mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2025-01-12 11:02:37 +01:00
eapol: Use the require_handshake flag for FILS
In both FT or FILS EAPoL isn't used for the initial handshake and only for the later re-keys. For FT we added the eapol_sm_set_require_handshake mechanism to tell EAPoL to not require the initial handshake and we can re-use it for FILS.
This commit is contained in:
parent
a95cd4f0fa
commit
69259b3a3f
10
src/eapol.c
10
src/eapol.c
@ -2399,16 +2399,6 @@ bool eapol_start(struct eapol_sm *sm)
|
||||
|
||||
sm->started = true;
|
||||
|
||||
/*
|
||||
* FILS only uses the 4-way for rekeys, so only started needs to be set,
|
||||
* then we wait for a rekey.
|
||||
*/
|
||||
if (sm->handshake->akm_suite & (IE_RSN_AKM_SUITE_FILS_SHA256 |
|
||||
IE_RSN_AKM_SUITE_FILS_SHA384 |
|
||||
IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384 |
|
||||
IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256))
|
||||
return true;
|
||||
|
||||
if (sm->require_handshake)
|
||||
sm->timeout = l_timeout_create(eapol_4way_handshake_time,
|
||||
eapol_timeout, sm, NULL);
|
||||
|
16
src/netdev.c
16
src/netdev.c
@ -2071,6 +2071,12 @@ static void netdev_associate_event(struct l_genl_msg *msg,
|
||||
if (netdev->ap) {
|
||||
ret = auth_proto_rx_associate(netdev->ap, frame, frame_len);
|
||||
if (ret == 0) {
|
||||
bool fils = !!(netdev->handshake->akm_suite &
|
||||
(IE_RSN_AKM_SUITE_FILS_SHA256 |
|
||||
IE_RSN_AKM_SUITE_FILS_SHA384 |
|
||||
IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384 |
|
||||
IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256));
|
||||
|
||||
auth_proto_free(netdev->ap);
|
||||
netdev->ap = NULL;
|
||||
|
||||
@ -2081,15 +2087,15 @@ static void netdev_associate_event(struct l_genl_msg *msg,
|
||||
netdev->ignore_connect_event = false;
|
||||
|
||||
/*
|
||||
* If in FT we need to prevent the 4-way handshake from
|
||||
* happening, and instead just wait for rekeys
|
||||
* If in FT and/or FILS we don't force an initial 4-way
|
||||
* handshake and instead just keep the EAPoL state
|
||||
* machine for the rekeys.
|
||||
*/
|
||||
if (netdev->in_ft) {
|
||||
if (netdev->in_ft || fils)
|
||||
eapol_sm_set_require_handshake(netdev->sm,
|
||||
false);
|
||||
netdev->in_ft = false;
|
||||
}
|
||||
|
||||
netdev->in_ft = false;
|
||||
return;
|
||||
} else if (ret == -EAGAIN) {
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user