mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-01 15:49:49 +01:00
eapol: add common function for AES-SIV
To avoid duplicate code in PTK/GTK rekeys a common function was added which performs the encryption in place in the key frame.
This commit is contained in:
parent
2fd755c285
commit
4f7d7684a3
32
src/eapol.c
32
src/eapol.c
@ -61,6 +61,25 @@ uint32_t next_frame_watch_id;
|
|||||||
|
|
||||||
#define MIC_MAXLEN 32
|
#define MIC_MAXLEN 32
|
||||||
|
|
||||||
|
static bool eapol_aes_siv_encrypt(const uint8_t *kek, size_t kek_len,
|
||||||
|
struct eapol_key *frame,
|
||||||
|
const uint8_t *data, size_t len)
|
||||||
|
{
|
||||||
|
uint8_t encr[16 + len];
|
||||||
|
struct iovec ad[1];
|
||||||
|
|
||||||
|
ad[0].iov_base = frame;
|
||||||
|
ad[0].iov_len = EAPOL_KEY_DATA(frame, 0) - (uint8_t *)frame;
|
||||||
|
|
||||||
|
if (!aes_siv_encrypt(kek, kek_len, EAPOL_KEY_DATA(frame, 0),
|
||||||
|
len, ad, 1, encr))
|
||||||
|
return false;
|
||||||
|
|
||||||
|
memcpy(EAPOL_KEY_DATA(frame, 0), encr, sizeof(encr));
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* MIC calculation depends on the selected hash function. The has function
|
* MIC calculation depends on the selected hash function. The has function
|
||||||
* is given in the EAPoL Key Descriptor Version field.
|
* is given in the EAPoL Key Descriptor Version field.
|
||||||
@ -1801,22 +1820,15 @@ static void eapol_handle_gtk_1_of_2(struct eapol_sm *sm,
|
|||||||
|
|
||||||
memcpy(EAPOL_KEY_MIC(step2), mic, sm->mic_len);
|
memcpy(EAPOL_KEY_MIC(step2), mic, sm->mic_len);
|
||||||
} else {
|
} else {
|
||||||
uint8_t encr[16];
|
if (!eapol_aes_siv_encrypt(
|
||||||
struct iovec ad[1];
|
handshake_state_get_kek(sm->handshake),
|
||||||
|
|
||||||
ad[0].iov_base = step2;
|
|
||||||
ad[0].iov_len = EAPOL_KEY_DATA(step2, 0) - (uint8_t *)step2;
|
|
||||||
|
|
||||||
if (!aes_siv_encrypt(handshake_state_get_kek(sm->handshake),
|
|
||||||
handshake_state_get_kek_len(sm->handshake),
|
handshake_state_get_kek_len(sm->handshake),
|
||||||
EAPOL_KEY_DATA(step2, 0), 0, ad, 1, encr)) {
|
step2, NULL, 0)) {
|
||||||
l_debug("AES-SIV encryption failed");
|
l_debug("AES-SIV encryption failed");
|
||||||
l_free(step2);
|
l_free(step2);
|
||||||
handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
|
handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(EAPOL_KEY_DATA(step2, 0), encr, 16);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
eapol_sm_write(sm, (struct eapol_frame *) step2, false);
|
eapol_sm_write(sm, (struct eapol_frame *) step2, false);
|
||||||
|
Loading…
Reference in New Issue
Block a user