eapol: allow FILS PTK rekeys
As with FILS GTK rekeys, the PTK rekeys use AES-SIV to encrypt and do not use a MIC
This commit is contained in:
James Prestwood
Denis Kenzior
parent
83212f9b23
commit
6ac189315a
55
src/eapol.c
55
src/eapol.c
|
|
@ -1219,17 +1219,30 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,
|
||||||
|
|
||||||
kck = handshake_state_get_kck(sm->handshake);
|
kck = handshake_state_get_kck(sm->handshake);
|
||||||
|
|
||||||
if (!eapol_calculate_mic(sm->handshake->akm_suite, kck,
|
if (sm->mic_len) {
|
||||||
step2, mic, sm->mic_len)) {
|
if (!eapol_calculate_mic(sm->handshake->akm_suite, kck,
|
||||||
l_info("MIC calculation failed. "
|
step2, mic, sm->mic_len)) {
|
||||||
"Ensure Kernel Crypto is available.");
|
l_info("MIC calculation failed. "
|
||||||
l_free(step2);
|
"Ensure Kernel Crypto is available.");
|
||||||
handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
|
l_free(step2);
|
||||||
|
handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
|
||||||
|
|
||||||
return;
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy(EAPOL_KEY_MIC(step2), mic, sm->mic_len);
|
||||||
|
} else {
|
||||||
|
if (!eapol_aes_siv_encrypt(
|
||||||
|
handshake_state_get_kek(sm->handshake),
|
||||||
|
handshake_state_get_kek_len(sm->handshake),
|
||||||
|
step2, ies, ies_len)) {
|
||||||
|
l_debug("AES-SIV encryption failed");
|
||||||
|
l_free(step2);
|
||||||
|
handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
|
||||||
|
return;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(EAPOL_KEY_MIC(step2), mic, sm->mic_len);
|
|
||||||
eapol_sm_write(sm, (struct eapol_frame *) step2, false);
|
eapol_sm_write(sm, (struct eapol_frame *) step2, false);
|
||||||
l_free(step2);
|
l_free(step2);
|
||||||
|
|
||||||
|
|
@ -1659,14 +1672,28 @@ retransmit:
|
||||||
kck = handshake_state_get_kck(sm->handshake);
|
kck = handshake_state_get_kck(sm->handshake);
|
||||||
kek = handshake_state_get_kek(sm->handshake);
|
kek = handshake_state_get_kek(sm->handshake);
|
||||||
|
|
||||||
if (!eapol_calculate_mic(sm->handshake->akm_suite, kck,
|
if (sm->mic_len) {
|
||||||
step4, mic, sm->mic_len)) {
|
if (!eapol_calculate_mic(sm->handshake->akm_suite, kck,
|
||||||
l_free(step4);
|
step4, mic, sm->mic_len)) {
|
||||||
handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
|
l_debug("MIC Calculation failed");
|
||||||
return;
|
l_free(step4);
|
||||||
|
handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy(EAPOL_KEY_MIC(step4), mic, sm->mic_len);
|
||||||
|
} else {
|
||||||
|
if (!eapol_aes_siv_encrypt(
|
||||||
|
handshake_state_get_kek(sm->handshake),
|
||||||
|
handshake_state_get_kek_len(sm->handshake),
|
||||||
|
step4, NULL, 0)) {
|
||||||
|
l_debug("AES-SIV encryption failed");
|
||||||
|
l_free(step4);
|
||||||
|
handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
|
||||||
|
return;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(EAPOL_KEY_MIC(step4), mic, sm->mic_len);
|
|
||||||
eapol_sm_write(sm, (struct eapol_frame *) step4, false);
|
eapol_sm_write(sm, (struct eapol_frame *) step4, false);
|
||||||
l_free(step4);
|
l_free(step4);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue