From 733679ff7ff6f8a9260193e875d75d29c8785943 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Thu, 25 Apr 2019 12:52:46 -0700 Subject: [PATCH] eapol: Update _verify_ptk_3_of_4 to work with no MIC A similar change was made to _verify_gtk_1_of_2 in order for verification to work when no MIC is being used (FILS rekeys) --- src/eapol.c | 7 ++++--- src/eapol.h | 3 ++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/eapol.c b/src/eapol.c index 39dfc581..caf8710f 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -478,7 +478,8 @@ bool eapol_verify_ptk_2_of_4(const struct eapol_key *ek) return true; } -bool eapol_verify_ptk_3_of_4(const struct eapol_key *ek, bool is_wpa) +bool eapol_verify_ptk_3_of_4(const struct eapol_key *ek, bool is_wpa, + size_t mic_len) { uint16_t key_len; @@ -497,7 +498,7 @@ bool eapol_verify_ptk_3_of_4(const struct eapol_key *ek, bool is_wpa) if (!ek->key_ack) return false; - if (!ek->key_mic) + if (mic_len && !ek->key_mic) return false; if (ek->secure != !is_wpa) @@ -1449,7 +1450,7 @@ static void eapol_handle_ptk_3_of_4(struct eapol_sm *sm, l_debug("ifindex=%u", sm->handshake->ifindex); - if (!eapol_verify_ptk_3_of_4(ek, sm->handshake->wpa_ie)) { + if (!eapol_verify_ptk_3_of_4(ek, sm->handshake->wpa_ie, sm->mic_len)) { handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED); return; } diff --git a/src/eapol.h b/src/eapol.h index 1cf2e3ea..1344774d 100644 --- a/src/eapol.h +++ b/src/eapol.h @@ -63,7 +63,8 @@ uint8_t *eapol_decrypt_key_data(enum ie_rsn_akm_suite akm, const uint8_t *kek, bool eapol_verify_ptk_1_of_4(const struct eapol_key *ek, size_t mic_len); bool eapol_verify_ptk_2_of_4(const struct eapol_key *ek); -bool eapol_verify_ptk_3_of_4(const struct eapol_key *ek, bool is_wpa); +bool eapol_verify_ptk_3_of_4(const struct eapol_key *ek, bool is_wpa, + size_t mic_len); bool eapol_verify_ptk_4_of_4(const struct eapol_key *ek, bool is_wpa); bool eapol_verify_gtk_1_of_2(const struct eapol_key *ek, bool is_wpa, size_t mic_len);