eapol: Rework eapol_decrypt_key_data

802.11 uses AES Key Wrap and RC4 with the first 256 bytes skipped. The IV is also initialized into the RC4 key.
2024-11-22 06:29:23 +01:00 · 2015-02-17 17:39:23 -06:00 · 2015-02-17 17:39:23 -06:00 · 89e4538945
commit 89e4538945
parent 88d4b36663
1 changed files with 36 additions and 11 deletions
--- a/src/eapol.c
+++ b/src/eapol.c
@ -30,6 +30,7 @@
 #include "sha1.h"
 #include "md5.h"
 #include "aes.h"
+#include "arc4.h"
 #include "eapol.h"

 #define VERIFY_IS_ZERO(field)					\
@ -72,33 +73,57 @@ uint8_t *eapol_decrypt_key_data(const uint8_t *kek,
 				const struct eapol_key *frame)
 {
 	size_t key_data_len = L_BE16_TO_CPU(frame->key_data_len);
-	struct l_cipher *cipher;
+	const uint8_t *key_data = frame->key_data;
+	size_t expected_len;
 	uint8_t *buf;
-	bool ret;

 	switch (frame->key_descriptor_version) {
 	case EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_MD5_ARC4:
-		/* TODO: This might require an IV from frame->eapol_key_iv */
-		cipher = l_cipher_new(L_CIPHER_ARC4, kek, 16);
+		expected_len = key_data_len;
 		break;
 	case EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_SHA1_AES:
 	case EAPOL_KEY_DESCRIPTOR_VERSION_AES_128_CMAC_AES:
-		cipher = l_cipher_new(L_CIPHER_AES, kek, 16);
+		expected_len = key_data_len - 8;
 		break;
 	default:
 		return NULL;
 	};

-	buf = l_new(uint8_t, key_data_len);
-	ret = l_cipher_decrypt(cipher, frame->key_data, buf, key_data_len);
-	l_cipher_free(cipher);
+	buf = l_new(uint8_t, expected_len);

-	if (!ret) {
-		l_free(buf);
-		return NULL;
+	switch (frame->key_descriptor_version) {
+	case EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_MD5_ARC4:
+	{
+		uint8_t key[32];
+		bool ret;
+
+		memcpy(key, frame->eapol_key_iv, 16);
+		memcpy(key + 16, kek, 16);
+
+		ret = arc4_skip(key, 32, 256, key_data, key_data_len, buf);
+		memset(key, 0, sizeof(key));
+
+		if (!ret)
+			goto error;
+
+		break;
+	}
+	case EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_SHA1_AES:
+	case EAPOL_KEY_DESCRIPTOR_VERSION_AES_128_CMAC_AES:
+		if (key_data_len < 8 || key_data_len % 8)
+			goto error;
+
+		if (!aes_unwrap(kek, key_data, key_data_len, buf))
+			goto error;
+
+		break;
 	}

 	return buf;
+
+error:
+	l_free(buf);
+	return NULL;
 }

 const struct eapol_key *eapol_key_validate(const uint8_t *frame, size_t len)