eapol: pass mic_len in gtk 1/2 verify
FILS authentication does away with the MIC, so checking for key_mic in the eapol key frame does not allow FILS to work. Now we pass in the mic_len to eapol_verify_gtk_1_of_2, and if it is non-zero we can check that the MIC is present in the frame.
This commit is contained in:
James Prestwood
Denis Kenzior
parent
82eeef1c29
commit
62e20ca285
|
|
@ -534,7 +534,8 @@ bool eapol_verify_ptk_4_of_4(const struct eapol_key *ek, bool is_wpa)
|
|||
if (ek->install) \
|
||||
return false \
|
||||
|
||||
bool eapol_verify_gtk_1_of_2(const struct eapol_key *ek, bool is_wpa)
|
||||
bool eapol_verify_gtk_1_of_2(const struct eapol_key *ek, bool is_wpa,
|
||||
size_t mic_len)
|
||||
{
|
||||
uint16_t key_len;
|
||||
|
||||
|
|
@ -543,7 +544,7 @@ bool eapol_verify_gtk_1_of_2(const struct eapol_key *ek, bool is_wpa)
|
|||
if (!ek->key_ack)
|
||||
return false;
|
||||
|
||||
if (!ek->key_mic)
|
||||
if (mic_len && !ek->key_mic)
|
||||
return false;
|
||||
|
||||
if (!ek->secure)
|
||||
|
|
@ -1683,7 +1684,7 @@ static void eapol_handle_gtk_1_of_2(struct eapol_sm *sm,
|
|||
size_t igtk_len;
|
||||
uint8_t igtk_key_index;
|
||||
|
||||
if (!eapol_verify_gtk_1_of_2(ek, sm->handshake->wpa_ie)) {
|
||||
if (!eapol_verify_gtk_1_of_2(ek, sm->handshake->wpa_ie, sm->mic_len)) {
|
||||
handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -65,7 +65,8 @@ bool eapol_verify_ptk_1_of_4(const struct eapol_key *ek, size_t mic_len);
|
|||
bool eapol_verify_ptk_2_of_4(const struct eapol_key *ek);
|
||||
bool eapol_verify_ptk_3_of_4(const struct eapol_key *ek, bool is_wpa);
|
||||
bool eapol_verify_ptk_4_of_4(const struct eapol_key *ek, bool is_wpa);
|
||||
bool eapol_verify_gtk_1_of_2(const struct eapol_key *ek, bool is_wpa);
|
||||
bool eapol_verify_gtk_1_of_2(const struct eapol_key *ek, bool is_wpa,
|
||||
size_t mic_len);
|
||||
bool eapol_verify_gtk_2_of_2(const struct eapol_key *ek, bool is_wpa);
|
||||
|
||||
struct eapol_key *eapol_create_ptk_2_of_4(
|
||||
|
|
|
|||
|
|
@ -1920,7 +1920,7 @@ static void eapol_wpa2_handshake_test(const void *data)
|
|||
gtk_step1 = eapol_key_validate(eapol_key_data_11,
|
||||
sizeof(eapol_key_data_11), 16);
|
||||
assert(gtk_step1);
|
||||
assert(eapol_verify_gtk_1_of_2(gtk_step1, false));
|
||||
assert(eapol_verify_gtk_1_of_2(gtk_step1, false, 16));
|
||||
|
||||
decrypted_key_data = eapol_decrypt_key_data(IE_RSN_AKM_SUITE_PSK,
|
||||
ptk + 16, gtk_step1,
|
||||
|
|
@ -2046,7 +2046,7 @@ static void eapol_wpa_handshake_test(const void *data)
|
|||
gtk_step1 = eapol_key_validate(eapol_key_data_17,
|
||||
sizeof(eapol_key_data_17), 16);
|
||||
assert(gtk_step1);
|
||||
assert(eapol_verify_gtk_1_of_2(gtk_step1, true));
|
||||
assert(eapol_verify_gtk_1_of_2(gtk_step1, true, 16));
|
||||
|
||||
decrypted_key_data = eapol_decrypt_key_data(IE_RSN_AKM_SUITE_PSK,
|
||||
ptk + 16, gtk_step1,
|
||||
|
|
|
|||
Loading…
Reference in New Issue