mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-11-26 10:39:23 +01:00
eapol: allow FILS GTK handshake
The GTK handshake for FILS uses AES-SIV to encrypt the key data, and does away with the MIC completely. Now, when finalizing the 2/2 GTK packet we check the MIC length, and if zero we assume FILS is being used and we use AES-SIV to encrypt the key data. For FILS, there is no actual data being encrypted for GTK 2/2 (hence why the input data length is zero). This results in only the SIV being generated, which essentially serves the same purpose as a MIC.
This commit is contained in:
parent
a6640f1b7a
commit
c21f3cd2a4
20
src/eapol.c
20
src/eapol.c
@ -1788,14 +1788,34 @@ static void eapol_handle_gtk_1_of_2(struct eapol_sm *sm,
|
||||
|
||||
kck = handshake_state_get_kck(sm->handshake);
|
||||
|
||||
if (sm->mic_len) {
|
||||
if (!eapol_calculate_mic(sm->handshake->akm_suite, kck,
|
||||
step2, mic, sm->mic_len)) {
|
||||
l_debug("MIC calculation failed");
|
||||
l_free(step2);
|
||||
handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
|
||||
return;
|
||||
}
|
||||
|
||||
memcpy(EAPOL_KEY_MIC(step2), mic, sm->mic_len);
|
||||
} else {
|
||||
uint8_t encr[16];
|
||||
struct iovec ad[1];
|
||||
|
||||
ad[0].iov_base = step2;
|
||||
ad[0].iov_len = EAPOL_KEY_DATA(step2, 0) - (uint8_t *)step2;
|
||||
|
||||
if (!aes_siv_encrypt(handshake_state_get_kek(sm->handshake), 32,
|
||||
EAPOL_KEY_DATA(step2, 0), 0, ad, 1, encr)) {
|
||||
l_debug("AES-SIV encryption failed");
|
||||
l_free(step2);
|
||||
handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
|
||||
return;
|
||||
}
|
||||
|
||||
memcpy(EAPOL_KEY_DATA(step2, 0), encr, 16);
|
||||
}
|
||||
|
||||
eapol_sm_write(sm, (struct eapol_frame *) step2, false);
|
||||
l_free(step2);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user