Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-31 01:04:03 -05:00
Code Issues Projects Releases Wiki Activity

FILS: Perform AEAD processing after PTK has been confirmed

Browse Source 
This covers EAPOL-Key frames other than 2/4 that needed special handling
to confirm PTK.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2015-09-03 18:18:53 +03:00 committed by Jouni Malinen
parent 0ab1dd0106
commit 75c8563e05
1 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/ap/wpa_auth.c
View File

@ -37,6 +37,10 @@ static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
static int wpa_sm_step(struct wpa_state_machine *sm);
static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
size_t data_len);
#ifdef CONFIG_FILS
static int wpa_aead_decrypt(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
u8 *buf, size_t buf_len, u16 *_key_data_len);
#endif /* CONFIG_FILS */
static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx);
static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth,
struct wpa_group *group);
@ -1223,6 +1227,15 @@ continue_processing:
"received EAPOL-Key with invalid MIC");
return;
}
#ifdef CONFIG_FILS
if (!mic_len &&
wpa_aead_decrypt(sm, &sm->PTK, data, data_len,
&key_data_length) < 0) {
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
"received EAPOL-Key with invalid MIC");
return;
}
#endif /* CONFIG_FILS */
sm->MICVerified = TRUE;
eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
sm->pending_1_of_4_timeout = 0;
@ -2021,7 +2034,7 @@ static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
#ifdef CONFIG_FILS
static int wpa_aead_decrypt(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
u16 *_key_data_len)
u8 *buf, size_t buf_len, u16 *_key_data_len)
{
struct ieee802_1x_hdr *hdr;
struct wpa_eapol_key *key;
@ -2031,7 +2044,7 @@ static int wpa_aead_decrypt(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
const u8 *aad[1];
size_t aad_len[1];
hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key;
hdr = (struct ieee802_1x_hdr *) buf;
key = (struct wpa_eapol_key *) (hdr + 1);
pos = (u8 *) (key + 1);
key_data_len = WPA_GET_BE16(pos);
@ -2049,8 +2062,8 @@ static int wpa_aead_decrypt(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
/* AES-SIV AAD from EAPOL protocol version field (inclusive) to
* to Key Data (exclusive). */
aad[0] = sm->last_rx_eapol_key;
aad_len[0] = pos - sm->last_rx_eapol_key;
aad[0] = buf;
aad_len[0] = pos - buf;
if (aes_siv_decrypt(ptk->kek, ptk->kek_len, pos, key_data_len,
1, aad, aad_len, tmp) < 0) {
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
@ -2125,7 +2138,9 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
}
#ifdef CONFIG_FILS
if (!mic_len && wpa_aead_decrypt(sm, &PTK, NULL) == 0) {
if (!mic_len &&
wpa_aead_decrypt(sm, &PTK, sm->last_rx_eapol_key,
sm->last_rx_eapol_key_len, NULL) == 0) {
ok = 1;
break;
}