jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

RSN: Pass full PTK to wpa_eapol_key_send() instead of KCK only

Browse source 
This will be needed to be able to implement AEAD cipher support from
FILS that will need to use KEK to protect the frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2015-09-03 12:31:55 +03:00 committed by Jouni Malinen
parent b986648389
commit 1049af7e03
3 changed files with 25 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/rsn_supp/peerkey.c
View file

@ -113,8 +113,8 @@ static int wpa_supplicant_send_smk_error(struct wpa_sm *sm, const u8 *dst,
"(mui %d error_type %d)", mui, error_type);
}
wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, dst,
ETH_P_EAPOL, rbuf, rlen, mic);
wpa_eapol_key_send(sm, &sm->ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
mic);
return 0;
}
@ -166,8 +166,8 @@ static int wpa_supplicant_send_smk_m3(struct wpa_sm *sm,
wpa_add_kde(pos, RSN_KEY_DATA_NONCE, peerkey->inonce, WPA_NONCE_LEN);
wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key SMK M3");
wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, src_addr,
ETH_P_EAPOL, rbuf, rlen, mic);
wpa_eapol_key_send(sm, &sm->ptk, ver, src_addr, ETH_P_EAPOL, rbuf, rlen,
mic);
return 0;
}
@ -370,7 +370,7 @@ static void wpa_supplicant_send_stk_1_of_4(struct wpa_sm *sm,
wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 1/4 to " MACSTR,
MAC2STR(peerkey->addr));
wpa_eapol_key_send(sm, NULL, 0, ver, peerkey->addr, ETH_P_EAPOL,
wpa_eapol_key_send(sm, NULL, ver, peerkey->addr, ETH_P_EAPOL,
mbuf, mlen, NULL);
}
@ -426,8 +426,8 @@ static void wpa_supplicant_send_stk_3_of_4(struct wpa_sm *sm,
wpa_printf(MSG_DEBUG, "RSN: Sending EAPOL-Key STK 3/4 to " MACSTR,
MAC2STR(peerkey->addr));
wpa_eapol_key_send(sm, peerkey->stk.kck, peerkey->stk.kck_len, ver,
peerkey->addr, ETH_P_EAPOL, mbuf, mlen, mic);
wpa_eapol_key_send(sm, &peerkey->stk, ver, peerkey->addr, ETH_P_EAPOL,
mbuf, mlen, mic);
}
@ -1087,8 +1087,8 @@ int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer)
wpa_printf(MSG_INFO, "RSN: Sending EAPOL-Key SMK M1 Request (peer "
MACSTR ")", MAC2STR(peer));
wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid,
ETH_P_EAPOL, rbuf, rlen, mic);
wpa_eapol_key_send(sm, &sm->ptk, ver, bssid, ETH_P_EAPOL, rbuf, rlen,
mic);
peerkey->next = sm->peerkey;
sm->peerkey = peerkey;

30
src/rsn_supp/wpa.c
View file

@ -30,8 +30,7 @@ static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
/**
* wpa_eapol_key_send - Send WPA/RSN EAPOL-Key message
* @sm: Pointer to WPA state machine data from wpa_sm_init()
* @kck: Key Confirmation Key (KCK, part of PTK)
* @kck_len: KCK length in octets
* @ptk: PTK for Key Confirmation/Encryption Key
* @ver: Version field from Key Info
* @dest: Destination address for the frame
* @proto: Ethertype (usually ETH_P_EAPOL)
@ -40,7 +39,7 @@ static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
* @key_mic: Pointer to the buffer to which the EAPOL-Key MIC is written
* Returns: >= 0 on success, < 0 on failure
*/
int wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
int wpa_eapol_key_send(struct wpa_sm *sm, struct wpa_ptk *ptk,
int ver, const u8 *dest, u16 proto,
u8 *msg, size_t msg_len, u8 *key_mic)
{
@ -64,15 +63,16 @@ int wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
MAC2STR(dest));
}
}
if (key_mic && mic_len &&
wpa_eapol_key_mic(kck, kck_len, sm->key_mgmt, ver, msg, msg_len,
key_mic)) {
if (key_mic && mic_len && ptk &&
wpa_eapol_key_mic(ptk->kck, ptk->kck_len, sm->key_mgmt, ver, msg,
msg_len, key_mic)) {
wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
"WPA: Failed to generate EAPOL-Key version %d key_mgmt 0x%x MIC",
ver, sm->key_mgmt);
goto out;
}
wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", kck, kck_len);
if (ptk)
wpa_hexdump_key(MSG_DEBUG, "WPA: KCK", ptk->kck, ptk->kck_len);
wpa_hexdump(MSG_DEBUG, "WPA: Derived Key MIC", key_mic, mic_len);
wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
ret = wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
@ -153,8 +153,8 @@ void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
"WPA: Sending EAPOL-Key Request (error=%d "
"pairwise=%d ptk_set=%d len=%lu)",
error, pairwise, sm->ptk_set, (unsigned long) rlen);
wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, bssid,
ETH_P_EAPOL, rbuf, rlen, key_mic);
wpa_eapol_key_send(sm, &sm->ptk, ver, bssid, ETH_P_EAPOL, rbuf, rlen,
key_mic);
}
@ -415,8 +415,8 @@ int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
return wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst,
ETH_P_EAPOL, rbuf, rlen, key_mic);
return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
key_mic);
}
@ -1169,8 +1169,8 @@ int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
WPA_PUT_BE16(key_mic + mic_len, 0);
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
return wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst,
ETH_P_EAPOL, rbuf, rlen, key_mic);
return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
key_mic);
}
@ -1475,8 +1475,8 @@ static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
WPA_PUT_BE16(key_mic + mic_len, 0);
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
return wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver,
sm->bssid, ETH_P_EAPOL, rbuf, rlen, key_mic);
return wpa_eapol_key_send(sm, &sm->ptk, ver, sm->bssid, ETH_P_EAPOL,
rbuf, rlen, key_mic);
}

2
src/rsn_supp/wpa_i.h
View file

@ -353,7 +353,7 @@ static inline int wpa_sm_key_mgmt_set_pmk(struct wpa_sm *sm,
return sm->ctx->key_mgmt_set_pmk(sm->ctx->ctx, pmk, pmk_len);
}
int wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len,
int wpa_eapol_key_send(struct wpa_sm *sm, struct wpa_ptk *ptk,
int ver, const u8 *dest, u16 proto,
u8 *msg, size_t msg_len, u8 *key_mic);
int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,