3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 04:32:37 +01:00

eapol: add TKIP support in AP mode

Though TKIP is deprecated and insecure its trivial to support it in
AP mode as we already do in station. This is only to allow AP mode
for old hardware that may only support TKIP. If the hardware supports
any higher level cipher that will be chosen automatically.
This commit is contained in:
James Prestwood 2022-10-26 11:56:56 -07:00 committed by Denis Kenzior
parent 98b684b417
commit 5d8b86ff7c

View File

@ -390,11 +390,31 @@ static int eapol_encrypt_key_data(const uint8_t *kek, uint8_t *key_data,
size_t key_data_len,
struct eapol_key *out_frame, size_t mic_len)
{
uint8_t key[32];
bool ret;
switch (out_frame->key_descriptor_version) {
case EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_MD5_ARC4:
/* Not supported */
return -ENOTSUP;
/*
* Not following the spec to generate the IV. The spec outlines
* a procedure where a 32 byte buffer is held and incremented
* each time nonces are created, and the IV comes from this
* buffer. In the end randomizing the IV every time should be
* just as good. This is how we handle the GTK in AP mode.
*/
l_getrandom(out_frame->eapol_key_iv, 16);
memcpy(key, out_frame->eapol_key_iv, 16);
memcpy(key + 16, kek, 16);
ret = arc4_skip(key, 32, 256, key_data, key_data_len,
EAPOL_KEY_DATA(out_frame, mic_len));
explicit_bzero(key, sizeof(key));
if (!ret)
return -ENOTSUP;
break;
case EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_SHA1_AES:
case EAPOL_KEY_DESCRIPTOR_VERSION_AES_128_CMAC_AES:
if (key_data_len < 16 || key_data_len % 8)