mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-23 14:22:36 +01:00
netdev: Clarify the PTK->TK to MIC key mapping
Cite 802.11 in the comments and use nl80211.h constants to map the tx and rx keys correctly.
This commit is contained in:
parent
092ede1147
commit
f659265000
65
src/netdev.c
65
src/netdev.c
@ -1016,25 +1016,31 @@ static void netdev_set_gtk(uint32_t ifindex, uint8_t key_index,
|
|||||||
|
|
||||||
switch (cipher) {
|
switch (cipher) {
|
||||||
case CRYPTO_CIPHER_CCMP:
|
case CRYPTO_CIPHER_CCMP:
|
||||||
|
/*
|
||||||
|
* 802.11-2012 11.7.4 Mapping GTK to CCMP keys:
|
||||||
|
* "A STA shall use the temporal key as the CCMP key."
|
||||||
|
*/
|
||||||
memcpy(gtk_buf, gtk, 16);
|
memcpy(gtk_buf, gtk, 16);
|
||||||
break;
|
break;
|
||||||
case CRYPTO_CIPHER_TKIP:
|
case CRYPTO_CIPHER_TKIP:
|
||||||
/*
|
/*
|
||||||
* Swap the TX and RX MIC key portions for supplicant.
|
* 802.11-2012 11.7.2 Mapping GTK to TKIP keys:
|
||||||
* WPA_80211_v3_1_090922 doc's 3.3.4:
|
* "A STA shall use bits 0-127 of the temporal key as the
|
||||||
* The MIC key used on the Client for transmit (TX) is in
|
* input to the TKIP Phase 1 and Phase 2 mixing functions.
|
||||||
* bytes 24-31, and the MIC key used on the Client for
|
|
||||||
* receive (RX) is in bytes 16-23 of the PTK. That is,
|
|
||||||
* assume that TX MIC and RX MIC referred to in Clause 8.7
|
|
||||||
* are referenced to the Authenticator. Similarly, on the AP,
|
|
||||||
* the MIC used for TX is in bytes 16-23, and the MIC key
|
|
||||||
* used for RX is in bytes 24-31 of the PTK.
|
|
||||||
*
|
*
|
||||||
* Here apply this to the GTK instead of the PTK.
|
* A STA shall use bits 128-191 of the temporal key as
|
||||||
|
* the Michael key for MSDUs from the Authenticator's STA
|
||||||
|
* to the Supplicant's STA.
|
||||||
|
*
|
||||||
|
* A STA shall use bits 192-255 of the temporal key as
|
||||||
|
* the Michael key for MSDUs from the Supplicant's STA
|
||||||
|
* to the Authenticator's STA."
|
||||||
*/
|
*/
|
||||||
memcpy(gtk_buf, gtk, 16);
|
memcpy(gtk_buf + NL80211_TKIP_DATA_OFFSET_ENCR_KEY, gtk, 16);
|
||||||
memcpy(gtk_buf + 16, gtk + 24, 8);
|
memcpy(gtk_buf + NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY,
|
||||||
memcpy(gtk_buf + 24, gtk + 16, 8);
|
gtk + 16, 8);
|
||||||
|
memcpy(gtk_buf + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY,
|
||||||
|
gtk + 24, 8);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
l_error("Unexpected cipher: %x", cipher);
|
l_error("Unexpected cipher: %x", cipher);
|
||||||
@ -1192,23 +1198,32 @@ static void netdev_set_tk(uint32_t ifindex, const uint8_t *aa,
|
|||||||
|
|
||||||
switch (cipher) {
|
switch (cipher) {
|
||||||
case CRYPTO_CIPHER_CCMP:
|
case CRYPTO_CIPHER_CCMP:
|
||||||
|
/*
|
||||||
|
* 802.11-2012 11.7.3 Mapping PTK to CCMP keys:
|
||||||
|
* "A STA shall use the temporal key as the CCMP key
|
||||||
|
* for MPDUs between the two communicating STAs."
|
||||||
|
*/
|
||||||
memcpy(tk_buf, tk, 16);
|
memcpy(tk_buf, tk, 16);
|
||||||
break;
|
break;
|
||||||
case CRYPTO_CIPHER_TKIP:
|
case CRYPTO_CIPHER_TKIP:
|
||||||
/*
|
/*
|
||||||
* Swap the TX and RX MIC key portions for supplicant.
|
* 802.11-2012 11.7.1 Mapping PTK to TKIP keys:
|
||||||
* WPA_80211_v3_1_090922 doc's 3.3.4:
|
* "A STA shall use bits 0-127 of the temporal key as its
|
||||||
* The MIC key used on the Client for transmit (TX) is in
|
* input to the TKIP Phase 1 and Phase 2 mixing functions.
|
||||||
* bytes 24-31, and the MIC key used on the Client for
|
*
|
||||||
* receive (RX) is in bytes 16-23 of the PTK. That is,
|
* A STA shall use bits 128-191 of the temporal key as
|
||||||
* assume that TX MIC and RX MIC referred to in Clause 8.7
|
* the Michael key for MSDUs from the Authenticator's STA
|
||||||
* are referenced to the Authenticator. Similarly, on the AP,
|
* to the Supplicant's STA.
|
||||||
* the MIC used for TX is in bytes 16-23, and the MIC key
|
*
|
||||||
* used for RX is in bytes 24-31 of the PTK.
|
* A STA shall use bits 192-255 of the temporal key as
|
||||||
|
* the Michael key for MSDUs from the Supplicant's STA
|
||||||
|
* to the Authenticator's STA."
|
||||||
*/
|
*/
|
||||||
memcpy(tk_buf, tk, 16);
|
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_ENCR_KEY, tk, 16);
|
||||||
memcpy(tk_buf + 16, tk + 24, 8);
|
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY,
|
||||||
memcpy(tk_buf + 24, tk + 16, 8);
|
tk + 16, 8);
|
||||||
|
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY,
|
||||||
|
tk + 24, 8);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
l_error("Unexpected cipher: %x", cipher);
|
l_error("Unexpected cipher: %x", cipher);
|
||||||
|
Loading…
Reference in New Issue
Block a user