From 2429ab958d3673258d735bcf48f9f0d79f0e5b93 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Wed, 11 Jan 2023 12:15:35 -0800 Subject: [PATCH] eapol: set secure on message 2/4 properly The second handshake message was hard coded with the secure bit as zero but for rekeys the secure bit should be set to 1. Fix this by changing the 2/4 builder to take a boolean which will set the bit properly. It should be noted that hostapd doesn't check this bit so EAPoL worked just fine, but IWD's checks are more strict. --- src/eapol.c | 12 +++++++----- src/eapol.h | 3 ++- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/eapol.c b/src/eapol.c index 4d4e201d..b3f77637 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -766,11 +766,12 @@ struct eapol_key *eapol_create_ptk_2_of_4( size_t extra_len, const uint8_t *extra_data, bool is_wpa, - size_t mic_len) + size_t mic_len, + bool secure) { - return eapol_create_common(protocol, version, false, key_replay_counter, - snonce, extra_len, extra_data, 1, - is_wpa, mic_len); + return eapol_create_common(protocol, version, secure, + key_replay_counter, snonce, extra_len, + extra_data, 1, is_wpa, mic_len); } struct eapol_key *eapol_create_ptk_4_of_4( @@ -1326,7 +1327,8 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm, ek->key_descriptor_version, L_BE64_TO_CPU(ek->key_replay_counter), sm->handshake->snonce, ies_len, ies, - sm->handshake->wpa_ie, sm->mic_len); + sm->handshake->wpa_ie, sm->mic_len, + sm->rekey); kck = handshake_state_get_kck(sm->handshake); diff --git a/src/eapol.h b/src/eapol.h index 8d8d5252..43dc224d 100644 --- a/src/eapol.h +++ b/src/eapol.h @@ -83,7 +83,8 @@ struct eapol_key *eapol_create_ptk_2_of_4( size_t extra_len, const uint8_t *extra_data, bool is_wpa, - size_t mic_len); + size_t mic_len, + bool secure); struct eapol_key *eapol_create_ptk_4_of_4( enum eapol_protocol_version protocol,