mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-11-22 14:49:24 +01:00
eapol: implement rekey support for authenticator
The only changes required was to set the secure bit for message 1, reset the frame retry counter, and change the 2/4 verifier to use the rekey flag rather than ptk_complete. This is because we must set ptk_complete false in order to detect retransmissions of the 4/4 frame. Initiating a rekey can now be done by simply calling eapol_start().
This commit is contained in:
parent
d504b74c61
commit
995c34450e
15
src/eapol.c
15
src/eapol.c
@ -1086,8 +1086,6 @@ static void eapol_send_ptk_1_of_4(struct eapol_sm *sm)
|
|||||||
|
|
||||||
handshake_state_new_anonce(sm->handshake);
|
handshake_state_new_anonce(sm->handshake);
|
||||||
|
|
||||||
sm->handshake->ptk_complete = false;
|
|
||||||
|
|
||||||
sm->replay_counter++;
|
sm->replay_counter++;
|
||||||
|
|
||||||
memset(ek, 0, EAPOL_FRAME_LEN(sm->mic_len));
|
memset(ek, 0, EAPOL_FRAME_LEN(sm->mic_len));
|
||||||
@ -1111,6 +1109,13 @@ static void eapol_send_ptk_1_of_4(struct eapol_sm *sm)
|
|||||||
|
|
||||||
eapol_key_data_append(ek, sm->mic_len, HANDSHAKE_KDE_PMKID, pmkid, 16);
|
eapol_key_data_append(ek, sm->mic_len, HANDSHAKE_KDE_PMKID, pmkid, 16);
|
||||||
|
|
||||||
|
if (sm->handshake->ptk_complete) {
|
||||||
|
sm->rekey = true;
|
||||||
|
sm->handshake->ptk_complete = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
ek->secure = sm->rekey;
|
||||||
|
|
||||||
ek->header.packet_len = L_CPU_TO_BE16(EAPOL_FRAME_LEN(sm->mic_len) +
|
ek->header.packet_len = L_CPU_TO_BE16(EAPOL_FRAME_LEN(sm->mic_len) +
|
||||||
EAPOL_KEY_DATA_LEN(ek, sm->mic_len) - 4);
|
EAPOL_KEY_DATA_LEN(ek, sm->mic_len) - 4);
|
||||||
|
|
||||||
@ -1554,7 +1559,7 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm,
|
|||||||
|
|
||||||
l_debug("ifindex=%u", sm->handshake->ifindex);
|
l_debug("ifindex=%u", sm->handshake->ifindex);
|
||||||
|
|
||||||
if (!eapol_verify_ptk_2_of_4(ek, sm->handshake->ptk_complete))
|
if (!eapol_verify_ptk_2_of_4(ek, sm->rekey))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if (L_BE64_TO_CPU(ek->key_replay_counter) != sm->replay_counter)
|
if (L_BE64_TO_CPU(ek->key_replay_counter) != sm->replay_counter)
|
||||||
@ -2451,6 +2456,8 @@ static void eapol_eap_complete_cb(enum eap_result result, void *user_data)
|
|||||||
|
|
||||||
/* sm->mic_len will have been set in eapol_eap_results_cb */
|
/* sm->mic_len will have been set in eapol_eap_results_cb */
|
||||||
|
|
||||||
|
sm->frame_retry = 0;
|
||||||
|
|
||||||
/* Kick off 4-Way Handshake */
|
/* Kick off 4-Way Handshake */
|
||||||
eapol_ptk_1_of_4_retry(NULL, sm);
|
eapol_ptk_1_of_4_retry(NULL, sm);
|
||||||
}
|
}
|
||||||
@ -2842,6 +2849,8 @@ bool eapol_start(struct eapol_sm *sm)
|
|||||||
if (L_WARN_ON(!sm->handshake->have_pmk))
|
if (L_WARN_ON(!sm->handshake->have_pmk))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
sm->frame_retry = 0;
|
||||||
|
|
||||||
/* Kick off handshake */
|
/* Kick off handshake */
|
||||||
eapol_ptk_1_of_4_retry(NULL, sm);
|
eapol_ptk_1_of_4_retry(NULL, sm);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user