From 5d8b86ff7c4bb27d071613ed15f56f5e1a768e62 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Wed, 26 Oct 2022 11:56:56 -0700 Subject: [PATCH] eapol: add TKIP support in AP mode Though TKIP is deprecated and insecure its trivial to support it in AP mode as we already do in station. This is only to allow AP mode for old hardware that may only support TKIP. If the hardware supports any higher level cipher that will be chosen automatically. --- src/eapol.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/src/eapol.c b/src/eapol.c index 44ffb220..4a1abd28 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -390,11 +390,31 @@ static int eapol_encrypt_key_data(const uint8_t *kek, uint8_t *key_data, size_t key_data_len, struct eapol_key *out_frame, size_t mic_len) { + uint8_t key[32]; + bool ret; + switch (out_frame->key_descriptor_version) { case EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_MD5_ARC4: - /* Not supported */ - return -ENOTSUP; + /* + * Not following the spec to generate the IV. The spec outlines + * a procedure where a 32 byte buffer is held and incremented + * each time nonces are created, and the IV comes from this + * buffer. In the end randomizing the IV every time should be + * just as good. This is how we handle the GTK in AP mode. + */ + l_getrandom(out_frame->eapol_key_iv, 16); + memcpy(key, out_frame->eapol_key_iv, 16); + memcpy(key + 16, kek, 16); + + ret = arc4_skip(key, 32, 256, key_data, key_data_len, + EAPOL_KEY_DATA(out_frame, mic_len)); + explicit_bzero(key, sizeof(key)); + + if (!ret) + return -ENOTSUP; + + break; case EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_SHA1_AES: case EAPOL_KEY_DESCRIPTOR_VERSION_AES_128_CMAC_AES: if (key_data_len < 16 || key_data_len % 8)