mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
Move cipher suite selection into common helper functions
Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
9aadb8774e
commit
edbd2a191e
@ -564,12 +564,9 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
||||
}
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
|
||||
if (ciphers & WPA_CIPHER_CCMP)
|
||||
sm->pairwise = WPA_CIPHER_CCMP;
|
||||
else if (ciphers & WPA_CIPHER_GCMP)
|
||||
sm->pairwise = WPA_CIPHER_GCMP;
|
||||
else
|
||||
sm->pairwise = WPA_CIPHER_TKIP;
|
||||
sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
|
||||
if (sm->pairwise < 0)
|
||||
return WPA_INVALID_PAIRWISE;
|
||||
|
||||
/* TODO: clear WPA/WPA2 state if STA changes from one to another */
|
||||
if (wpa_ie[0] == WLAN_EID_RSN)
|
||||
|
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* WPA/RSN - Shared functions for supplicant and authenticator
|
||||
* Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2002-2013, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
@ -1214,3 +1214,33 @@ int wpa_cipher_put_suites(u8 *pos, int ciphers)
|
||||
|
||||
return num_suites;
|
||||
}
|
||||
|
||||
|
||||
int wpa_pick_pairwise_cipher(int ciphers, int none_allowed)
|
||||
{
|
||||
if (ciphers & WPA_CIPHER_CCMP)
|
||||
return WPA_CIPHER_CCMP;
|
||||
if (ciphers & WPA_CIPHER_GCMP)
|
||||
return WPA_CIPHER_GCMP;
|
||||
if (ciphers & WPA_CIPHER_TKIP)
|
||||
return WPA_CIPHER_TKIP;
|
||||
if (none_allowed && (ciphers & WPA_CIPHER_NONE))
|
||||
return WPA_CIPHER_NONE;
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
int wpa_pick_group_cipher(int ciphers)
|
||||
{
|
||||
if (ciphers & WPA_CIPHER_CCMP)
|
||||
return WPA_CIPHER_CCMP;
|
||||
if (ciphers & WPA_CIPHER_GCMP)
|
||||
return WPA_CIPHER_GCMP;
|
||||
if (ciphers & WPA_CIPHER_TKIP)
|
||||
return WPA_CIPHER_TKIP;
|
||||
if (ciphers & WPA_CIPHER_WEP104)
|
||||
return WPA_CIPHER_WEP104;
|
||||
if (ciphers & WPA_CIPHER_WEP40)
|
||||
return WPA_CIPHER_WEP40;
|
||||
return -1;
|
||||
}
|
||||
|
@ -1,6 +1,6 @@
|
||||
/*
|
||||
* WPA definitions shared between hostapd and wpa_supplicant
|
||||
* Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2002-2013, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
@ -390,5 +390,7 @@ int wpa_cipher_valid_pairwise(int cipher);
|
||||
u32 wpa_cipher_to_suite(int proto, int cipher);
|
||||
int rsn_cipher_put_suites(u8 *pos, int ciphers);
|
||||
int wpa_cipher_put_suites(u8 *pos, int ciphers);
|
||||
int wpa_pick_pairwise_cipher(int ciphers, int none_allowed);
|
||||
int wpa_pick_group_cipher(int ciphers);
|
||||
|
||||
#endif /* WPA_COMMON_H */
|
||||
|
@ -217,23 +217,17 @@ static int wpa_supplicant_process_smk_m2(
|
||||
return -1;
|
||||
}
|
||||
|
||||
cipher = ie.pairwise_cipher & sm->allowed_pairwise_cipher;
|
||||
if (cipher & WPA_CIPHER_CCMP) {
|
||||
wpa_printf(MSG_DEBUG, "RSN: Using CCMP for PeerKey");
|
||||
cipher = WPA_CIPHER_CCMP;
|
||||
} else if (cipher & WPA_CIPHER_GCMP) {
|
||||
wpa_printf(MSG_DEBUG, "RSN: Using GCMP for PeerKey");
|
||||
cipher = WPA_CIPHER_GCMP;
|
||||
} else if (cipher & WPA_CIPHER_TKIP) {
|
||||
wpa_printf(MSG_DEBUG, "RSN: Using TKIP for PeerKey");
|
||||
cipher = WPA_CIPHER_TKIP;
|
||||
} else {
|
||||
cipher = wpa_pick_pairwise_cipher(ie.pairwise_cipher &
|
||||
sm->allowed_pairwise_cipher, 0);
|
||||
if (cipher < 0) {
|
||||
wpa_printf(MSG_INFO, "RSN: No acceptable cipher in SMK M2");
|
||||
wpa_supplicant_send_smk_error(sm, src_addr, kde.mac_addr,
|
||||
STK_MUI_SMK, STK_ERR_CPHR_NS,
|
||||
ver);
|
||||
return -1;
|
||||
}
|
||||
wpa_printf(MSG_DEBUG, "RSN: Using %s for PeerKey",
|
||||
wpa_cipher_txt(cipher));
|
||||
|
||||
/* TODO: find existing entry and if found, use that instead of adding
|
||||
* a new one; how to handle the case where both ends initiate at the
|
||||
@ -496,17 +490,9 @@ static int wpa_supplicant_process_smk_m5(struct wpa_sm *sm,
|
||||
peerkey->rsnie_p_len = kde->rsn_ie_len;
|
||||
os_memcpy(peerkey->pnonce, kde->nonce, WPA_NONCE_LEN);
|
||||
|
||||
cipher = ie.pairwise_cipher & sm->allowed_pairwise_cipher;
|
||||
if (cipher & WPA_CIPHER_CCMP) {
|
||||
wpa_printf(MSG_DEBUG, "RSN: Using CCMP for PeerKey");
|
||||
peerkey->cipher = WPA_CIPHER_CCMP;
|
||||
} else if (cipher & WPA_CIPHER_GCMP) {
|
||||
wpa_printf(MSG_DEBUG, "RSN: Using GCMP for PeerKey");
|
||||
peerkey->cipher = WPA_CIPHER_GCMP;
|
||||
} else if (cipher & WPA_CIPHER_TKIP) {
|
||||
wpa_printf(MSG_DEBUG, "RSN: Using TKIP for PeerKey");
|
||||
peerkey->cipher = WPA_CIPHER_TKIP;
|
||||
} else {
|
||||
cipher = wpa_pick_pairwise_cipher(ie.pairwise_cipher &
|
||||
sm->allowed_pairwise_cipher, 0);
|
||||
if (cipher < 0) {
|
||||
wpa_printf(MSG_INFO, "RSN: SMK Peer STA " MACSTR " selected "
|
||||
"unacceptable cipher", MAC2STR(kde->mac_addr));
|
||||
wpa_supplicant_send_smk_error(sm, src_addr, kde->mac_addr,
|
||||
@ -515,6 +501,9 @@ static int wpa_supplicant_process_smk_m5(struct wpa_sm *sm,
|
||||
/* TODO: abort negotiation */
|
||||
return -1;
|
||||
}
|
||||
wpa_printf(MSG_DEBUG, "RSN: Using %s for PeerKey",
|
||||
wpa_cipher_txt(cipher));
|
||||
peerkey->cipher = cipher;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -466,15 +466,9 @@ int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s,
|
||||
wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
|
||||
params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
|
||||
|
||||
if (ssid->pairwise_cipher & WPA_CIPHER_CCMP)
|
||||
wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
|
||||
else if (ssid->pairwise_cipher & WPA_CIPHER_GCMP)
|
||||
wpa_s->pairwise_cipher = WPA_CIPHER_GCMP;
|
||||
else if (ssid->pairwise_cipher & WPA_CIPHER_TKIP)
|
||||
wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
|
||||
else if (ssid->pairwise_cipher & WPA_CIPHER_NONE)
|
||||
wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
|
||||
else {
|
||||
wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(ssid->pairwise_cipher,
|
||||
1);
|
||||
if (wpa_s->pairwise_cipher < 0) {
|
||||
wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
|
||||
"cipher.");
|
||||
return -1;
|
||||
|
@ -1033,45 +1033,24 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
|
||||
}
|
||||
|
||||
sel = ie.group_cipher & ssid->group_cipher;
|
||||
if (sel & WPA_CIPHER_CCMP) {
|
||||
wpa_s->group_cipher = WPA_CIPHER_CCMP;
|
||||
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
|
||||
} else if (sel & WPA_CIPHER_GCMP) {
|
||||
wpa_s->group_cipher = WPA_CIPHER_GCMP;
|
||||
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK GCMP");
|
||||
} else if (sel & WPA_CIPHER_TKIP) {
|
||||
wpa_s->group_cipher = WPA_CIPHER_TKIP;
|
||||
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
|
||||
} else if (sel & WPA_CIPHER_WEP104) {
|
||||
wpa_s->group_cipher = WPA_CIPHER_WEP104;
|
||||
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
|
||||
} else if (sel & WPA_CIPHER_WEP40) {
|
||||
wpa_s->group_cipher = WPA_CIPHER_WEP40;
|
||||
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
|
||||
} else {
|
||||
wpa_s->group_cipher = wpa_pick_group_cipher(sel);
|
||||
if (wpa_s->group_cipher < 0) {
|
||||
wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
|
||||
"cipher");
|
||||
return -1;
|
||||
}
|
||||
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
|
||||
wpa_cipher_txt(wpa_s->group_cipher));
|
||||
|
||||
sel = ie.pairwise_cipher & ssid->pairwise_cipher;
|
||||
if (sel & WPA_CIPHER_CCMP) {
|
||||
wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
|
||||
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
|
||||
} else if (sel & WPA_CIPHER_GCMP) {
|
||||
wpa_s->pairwise_cipher = WPA_CIPHER_GCMP;
|
||||
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK GCMP");
|
||||
} else if (sel & WPA_CIPHER_TKIP) {
|
||||
wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
|
||||
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
|
||||
} else if (sel & WPA_CIPHER_NONE) {
|
||||
wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
|
||||
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
|
||||
} else {
|
||||
wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
|
||||
if (wpa_s->pairwise_cipher < 0) {
|
||||
wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
|
||||
"cipher");
|
||||
return -1;
|
||||
}
|
||||
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
|
||||
wpa_cipher_txt(wpa_s->pairwise_cipher));
|
||||
|
||||
sel = ie.key_mgmt & ssid->key_mgmt;
|
||||
#ifdef CONFIG_SAE
|
||||
|
Loading…
Reference in New Issue
Block a user