SAE: Maintain EC group context in struct sae_data

This can be used to share same EC group context through the SAE
exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>

src/ap/sta_info.c

@@ -12,6 +12,7 @@
 #include "utils/eloop.h"
 #include "common/ieee802_11_defs.h"
 #include "common/wpa_ctrl.h"
+#include "common/sae.h"
 #include "radius/radius.h"
 #include "radius/radius_client.h"
 #include "drivers/driver.h"
@@ -241,6 +242,7 @@ void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
 	os_free(sta->radius_cui);
 
 #ifdef CONFIG_SAE
+	sae_clear_data(sta->sae);
 	os_free(sta->sae);
 #endif /* CONFIG_SAE */
 

src/common/sae.c

@@ -31,6 +31,29 @@ static const u8 group19_order[] = {
 };
 
 
+int sae_set_group(struct sae_data *sae, int group)
+{
+	crypto_ec_deinit(sae->ec);
+	sae->ec = crypto_ec_init(group);
+	if (!sae->ec)
+		return -1;
+
+	sae->group = group;
+	sae->prime_len = crypto_ec_prime_len(sae->ec);
+
+	return 0;
+}
+
+
+void sae_clear_data(struct sae_data *sae)
+{
+	if (sae == NULL)
+		return;
+	crypto_ec_deinit(sae->ec);
+	os_memset(sae, 0, sizeof(*sae));
+}
+
+
 static int val_zero_or_one(const u8 *val, size_t len)
 {
 	size_t i;
@@ -416,7 +439,7 @@ int sae_process_commit(struct sae_data *sae)
 void sae_write_commit(struct sae_data *sae, struct wpabuf *buf,
 		      const struct wpabuf *token)
 {
-	wpabuf_put_le16(buf, 19); /* Finite Cyclic Group */
+	wpabuf_put_le16(buf, sae->group); /* Finite Cyclic Group */
 	if (token)
 		wpabuf_put_buf(buf, token);
 	wpabuf_put_data(buf, sae->own_commit_scalar, 32);
@@ -429,6 +452,7 @@ u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
 {
 	const u8 *pos = data, *end = data + len;
 	size_t val_len;
+	u16 group;
 
 	wpa_hexdump(MSG_DEBUG, "SAE: Commit fields", data, len);
 	if (token)
@@ -439,9 +463,14 @@ u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
 	/* Check Finite Cyclic Group */
 	if (pos + 2 > end)
 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
-	if (WPA_GET_LE16(pos) != 19) {
+	group = WPA_GET_LE16(pos);
+	if (sae->state == SAE_COMMITTED && group != sae->group) {
+		wpa_printf(MSG_DEBUG, "SAE: Do not allow group to be changed");
+		return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
+	}
+	if (group != sae->group && sae_set_group(sae, group) < 0) {
 		wpa_printf(MSG_DEBUG, "SAE: Unsupported Finite Cyclic Group %u",
-			   WPA_GET_LE16(pos));
+			   group);
 		return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
 	}
 	pos += 2;

src/common/sae.h

@@ -23,8 +23,14 @@ struct sae_data {
 	u8 peer_commit_element[2 * 32];
 	u8 pwe[2 * 32];
 	u8 sae_rand[32];
+	int group;
+	struct crypto_ec *ec;
+	int prime_len;
 };
 
+int sae_set_group(struct sae_data *sae, int group);
+void sae_clear_data(struct sae_data *sae);
+
 int sae_prepare_commit(const u8 *addr1, const u8 *addr2,
 		       const u8 *password, size_t password_len,
 		       struct sae_data *sae);

wpa_supplicant/sme.c

@@ -54,6 +54,9 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
 		return NULL;
 	}
 
+	if (sae_set_group(&wpa_s->sme.sae, 19) < 0)
+		return NULL;
+
 	if (sae_prepare_commit(wpa_s->own_addr, bssid,
 			       (u8 *) ssid->passphrase,
 			       os_strlen(ssid->passphrase),
@@ -815,6 +818,7 @@ void sme_deinit(struct wpa_supplicant *wpa_s)
 #ifdef CONFIG_SAE
 	wpabuf_free(wpa_s->sme.sae_token);
 	wpa_s->sme.sae_token = NULL;
+	sae_clear_data(&wpa_s->sme.sae);
 #endif /* CONFIG_SAE */
 
 	eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);