From 8632b81397ba732cccf62e1c44fdf1f442bb7eed Mon Sep 17 00:00:00 2001 From: Andrew Zaborowski Date: Sat, 22 Sep 2018 18:48:18 +0200 Subject: [PATCH] eapol: Add GTK data to msg 3/4 of the handshake --- src/eapol.c | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/src/eapol.c b/src/eapol.c index 79b26f0e..27a8d4d3 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -1053,8 +1053,11 @@ static void eapol_send_ptk_3_of_4(struct eapol_sm *sm) size_t key_data_len; enum crypto_cipher cipher = ie_rsn_cipher_suite_to_cipher( sm->handshake->pairwise_cipher); + enum crypto_cipher group_cipher = ie_rsn_cipher_suite_to_cipher( + sm->handshake->group_cipher); const struct crypto_ptk *ptk = (struct crypto_ptk *) sm->handshake->ptk; struct ie_rsn_info rsn; + uint8_t *rsne; sm->replay_counter++; @@ -1073,12 +1076,9 @@ static void eapol_send_ptk_3_of_4(struct eapol_sm *sm) ek->key_length = L_CPU_TO_BE16(crypto_cipher_key_len(cipher)); ek->key_replay_counter = L_CPU_TO_BE64(sm->replay_counter); memcpy(ek->key_nonce, sm->handshake->anonce, sizeof(ek->key_nonce)); - /* - * We don't currently handle group traffic, to support that we'd need - * to provide the NL80211_ATTR_KEY_SEQ value from NL80211_CMD_GET_KEY - * here. - */ - l_put_be64(1, ek->key_rsc); + memcpy(ek->key_rsc, sm->handshake->gtk_rsc, 6); + ek->key_rsc[6] = 0; + ek->key_rsc[7] = 0; /* * Just one RSNE in Key Data as we only set one cipher in ap->ciphers @@ -1088,13 +1088,26 @@ static void eapol_send_ptk_3_of_4(struct eapol_sm *sm) memset(&rsn, 0, sizeof(rsn)); rsn.akm_suites = IE_RSN_AKM_SUITE_PSK; rsn.pairwise_ciphers = sm->handshake->pairwise_cipher; - rsn.group_cipher = IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC; + rsn.group_cipher = sm->handshake->group_cipher; - if (!ie_build_rsne(&rsn, key_data_buf)) + rsne = key_data_buf; + if (!ie_build_rsne(&rsn, rsne)) return; + key_data_len = rsne[1] + 2; + + if (group_cipher) { + uint8_t *gtk_kde = key_data_buf + key_data_len; + + handshake_util_build_gtk_kde(group_cipher, + sm->handshake->gtk, + sm->handshake->gtk_index, + gtk_kde); + key_data_len += gtk_kde[1] + 2; + } + if (!eapol_encrypt_key_data(ptk->kek, key_data_buf, - 2 + key_data_buf[1], ek)) + key_data_len, ek)) return; key_data_len = L_BE16_TO_CPU(ek->key_data_len);