eapol: Relax GTK 1/2 msg Key Length validation

Since caab23f192085e6c8e47c41fc1ae9f795d1cbe86 hostapd is going to set this bit to zero for RSN networks but both values will obviously be in use. Only check the value if is_wpa is true - in this case check the value is exactly 16, see hostapd commit: commit caab23f192085e6c8e47c41fc1ae9f795d1cbe86 Author: Jouni Malinen <j@w1.fi> Date: Sun Feb 5 13:52:43 2017 +0200 Set EAPOL-Key Key Length field to 0 for group message 1/2 in RSN P802.11i/D3.0 described the Key Length as having value 16 for the group key handshake. However, this was changed to 0 in the published IEEE Std 802.11i-2004 amendment (and still remains 0 in the current standard IEEE Std 802.11-2016). We need to maintain the non-zero value for WPA (v1) cases, but the RSN case can be changed to 0 to be closer to the current standard.
2024-11-26 10:39:23 +01:00 · 2017-02-08 01:38:43 +01:00 · 2017-02-08 01:38:43 +01:00 · 1e70af0179
commit 1e70af0179
parent 2756f24f0e
1 changed files with 6 additions and 1 deletions
--- a/src/eapol.c
+++ b/src/eapol.c
@ -557,8 +557,13 @@ bool eapol_verify_gtk_1_of_2(const struct eapol_key *ek, bool is_wpa)
 	if (!ek->encrypted_key_data && !is_wpa)
 		return false;

+	/*
+	 * Key Length should be 16 for WPA (P802.11i/D3.0) but since
+	 * 802.11i-2004 there's inconsistency in the field's value and
+	 * both 16 and 0 are in use.
+	 */
 	key_len = L_BE16_TO_CPU(ek->key_length);
-	if (key_len == 0)
+	if (is_wpa && key_len != 16)
 		return false;

 	VERIFY_IS_ZERO(ek->reserved);