3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-25 09:39:25 +01:00

eapol: pass mic_len in gtk 1/2 verify

FILS authentication does away with the MIC, so checking for key_mic
in the eapol key frame does not allow FILS to work. Now we pass in
the mic_len to eapol_verify_gtk_1_of_2, and if it is non-zero we can
check that the MIC is present in the frame.
This commit is contained in:
James Prestwood 2019-04-17 15:16:39 -07:00 committed by Denis Kenzior
parent 82eeef1c29
commit 62e20ca285
3 changed files with 8 additions and 6 deletions

View File

@ -534,7 +534,8 @@ bool eapol_verify_ptk_4_of_4(const struct eapol_key *ek, bool is_wpa)
if (ek->install) \
return false \
bool eapol_verify_gtk_1_of_2(const struct eapol_key *ek, bool is_wpa)
bool eapol_verify_gtk_1_of_2(const struct eapol_key *ek, bool is_wpa,
size_t mic_len)
{
uint16_t key_len;
@ -543,7 +544,7 @@ bool eapol_verify_gtk_1_of_2(const struct eapol_key *ek, bool is_wpa)
if (!ek->key_ack)
return false;
if (!ek->key_mic)
if (mic_len && !ek->key_mic)
return false;
if (!ek->secure)
@ -1683,7 +1684,7 @@ static void eapol_handle_gtk_1_of_2(struct eapol_sm *sm,
size_t igtk_len;
uint8_t igtk_key_index;
if (!eapol_verify_gtk_1_of_2(ek, sm->handshake->wpa_ie)) {
if (!eapol_verify_gtk_1_of_2(ek, sm->handshake->wpa_ie, sm->mic_len)) {
handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
return;
}

View File

@ -65,7 +65,8 @@ bool eapol_verify_ptk_1_of_4(const struct eapol_key *ek, size_t mic_len);
bool eapol_verify_ptk_2_of_4(const struct eapol_key *ek);
bool eapol_verify_ptk_3_of_4(const struct eapol_key *ek, bool is_wpa);
bool eapol_verify_ptk_4_of_4(const struct eapol_key *ek, bool is_wpa);
bool eapol_verify_gtk_1_of_2(const struct eapol_key *ek, bool is_wpa);
bool eapol_verify_gtk_1_of_2(const struct eapol_key *ek, bool is_wpa,
size_t mic_len);
bool eapol_verify_gtk_2_of_2(const struct eapol_key *ek, bool is_wpa);
struct eapol_key *eapol_create_ptk_2_of_4(

View File

@ -1920,7 +1920,7 @@ static void eapol_wpa2_handshake_test(const void *data)
gtk_step1 = eapol_key_validate(eapol_key_data_11,
sizeof(eapol_key_data_11), 16);
assert(gtk_step1);
assert(eapol_verify_gtk_1_of_2(gtk_step1, false));
assert(eapol_verify_gtk_1_of_2(gtk_step1, false, 16));
decrypted_key_data = eapol_decrypt_key_data(IE_RSN_AKM_SUITE_PSK,
ptk + 16, gtk_step1,
@ -2046,7 +2046,7 @@ static void eapol_wpa_handshake_test(const void *data)
gtk_step1 = eapol_key_validate(eapol_key_data_17,
sizeof(eapol_key_data_17), 16);
assert(gtk_step1);
assert(eapol_verify_gtk_1_of_2(gtk_step1, true));
assert(eapol_verify_gtk_1_of_2(gtk_step1, true, 16));
decrypted_key_data = eapol_decrypt_key_data(IE_RSN_AKM_SUITE_PSK,
ptk + 16, gtk_step1,