strlen(password); if (!tmp)
if (!tmp || len < 1)
return -1; return -1;
bin_clear_free(tmp->pw, tmp->pw_len); os_memset(tmp->fingerprint, 0, sizeof(tmp->fingerprint));
tmp->pw = sae_pk_base32_decode(password, len, &tmp->pw_len); tmp->fingerprint_bytes = tmp->fingerprint_bits = 0;
len = os_strlen(password);
if (len < 1 || !sae_pk_valid_password(password))
return -1;
pw = sae_pk_base32_decode(password, len, &pw_len);
if (!pw)
return -1;
tmp->sec = (pw[0] & BIT(7)) ? 3 : 5;
tmp->lambda = len - len / 5; tmp->lambda = len - len / 5;
return tmp->pw ? 0 : -1; tmp->fingerprint_bits = 8 * tmp->sec + 19 * tmp->lambda / 4 - 5;
wpa_printf(MSG_DEBUG, "SAE-PK: Sec=%u Lambda=%zu fingerprint_bits=%zu",
tmp->sec, tmp->lambda, tmp->fingerprint_bits);
/* Construct Fingerprint from PasswordBase by prefixing with Sec zero
* octets and skipping the Sec_1b bits */
pos = &tmp->fingerprint[tmp->sec];
bits = tmp->fingerprint_bits - 8 * tmp->sec;
wpa_hexdump_key(MSG_DEBUG, "SAE-PK: PasswordBase", pw, pw_len);
while (bits > 0) {
if (val_bits < 8) {
sae_pk_buf_shift_left_1(pw, pw_len); /* Sec_1b */
val19 = sae_pk_get_be19(pw);
sae_pk_buf_shift_left_19(pw, pw_len);
val = (val << 19) | val19;
val_bits += 19;
}
if (val_bits >= 8) {
if (bits < 8)
break;
*pos++ = (val >> (val_bits - 8)) & 0xff;
val_bits -= 8;
bits -= 8;
}
}
if (bits > 0) {
val >>= val_bits - bits;
*pos++ = val << (8 - bits);
}
tmp->fingerprint_bytes = pos - tmp->fingerprint;
wpa_hexdump_key(MSG_DEBUG, "SAE-PK: Fingerprint",
tmp->fingerprint, tmp->fingerprint_bytes);
bin_clear_free(pw, pw_len);
return 0;
} }
@ -481,19 +705,19 @@ static bool sae_pk_valid_fingerprint(struct sae_data *sae,
const u8 *k_ap, size_t k_ap_len, int group) const u8 *k_ap, size_t k_ap_len, int group)
{ {
struct sae_temporary_data *tmp = sae->tmp; struct sae_temporary_data *tmp = sae->tmp;
size_t sec, i; u8 *hash_data, *pos;
u8 *fingerprint_exp, *hash_data, *pos; size_t hash_len, hash_data_len;
size_t hash_len, hash_data_len, fingerprint_bits, fingerprint_bytes;
u8 hash[SAE_MAX_HASH_LEN]; u8 hash[SAE_MAX_HASH_LEN];
int res; int res;
if (!tmp->pw || tmp->pw_len < 1) { if (!tmp->fingerprint_bytes) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"SAE-PK: No PW available for K_AP fingerprint check"); "SAE-PK: No PW available for K_AP fingerprint check");
return false; return false;
} }
/* Fingerprint = L(Hash(SSID || M || K_AP), 0, 8*Sec + 5*Lambda - 2) */ /* Fingerprint = L(Hash(SSID || M || K_AP), 0, 8*Sec + 19*Lambda/4 - 5)
*/
hash_len = sae_group_2_hash_len(group); hash_len = sae_group_2_hash_len(group);
hash_data_len = tmp->ssid_len + m_len + k_ap_len; hash_data_len = tmp->ssid_len + m_len + k_ap_len;
@ -516,44 +740,26 @@ static bool sae_pk_valid_fingerprint(struct sae_data *sae,
wpa_hexdump(MSG_DEBUG, "SAE-PK: Hash(SSID || M || K_AP)", wpa_hexdump(MSG_DEBUG, "SAE-PK: Hash(SSID || M || K_AP)",
hash, hash_len); hash, hash_len);
wpa_hexdump_key(MSG_DEBUG, "SAE-PK: PW", tmp->pw, tmp->pw_len); if (tmp->fingerprint_bits > hash_len * 8) {
sec = (tmp->pw[0] >> 6) + 2;
fingerprint_bits = 8 * sec + 5 * tmp->lambda - 2;
wpa_printf(MSG_DEBUG, "SAE-PK: Sec=%zu Lambda=%zu fingerprint_bits=%zu",
sec, tmp->lambda, fingerprint_bits);
if (fingerprint_bits > hash_len * 8) {
wpa_printf(MSG_INFO, wpa_printf(MSG_INFO,
"SAE-PK: Not enough hash output bits for the fingerprint"); "SAE-PK: Not enough hash output bits for the fingerprint");
return false; return false;
} }
fingerprint_bytes = (fingerprint_bits + 7) / 8; if (tmp->fingerprint_bits % 8) {
if (fingerprint_bits % 8) {
size_t extra; size_t extra;
/* Zero out the extra bits in the last octet */ /* Zero out the extra bits in the last octet */
extra = 8 - fingerprint_bits % 8; extra = 8 - tmp->fingerprint_bits % 8;
pos = &hash[fingerprint_bits / 8]; pos = &hash[tmp->fingerprint_bits / 8];
*pos = (*pos >> extra) << extra; *pos = (*pos >> extra) << extra;
} }
wpa_hexdump(MSG_DEBUG, "SAE-PK: Fingerprint", hash, fingerprint_bytes); wpa_hexdump(MSG_DEBUG, "SAE-PK: Fingerprint", hash,
tmp->fingerprint_bytes);
fingerprint_exp = os_zalloc(sec + tmp->pw_len); res = os_memcmp_const(hash, tmp->fingerprint, tmp->fingerprint_bytes);
if (!fingerprint_exp)
return false;
pos = fingerprint_exp + sec;
for (i = 0; i < tmp->pw_len; i++) {
u8 next = i + 1 < tmp->pw_len ? tmp->pw[i + 1] : 0;
*pos++ = tmp->pw[i] << 2 | next >> 6;
}
wpa_hexdump(MSG_DEBUG, "SAE-PK: Fingerprint_Expected",
fingerprint_exp, fingerprint_bytes);
res = os_memcmp_const(hash, fingerprint_exp, fingerprint_bytes);
bin_clear_free(fingerprint_exp, tmp->pw_len);
if (res) { if (res) {
wpa_printf(MSG_DEBUG, "SAE-PK: K_AP fingerprint mismatch"); wpa_printf(MSG_DEBUG, "SAE-PK: K_AP fingerprint mismatch");
wpa_hexdump(MSG_DEBUG, "SAE-PK: Expected fingerprint",
tmp->fingerprint, tmp->fingerprint_bytes);
return false; return false;
} }

135
tests/hwsim/test_sae_pk.py
View file

@ -9,18 +9,17 @@ from utils import *
SAE_PK_SSID = "SAE-PK test" SAE_PK_SSID = "SAE-PK test"
SAE_PK_SEC2_PW = "dwxm-zv66-p5ue" SAE_PK_SEC3_PW = "r6cr-6ksa-56og"
SAE_PK_SEC2_PW_FULL = "dwxm-zv66-p5ue-fotp-owjy-lfby-2xpg-vmwq-chtz-hilu-m3t2-qleg" SAE_PK_SEC3_M = "089ec11475d55f0d38403f5117a6d64d"
SAE_PK_SEC2_M = "431ff8322f93b9dc50ded9f3d14ace22"
SAE_PK_19_PK = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg==" SAE_PK_19_PK = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg=="
SAE_PK_20_PW = "f3bh-5un3-wz7o-al3p" SAE_PK_20_PW = "4zsy-uspe-xbfr-3ifo"
SAE_PK_20_M = "50bf37ba0033ed110a74e3a7aa52f4e9" SAE_PK_20_M = "206902f9f09b62e3fafcd487c65f5c64"
SAE_PK_20_PK = "MIGkAgEBBDA4wpA6w/fK0g3a2V6QmcoxNoFCVuQPyzWvKYimJkgXsVsXt2ERXQ7dGOVXeycM5DqgBwYFK4EEACKhZANiAARTdszGBNe2PGCnc8Wvs+IDvdVEf4PPBrty0meRZf6UTbGouquTHpy6KKTq5sxrulYzsQFimg4op0UJBGxAzqo0EtTgMlLiBvY0I3Nl3N69MhWo8nvnmguvGGN32AAPXpQ=" SAE_PK_20_PK = "MIGkAgEBBDA4wpA6w/fK0g3a2V6QmcoxNoFCVuQPyzWvKYimJkgXsVsXt2ERXQ7dGOVXeycM5DqgBwYFK4EEACKhZANiAARTdszGBNe2PGCnc8Wvs+IDvdVEf4PPBrty0meRZf6UTbGouquTHpy6KKTq5sxrulYzsQFimg4op0UJBGxAzqo0EtTgMlLiBvY0I3Nl3N69MhWo8nvnmguvGGN32AAPXpQ="
SAE_PK_21_PW = "a5rp-4rgd-ewum-v4qr-v5jy" SAE_PK_21_PW = "vluk-umpa-3mbw-zrhe-s2n2"
SAE_PK_21_M = "2bf0a143b158b967a435cf75b07fc9e6" SAE_PK_21_M = "1c63c1b17e9a999f0693b4341a970a63"
SAE_PK_21_PK = "MIHcAgEBBEIBcch+ygKv1uL5344C+8Rt5h8cTYHG++L3/8/hH6I2J3pWboB0jtzTf/zdZVGqkEIi+zZ2O+5g65cS8my1B44n0g+gBwYFK4EEACOhgYkDgYYABAA49TXDQfBgQWuwGrvYSkw9yuLRTn7WKyWcfSqSFfJYY6piGRE0wdKsNsGbuqHsfjn3Jb3LhmPdcnaDXd5z7fhdgAGFaiL+ZtBJCw5LqjW71rb54oy1NookDiNILdZ9i1dwBzE3fpfOWVvfjnXj9weZKUWHLB+2RF2X1qB0mY/G5NuRXA==" SAE_PK_21_PK = "MIHcAgEBBEIBnFBjU0ywxo1dLTYcg2aZdMfNY7JHt4GTADRTgJ7RRo9qzRIlfmK7p+BP1c8YM8ia8v7YDTut00rDOfzkdmLOi0WgBwYFK4EEACOhgYkDgYYABAD6n3DHI+qaj/lElhe2sUSKqAe4sweckMlr9bhdmwp8Wsx5lKR/Tt7WPexeqFrA47nChw5WMWy6qJanCKNFvGYG0ADUWnxesYczGtCdUYJQgs3X5tHSapMssz6tP8QL0X9adTI/H3tFYhiVIdor03eZDUVnej78/F31CcHcjGBEyItVfw=="
def run_sae_pk(apdev, dev, ssid, pw, m, pk, ap_groups=None, def run_sae_pk(apdev, dev, ssid, pw, m, pk, ap_groups=None,
confirm_immediate=False): confirm_immediate=False):
@ -54,11 +53,18 @@ def test_sae_pk(dev, apdev):
dev[0].flush_scan_cache() dev[0].flush_scan_cache()
dev[0].set("sae_groups", "") dev[0].set("sae_groups", "")
for i in range(14, len(SAE_PK_SEC2_PW_FULL) + 1): passwords = [SAE_PK_SEC3_PW,
p = SAE_PK_SEC2_PW_FULL[:i] "r6cr-6ksa-56oo-5557",
if p.endswith('-'): "r6cr-6ksa-56oo-555p-wi44",
continue "r6cr-6ksa-56oo-555p-wi4b-vghb",
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, p, SAE_PK_SEC2_M, "r6cr-6ksa-56oo-555p-wi4b-vghv-vwro",
"r6cr-6ksa-56oo-555p-wi4b-vghv-vwrp-taqj",
"r6cr-6ksa-56oo-555p-wi4b-vghv-vwrp-taq5-4zfq",
"r6cr-6ksa-56oo-555p-wi4b-vghv-vwrp-taq5-4zfa-ye3x",
"r6cr-6ksa-56oo-555p-wi4b-vghv-vwrp-taq5-4zfa-ye35-4rne",
"r6cr-6ksa-56oo-555p-wi4b-vghv-vwrp-taq5-4zfa-ye35-4rny-5yqz"]
for p in passwords:
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, p, SAE_PK_SEC3_M,
SAE_PK_19_PK) SAE_PK_19_PK)
def test_sae_pk_group_negotiation(dev, apdev): def test_sae_pk_group_negotiation(dev, apdev):
@ -68,39 +74,19 @@ def test_sae_pk_group_negotiation(dev, apdev):
dev[0].set("sae_groups", "20 19") dev[0].set("sae_groups", "20 19")
try: try:
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC2_PW, run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC3_PW,
SAE_PK_SEC2_M, SAE_PK_19_PK, ap_groups="19 20") SAE_PK_SEC3_M, SAE_PK_19_PK, ap_groups="19 20")
finally: finally:
dev[0].set("sae_groups", "") dev[0].set("sae_groups", "")
def test_sae_pk_sec_2(dev, apdev):
"""SAE-PK with Sec 2"""
check_sae_pk_capab(dev[0])
dev[0].flush_scan_cache()
dev[0].set("sae_groups", "")
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC2_PW,
SAE_PK_SEC2_M, SAE_PK_19_PK)
def test_sae_pk_sec_3(dev, apdev): def test_sae_pk_sec_3(dev, apdev):
"""SAE-PK with Sec 3""" """SAE-PK with Sec 3"""
check_sae_pk_capab(dev[0]) check_sae_pk_capab(dev[0])
dev[0].flush_scan_cache() dev[0].flush_scan_cache()
dev[0].set("sae_groups", "") dev[0].set("sae_groups", "")
pw = "iian-qey6-pu5t" run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
m = "128e51ddb5e2e24388f9ed14b687e2eb" SAE_PK_19_PK)
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, pw, m, SAE_PK_19_PK)
def test_sae_pk_sec_4(dev, apdev):
"""SAE-PK with Sec 4"""
check_sae_pk_capab(dev[0])
dev[0].flush_scan_cache()
dev[0].set("sae_groups", "")
pw = "ssko-2lmu-7hzs-bqct"
m = "a5e38c7251ea310cc348fbcdadfa8bcb"
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, pw, m, SAE_PK_19_PK)
def test_sae_pk_sec_5(dev, apdev): def test_sae_pk_sec_5(dev, apdev):
"""SAE-PK with Sec 5""" """SAE-PK with Sec 5"""
@ -108,7 +94,7 @@ def test_sae_pk_sec_5(dev, apdev):
dev[0].flush_scan_cache() dev[0].flush_scan_cache()
dev[0].set("sae_groups", "") dev[0].set("sae_groups", "")
pw = "3qqu-f4xq-dz37-fes3-fbgc" pw = "hbbi-f4xq-b457-jjew-muei"
m = "d2e5fa27d1be8897f987f2d480d2af6b" m = "d2e5fa27d1be8897f987f2d480d2af6b"
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, pw, m, SAE_PK_19_PK) run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, pw, m, SAE_PK_19_PK)
@ -164,8 +150,8 @@ def test_sae_pk_group_19_sae_group_20(dev, apdev):
dev[0].flush_scan_cache() dev[0].flush_scan_cache()
dev[0].set("sae_groups", "20") dev[0].set("sae_groups", "20")
try: try:
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC2_PW, run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC3_PW,
SAE_PK_SEC2_M, SAE_PK_19_PK, ap_groups="20") SAE_PK_SEC3_M, SAE_PK_19_PK, ap_groups="20")
finally: finally:
dev[0].set("sae_groups", "") dev[0].set("sae_groups", "")
@ -176,10 +162,10 @@ def test_sae_pk_password_without_pk(dev, apdev):
params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
params['wpa_key_mgmt'] = 'SAE' params['wpa_key_mgmt'] = 'SAE'
params['sae_password'] = SAE_PK_SEC2_PW params['sae_password'] = SAE_PK_SEC3_PW
hapd = hostapd.add_ap(apdev[0], params) hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC2_PW, dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
key_mgmt="SAE", scan_freq="2412") key_mgmt="SAE", scan_freq="2412")
if dev[0].get_status_field("sae_pk") != "0": if dev[0].get_status_field("sae_pk") != "0":
raise Exception("Unexpected sae_pk STATUS value") raise Exception("Unexpected sae_pk STATUS value")
@ -191,10 +177,10 @@ def test_sae_pk_only(dev, apdev):
params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
params['wpa_key_mgmt'] = 'SAE' params['wpa_key_mgmt'] = 'SAE'
params['sae_password'] = SAE_PK_SEC2_PW params['sae_password'] = SAE_PK_SEC3_PW
hapd = hostapd.add_ap(apdev[0], params) hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC2_PW, dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
key_mgmt="SAE", sae_pk="1", key_mgmt="SAE", sae_pk="1",
scan_freq="2412", wait_connect=False) scan_freq="2412", wait_connect=False)
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
@ -208,7 +194,7 @@ def test_sae_pk_only(dev, apdev):
params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
params['wpa_key_mgmt'] = 'SAE' params['wpa_key_mgmt'] = 'SAE'
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC2_PW, SAE_PK_SEC2_M, params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
SAE_PK_19_PK)] SAE_PK_19_PK)]
hapd2 = hostapd.add_ap(apdev[1], params) hapd2 = hostapd.add_ap(apdev[1], params)
bssid2 = hapd2.own_addr() bssid2 = hapd2.own_addr()
@ -229,13 +215,13 @@ def test_sae_pk_modes(dev, apdev):
params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
params['wpa_key_mgmt'] = 'SAE' params['wpa_key_mgmt'] = 'SAE'
params["ieee80211w"] = "2" params["ieee80211w"] = "2"
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC2_PW, SAE_PK_SEC2_M, params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
SAE_PK_19_PK)] SAE_PK_19_PK)]
hapd = hostapd.add_ap(apdev[0], params) hapd = hostapd.add_ap(apdev[0], params)
tests = [(2, 0), (1, 1), (0, 1)] tests = [(2, 0), (1, 1), (0, 1)]
for sae_pk, expected in tests: for sae_pk, expected in tests:
dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC2_PW, dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
key_mgmt="SAE", sae_pk=str(sae_pk), ieee80211w="2", key_mgmt="SAE", sae_pk=str(sae_pk), ieee80211w="2",
scan_freq="2412") scan_freq="2412")
val = dev[0].get_status_field("sae_pk") val = dev[0].get_status_field("sae_pk")
@ -252,10 +238,10 @@ def test_sae_pk_not_on_ap(dev, apdev):
params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
params['wpa_key_mgmt'] = 'SAE' params['wpa_key_mgmt'] = 'SAE'
params['sae_password'] = SAE_PK_SEC2_PW params['sae_password'] = SAE_PK_SEC3_PW
hapd = hostapd.add_ap(apdev[0], params) hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC2_PW, dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
key_mgmt="SAE", scan_freq="2412") key_mgmt="SAE", scan_freq="2412")
if dev[0].get_status_field("sae_pk") == "1": if dev[0].get_status_field("sae_pk") == "1":
raise Exception("SAE-PK was claimed to be used") raise Exception("SAE-PK was claimed to be used")
@ -267,12 +253,12 @@ def test_sae_pk_transition_disable(dev, apdev):
params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
params['wpa_key_mgmt'] = 'SAE' params['wpa_key_mgmt'] = 'SAE'
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC2_PW, SAE_PK_SEC2_M, params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
SAE_PK_19_PK)] SAE_PK_19_PK)]
params['transition_disable'] = '0x02' params['transition_disable'] = '0x02'
hapd = hostapd.add_ap(apdev[0], params) hapd = hostapd.add_ap(apdev[0], params)
id = dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC2_PW, id = dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
key_mgmt="SAE", scan_freq="2412") key_mgmt="SAE", scan_freq="2412")
ev = dev[0].wait_event(["TRANSITION-DISABLE"], timeout=1) ev = dev[0].wait_event(["TRANSITION-DISABLE"], timeout=1)
if ev is None: if ev is None:
@ -298,7 +284,7 @@ def run_sae_pk_mixed(dev, apdev, confirm_immediate=False):
params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
params['wpa_key_mgmt'] = 'SAE' params['wpa_key_mgmt'] = 'SAE'
params['sae_password'] = SAE_PK_SEC2_PW params['sae_password'] = SAE_PK_SEC3_PW
if confirm_immediate: if confirm_immediate:
params['sae_confirm_immediate'] = '1' params['sae_confirm_immediate'] = '1'
hapd = hostapd.add_ap(apdev[0], params) hapd = hostapd.add_ap(apdev[0], params)
@ -306,7 +292,7 @@ def run_sae_pk_mixed(dev, apdev, confirm_immediate=False):
params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
params['wpa_key_mgmt'] = 'SAE' params['wpa_key_mgmt'] = 'SAE'
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC2_PW, SAE_PK_SEC2_M, params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
SAE_PK_19_PK)] SAE_PK_19_PK)]
# Disable HT from the SAE-PK BSS to make the station prefer the other BSS # Disable HT from the SAE-PK BSS to make the station prefer the other BSS
# by default. # by default.
@ -317,7 +303,7 @@ def run_sae_pk_mixed(dev, apdev, confirm_immediate=False):
dev[0].scan_for_bss(bssid, freq=2412) dev[0].scan_for_bss(bssid, freq=2412)
dev[0].scan_for_bss(bssid2, freq=2412) dev[0].scan_for_bss(bssid2, freq=2412)
dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC2_PW, dev[0].connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
key_mgmt="SAE", scan_freq="2412") key_mgmt="SAE", scan_freq="2412")
if dev[0].get_status_field("sae_pk") != "1": if dev[0].get_status_field("sae_pk") != "1":
@ -326,7 +312,7 @@ def run_sae_pk_mixed(dev, apdev, confirm_immediate=False):
raise Exception("Unexpected BSSID selected") raise Exception("Unexpected BSSID selected")
def check_sae_pk_sta_connect_failure(dev): def check_sae_pk_sta_connect_failure(dev):
dev.connect(SAE_PK_SSID, sae_password=SAE_PK_SEC2_PW, dev.connect(SAE_PK_SSID, sae_password=SAE_PK_SEC3_PW,
key_mgmt="SAE", scan_freq="2412", wait_connect=False) key_mgmt="SAE", scan_freq="2412", wait_connect=False)
ev = dev.wait_event(["CTRL-EVENT-CONNECTED", ev = dev.wait_event(["CTRL-EVENT-CONNECTED",
"CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10) "CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
@ -342,7 +328,7 @@ def test_sae_pk_missing_ie(dev, apdev):
params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
params['wpa_key_mgmt'] = 'SAE' params['wpa_key_mgmt'] = 'SAE'
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC2_PW, SAE_PK_SEC2_M, params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
SAE_PK_19_PK)] SAE_PK_19_PK)]
params['sae_pk_omit'] = '1' params['sae_pk_omit'] = '1'
hapd = hostapd.add_ap(apdev[0], params) hapd = hostapd.add_ap(apdev[0], params)
@ -355,7 +341,7 @@ def test_sae_pk_unexpected_status(dev, apdev):
params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
params['wpa_key_mgmt'] = 'SAE' params['wpa_key_mgmt'] = 'SAE'
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC2_PW, SAE_PK_SEC2_M, params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
SAE_PK_19_PK)] SAE_PK_19_PK)]
params['sae_commit_status'] = '126' params['sae_commit_status'] = '126'
hapd = hostapd.add_ap(apdev[0], params) hapd = hostapd.add_ap(apdev[0], params)
@ -369,7 +355,7 @@ def test_sae_pk_invalid_signature(dev, apdev):
other = "MHcCAQEEILw+nTjFzRyhVea0G6KbwZu18oWrfhzppxj+MceUO3YLoAoGCCqGSM49AwEHoUQDQgAELdou6LuTDNiMVlMB65KsWhQFbPXR9url0EA6luWzUfAuGoDXYJUBTVz6Nv3mz6oQcDrSiDmz/LejndJ0YHGgfQ==" other = "MHcCAQEEILw+nTjFzRyhVea0G6KbwZu18oWrfhzppxj+MceUO3YLoAoGCCqGSM49AwEHoUQDQgAELdou6LuTDNiMVlMB65KsWhQFbPXR9url0EA6luWzUfAuGoDXYJUBTVz6Nv3mz6oQcDrSiDmz/LejndJ0YHGgfQ=="
params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
params['wpa_key_mgmt'] = 'SAE' params['wpa_key_mgmt'] = 'SAE'
params['sae_password'] = ['%s|pk=%s:%s:%s' % (SAE_PK_SEC2_PW, SAE_PK_SEC2_M, params['sae_password'] = ['%s|pk=%s:%s:%s' % (SAE_PK_SEC3_PW, SAE_PK_SEC3_M,
SAE_PK_19_PK, other)] SAE_PK_19_PK, other)]
hapd = hostapd.add_ap(apdev[0], params) hapd = hostapd.add_ap(apdev[0], params)
check_sae_pk_sta_connect_failure(dev[0]) check_sae_pk_sta_connect_failure(dev[0])
@ -382,43 +368,16 @@ def test_sae_pk_invalid_fingerprint(dev, apdev):
other = "431ff8322f93b9dc50ded9f3d14ace21" other = "431ff8322f93b9dc50ded9f3d14ace21"
params = hostapd.wpa2_params(ssid=SAE_PK_SSID) params = hostapd.wpa2_params(ssid=SAE_PK_SSID)
params['wpa_key_mgmt'] = 'SAE' params['wpa_key_mgmt'] = 'SAE'
params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC2_PW, other, params['sae_password'] = ['%s|pk=%s:%s' % (SAE_PK_SEC3_PW, other,
SAE_PK_19_PK)] SAE_PK_19_PK)]
hapd = hostapd.add_ap(apdev[0], params) hapd = hostapd.add_ap(apdev[0], params)
check_sae_pk_sta_connect_failure(dev[0]) check_sae_pk_sta_connect_failure(dev[0])
def test_sae_pk_password_min_len(dev, apdev):
"""SAE-PK password minimum length"""
check_sae_pk_capab(dev[0])
ssid = SAE_PK_SSID
pk = SAE_PK_19_PK
tests = [("dwxm-zv66-p5u", "431ff8322f93b9dc50ded9f3d14ace22", False),
("dwxm-zv66-p5ue", "431ff8322f93b9dc50ded9f3d14ace22", True),
("iian-qey6-pu", "128e51ddb5e2e24388f9ed14b687e2eb", False),
("iian-qey6-pu5", "128e51ddb5e2e24388f9ed14b687e2eb", True),
("ssko-2lmu", "a5e38c7251ea310cc348fbcdadfa8bcb", False),
("ssko-2lmu-7", "a5e38c7251ea310cc348fbcdadfa8bcb", True),
("3qqu-f4x", "d2e5fa27d1be8897f987f2d480d2af6b", False),
("3qqu-f4xq", "d2e5fa27d1be8897f987f2d480d2af6b", True)]
for pw, m, success in tests:
params = hostapd.wpa2_params(ssid=ssid)
params['wpa_key_mgmt'] = 'SAE'
params['sae_password'] = ['%s|pk=%s:%s' % (pw, m, pk)]
try:
hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
if not success:
raise Exception("Unexpected success with password %s" % pw)
except Exception as e:
if str(e).startswith("Unexpected success with password"):
raise
if success:
raise Exception("Unexpected failure with password %s" % pw)
def test_sae_pk_confirm_immediate(dev, apdev): def test_sae_pk_confirm_immediate(dev, apdev):
"""SAE-PK with immediate confirm on AP""" """SAE-PK with immediate confirm on AP"""
check_sae_pk_capab(dev[0]) check_sae_pk_capab(dev[0])
dev[0].flush_scan_cache() dev[0].flush_scan_cache()
dev[0].set("sae_groups", "") dev[0].set("sae_groups", "")
run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC2_PW, run_sae_pk(apdev[0], dev[0], SAE_PK_SSID, SAE_PK_SEC3_PW,
SAE_PK_SEC2_M, SAE_PK_19_PK, confirm_immediate=True) SAE_PK_SEC3_M, SAE_PK_19_PK, confirm_immediate=True)

84
tests/hwsim/test_sigma_dut.py
View file

@ -4930,8 +4930,8 @@ def test_sigma_dut_sae_pk(dev, apdev):
sigma = start_sigma_dut(ifname) sigma = start_sigma_dut(ifname)
ssid = "SAE-PK test" ssid = "SAE-PK test"
pw = "dwxm-zv66-p5ue" pw = "hbbi-f4xq-b45g"
m = "431ff8322f93b9dc50ded9f3d14ace22" m = "d2e5fa27d1be8897f987f2d480d2af6b"
pk = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg==" pk = "MHcCAQEEIAJIGlfnteonDb7rQyP/SGQjwzrZAnfrXIm4280VWajYoAoGCCqGSM49AwEHoUQDQgAEeRkstKQV+FSAMqBayqFknn2nAQsdsh/MhdX6tiHOTAFin/sUMFRMyspPtIu7YvlKdsexhI0jPVhaYZn1jKWhZg=="
try: try:
@ -5012,32 +5012,50 @@ def test_sigma_dut_ap_sae_pk(dev, apdev, params):
conffile = params['prefix'] + ".sigma-conf" conffile = params['prefix'] + ".sigma-conf"
if "SAE" not in dev[0].get_capability("auth_alg"): if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported") raise HwsimSkip("SAE not supported")
tests = [("SAEPK-4.7.1", "fb4c-zpqh-bhdc", "saepk.pem", tests = [("SAEPK-4.7.1.1", "ya3o-zvm2-r4so", "saepk1.pem",
"2ec1f37b47b402252e9dc5001e81fd1c", False), "faa1ef5094bdb4cb2836332ca2c09839", False),
("SAEPK-5.7.1.1", "amro-yjrs-zzda", "saepk1.pem", ("SAEPK-4.7.1.2", "xcc2-qwru-yg23", "saepk1.pem",
"f42baa90420032486b3229ab0890878a", False), "b1b30107eb74de2f25afd079bb4196c1", False),
("SAEPK-5.7.1.2", "eh56-tjce-cnzg-ymhq", "saepk2.pem", ("SAEPK-4.7.1.3", "skqz-6scq-zcqv", "saepk1.pem",
"efb8b7a87e0638a93b056cb4aadf4a71", False), "4c0ff61465e0f298510254ff54916c71", False),
("SAEPK-5.7.1.3", "knny-r45l-ww3w", "saepk3.pem", ("SAEPK-4.7.1.4", "r6em-rya4-tqfa", "saepkP384.pem",
"6502721b2c2dfea3c9aefc5324eee9c9", False), "fb811655209e9edf347a675ddd3e9c82", False),
("SAEPK-5.7.2.1", "fvys-4brw-d67c", "saepk4.pem", ("SAEPK-4.7.1.5", "6kjo-umvi-7x3w", "saepkP521.pem",
"b63662c6f0bdd12bf5a2075ccfd7e132", False), "cccb76bc0f113ab754826ba9538d66f5", False),
("SAEPK-5.7.2.2", "cnj6-khsf-dgzh", "saepk5.pem", ("SAEPK-5.7.1.1", "sw4h-re63-wgqg", "saepk1.pem",
"126d37fae167a53d4ebb08a235cef1da", False), "0d126f302d85ac809a6a4229dbbe3c75", False),
("SAEPK-5.7.2.3", "hr7j-3cdr-wtq6", "saepk6.pem", ("SAEPK-5.7.1.2", "wewq-r4kg-4ioz-xb2p", "saepk1.pem",
"61a84a86ffb1b9e23f576a0275ddcc78", True), "d6b1d8924b1a462677e67b3bbfe73977", False),
("SAEPK-5.7.2.4", "geoh-2rvn-ivwu", "saepk7.pem", ("SAEPK-5.7.1.3", "vb3v-5skk-5eft-v4hu-w2c5", "saepk1.pem",
"61a84a86ffb1b9e23f576a0275ddcc78", False), "41f8cfceb96ebc5c8af9677d22749fad", False),
("SAEPK-5.7.2.4", "geoh-2rvn-ivwu", "saepk8_sig.pem", ("SAEPK-5.7.1.4", "2qsw-6tgy-xnwa-s7lo-75tq-qggr", "saepk1.pem",
"61a84a86ffb1b9e23f576a0275ddcc78", True), "089e8d4a3a79ec637c54dd7bd61972f2", False),
("SAEPK-5.7.3", "hbhh-r4um-jzjs", "saepk9.pem", ("SAE-PK test", "hbbi-f4xq-b45g", "saepkP256.pem",
"af9b55bce52040892634bb3e41d557ee", False), "d2e5fa27d1be8897f987f2d480d2af6b", False),
("SAE-PK-5.7.1.13", "dop4-pi5w-72g2", "saepk13.pem", ("SAE-PK test", "hbbi-f4xq-b457-jje4", "saepkP256.pem",
"c269116268faaa6728fccd27fa5e9003", False), "d2e5fa27d1be8897f987f2d480d2af6b", False),
("SAE-PK test", "ssko-2lmu-7", "saepk5.7.1Run4thru12.pem", ("SAE-PK test", "hbbi-f4xq-b457-jjew-muei", "saepkP256.pem",
"a5e38c7251ea310cc348fbcdadfa8bcb", False), "d2e5fa27d1be8897f987f2d480d2af6b", False),
("SAE-PK test", "3qqu-f4xq", "saepk5.7.1Run4thru12.pem", ("SAE-PK test", "hbbi-f4xq-b457-jjew-muey-fod3", "saepkP256.pem",
"d2e5fa27d1be8897f987f2d480d2af6b", False)] "d2e5fa27d1be8897f987f2d480d2af6b", False),
("SAEPK-5.7.1.1", "sw4h-re63-wgqg", "saepk1.pem",
"0d126f302d85ac809a6a4229dbbe3c75", False),
("SAEPK-5.7.1.10", "tkor-7nb3-r7tv", "saepkP384.pem",
"af1a3df913fc0103f65f105ed1472277", False),
("SAEPK-5.7.1.11", "yjl3-vfvu-w6r3", "saepkP521.pem",
"24dadf9d253c4169c9647a21cb54fc57", False),
("SAEPK-5.7.2.1", "rntm-tkrp-xgke", "saepk1.pem",
"cd38ccce3baff627d09bee7b9530d6ce", False),
("SAEPK-5.7.2.2", "7lt7-7dqt-6abk", "saepk1.pem",
"a22fc8489932597c9e83de62dec02b21", False),
("SAEPK-5.7.2.3", "sw4h-re63-wgqg", "saepk2.pem",
"1f4a4c7d290d97e0b6ab0cbbbfa0726d", True),
("SAEPK-5.7.2.4", "rmj3-ya7b-42k4", "saepk1.pem",
"5f65e2bc37f8494de7a605ff615c8b6a", False),
("SAEPK-5.7.2.4", "rmj3-ya7b-42k4", "saepk2.pem",
"5f65e2bc37f8494de7a605ff615c8b6a", True),
("SAEPK-5.7.3", "4322-ufus-4bhm", "saepk1.pem",
"21ede99abc46679646693cafe4677d4e", False)]
with HWSimRadio() as (radio, iface): with HWSimRadio() as (radio, iface):
sigma = start_sigma_dut(iface, hostapd_logdir=logdir) sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
@ -5054,10 +5072,10 @@ def test_sigma_dut_ap_sae_pk_misbehavior(dev, apdev, params):
conffile = params['prefix'] + ".sigma-conf" conffile = params['prefix'] + ".sigma-conf"
if "SAE" not in dev[0].get_capability("auth_alg"): if "SAE" not in dev[0].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported") raise HwsimSkip("SAE not supported")
ssid = "SAEPK-4.7.1" ssid = "SAEPK-4.7.1.1"
pw = "fb4c-zpqh-bhdc" pw = "rmj3-ya7b-42k4"
keypair = "saepk.pem" keypair = "saepk1.pem"
m = "2ec1f37b47b402252e9dc5001e81fd1c" m = "faa1ef5094bdb4cb2836332ca2c09839"
with HWSimRadio() as (radio, iface): with HWSimRadio() as (radio, iface):
sigma = start_sigma_dut(iface, hostapd_logdir=logdir) sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
@ -5069,7 +5087,7 @@ def test_sigma_dut_ap_sae_pk_misbehavior(dev, apdev, params):
run_sigma_dut_ap_sae_pk(conffile, dev[0], ssid, pw, keypair, m, run_sigma_dut_ap_sae_pk(conffile, dev[0], ssid, pw, keypair, m,
True, status=126, omit=True, immediate=True) True, status=126, omit=True, immediate=True)
run_sigma_dut_ap_sae_pk(conffile, dev[0], ssid, pw, keypair, m, run_sigma_dut_ap_sae_pk(conffile, dev[0], ssid, pw, keypair, m,
True, sig="saepk8_sig.pem") True, sig="saepk2.pem")
finally: finally:
stop_sigma_dut(sigma) stop_sigma_dut(sigma)