Kernel/iwd
3
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-22 14:39:39 +01:00
Code Releases Activity

eapol: netdev: allow rekeys using FT-FILS

Browse Source 
Rekeying was overlooked when implementing FT-FILS and there were
many places where the AKM was never checked and the rekey was
failing.
This commit is contained in:
James Prestwood 2021-09-28 15:25:53 -07:00 committed by Denis Kenzior
parent 183a7a18a9
commit e6340996d7
2 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/eapol.c
View File

@ -231,6 +231,11 @@ static size_t eapol_get_mic_length(enum ie_rsn_akm_suite akm, size_t pmk_len)
l_error("Invalid PMK length of %zu for OWE", pmk_len); l_error("Invalid PMK length of %zu for OWE", pmk_len);
return 0; return 0;
} }
case IE_RSN_AKM_SUITE_FILS_SHA256:
case IE_RSN_AKM_SUITE_FILS_SHA384:
case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256:
case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384:
return 0;
default: default:
return 16; return 16;
} }
@ -254,6 +259,8 @@ uint8_t *eapol_decrypt_key_data(enum ie_rsn_akm_suite akm, const uint8_t *kek,
switch (akm) { switch (akm) {
case IE_RSN_AKM_SUITE_FILS_SHA256: case IE_RSN_AKM_SUITE_FILS_SHA256:
case IE_RSN_AKM_SUITE_FILS_SHA384: case IE_RSN_AKM_SUITE_FILS_SHA384:
case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256:
case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384:
if (key_data_len < 16) if (key_data_len < 16)
return NULL; return NULL;
@ -329,13 +336,16 @@ uint8_t *eapol_decrypt_key_data(enum ie_rsn_akm_suite akm, const uint8_t *kek,
break; break;
case IE_RSN_AKM_SUITE_FILS_SHA256: case IE_RSN_AKM_SUITE_FILS_SHA256:
case IE_RSN_AKM_SUITE_FILS_SHA384: case IE_RSN_AKM_SUITE_FILS_SHA384:
case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256:
case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384:
{ {
struct iovec ad[1]; struct iovec ad[1];
ad[0].iov_base = (void *)frame; ad[0].iov_base = (void *)frame;
ad[0].iov_len = key_data - (const uint8_t *)frame; ad[0].iov_len = key_data - (const uint8_t *)frame;
if (akm == IE_RSN_AKM_SUITE_FILS_SHA256) if (akm == IE_RSN_AKM_SUITE_FILS_SHA256 || akm ==
IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256)
kek_len = 32; kek_len = 32;
else else
kek_len = 64; kek_len = 64;
@ -1220,10 +1230,7 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,
goto error_unspecified; goto error_unspecified;
} }
if (sm->handshake->akm_suite & if (IE_AKM_IS_FT(sm->handshake->akm_suite)) {
(IE_RSN_AKM_SUITE_FT_OVER_8021X |
IE_RSN_AKM_SUITE_FT_USING_PSK |
IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256)) {
/* /*
* Rebuild the RSNE to include the PMKR1Name and append * Rebuild the RSNE to include the PMKR1Name and append
* MDE + FTE. * MDE + FTE.

5
src/netdev.c
View File

@ -2565,10 +2565,7 @@ process_resp_ies:
netdev->owe_sm = NULL; netdev->owe_sm = NULL;
} }
/* FILS handles its own FT key derivation */ if (fte) {
if (fte && !(netdev->handshake->akm_suite &
(IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 |
IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384))) {
uint32_t kck_len = uint32_t kck_len =
handshake_state_get_kck_len(netdev->handshake); handshake_state_get_kck_len(netdev->handshake);
/* /*