mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-30 06:02:39 +01:00
eapol: Sanity check wpa_key_id field a bit more
This commit is contained in:
parent
9793054a0a
commit
619448cacc
25
src/eapol.c
25
src/eapol.c
@ -264,6 +264,9 @@ bool eapol_verify_ptk_1_of_4(const struct eapol_key *ek)
|
|||||||
if (ek->encrypted_key_data)
|
if (ek->encrypted_key_data)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
if (ek->wpa_key_id)
|
||||||
|
return false;
|
||||||
|
|
||||||
VERIFY_IS_ZERO(ek->eapol_key_iv);
|
VERIFY_IS_ZERO(ek->eapol_key_iv);
|
||||||
VERIFY_IS_ZERO(ek->key_rsc);
|
VERIFY_IS_ZERO(ek->key_rsc);
|
||||||
VERIFY_IS_ZERO(ek->reserved);
|
VERIFY_IS_ZERO(ek->reserved);
|
||||||
@ -294,6 +297,9 @@ bool eapol_verify_ptk_2_of_4(const struct eapol_key *ek)
|
|||||||
if (ek->encrypted_key_data)
|
if (ek->encrypted_key_data)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
if (ek->wpa_key_id)
|
||||||
|
return false;
|
||||||
|
|
||||||
key_len = L_BE16_TO_CPU(ek->key_length);
|
key_len = L_BE16_TO_CPU(ek->key_length);
|
||||||
if (key_len != 0)
|
if (key_len != 0)
|
||||||
return false;
|
return false;
|
||||||
@ -334,6 +340,9 @@ bool eapol_verify_ptk_3_of_4(const struct eapol_key *ek, bool is_wpa)
|
|||||||
if (!ek->encrypted_key_data && !is_wpa)
|
if (!ek->encrypted_key_data && !is_wpa)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
if (ek->wpa_key_id)
|
||||||
|
return false;
|
||||||
|
|
||||||
key_len = L_BE16_TO_CPU(ek->key_length);
|
key_len = L_BE16_TO_CPU(ek->key_length);
|
||||||
if (key_len != 16)
|
if (key_len != 16)
|
||||||
return false;
|
return false;
|
||||||
@ -370,6 +379,9 @@ bool eapol_verify_ptk_4_of_4(const struct eapol_key *ek, bool is_wpa)
|
|||||||
if (ek->encrypted_key_data)
|
if (ek->encrypted_key_data)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
if (ek->wpa_key_id)
|
||||||
|
return false;
|
||||||
|
|
||||||
key_len = L_BE16_TO_CPU(ek->key_length);
|
key_len = L_BE16_TO_CPU(ek->key_length);
|
||||||
if (key_len != 0)
|
if (key_len != 0)
|
||||||
return false;
|
return false;
|
||||||
@ -424,7 +436,18 @@ bool eapol_verify_gtk_1_of_2(const struct eapol_key *ek, bool is_wpa)
|
|||||||
EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_SHA1_AES)
|
EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_SHA1_AES)
|
||||||
VERIFY_IS_ZERO(ek->eapol_key_iv);
|
VERIFY_IS_ZERO(ek->eapol_key_iv);
|
||||||
|
|
||||||
/* Key ID shall not be 0 */
|
/*
|
||||||
|
* WPA_80211_v3_1, Section 2.2.4:
|
||||||
|
* "Key Index (bits 4 and 5): specifies the key id of the temporal
|
||||||
|
* key of the key derived from the message. The value of this shall be
|
||||||
|
* zero (0) if the value of Key Type (bit 4) is Pairwise (1). The Key
|
||||||
|
* Type and Key Index shall not both be 0 in the same message.
|
||||||
|
*
|
||||||
|
* Group keys shall not use key id 0. This means that key ids 1 to 3
|
||||||
|
* are available to be used to identify Group keys. This document
|
||||||
|
* recommends that implementations reserve key ids 1 and 2 for Group
|
||||||
|
* Keys, and that key id 3 is not used.
|
||||||
|
*/
|
||||||
if (is_wpa && !ek->wpa_key_id)
|
if (is_wpa && !ek->wpa_key_id)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user