WNM: Do not expose GTK/IGTK in WNM Sleep Mode Response frame in OSEN
Do not include the actual GTK/IGTK value in WNM Sleep Mode Response frame if WNM Sleep Mode is used in OSEN or in a network where use of GTK is disabled. This was already the case for the EAPOL-Key cases of providing GTK/IGTK, but the WNM Sleep Mode exit case was missed. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
b50b8f0429
commit
a998337895
1 changed files with 18 additions and 0 deletions
|
@ -4078,6 +4078,7 @@ void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
|
|||
|
||||
int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
|
||||
{
|
||||
struct wpa_auth_config *conf = &sm->wpa_auth->conf;
|
||||
struct wpa_group *gsm = sm->group;
|
||||
u8 *start = pos;
|
||||
|
||||
|
@ -4096,6 +4097,14 @@ int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
|
|||
return 0;
|
||||
pos += 8;
|
||||
os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
|
||||
if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
|
||||
/*
|
||||
* Provide unique random GTK to each STA to prevent use
|
||||
* of GTK in the BSS.
|
||||
*/
|
||||
if (random_get_bytes(pos, gsm->GTK_len) < 0)
|
||||
return 0;
|
||||
}
|
||||
pos += gsm->GTK_len;
|
||||
|
||||
wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
|
||||
|
@ -4109,6 +4118,7 @@ int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
|
|||
|
||||
int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
|
||||
{
|
||||
struct wpa_auth_config *conf = &sm->wpa_auth->conf;
|
||||
struct wpa_group *gsm = sm->group;
|
||||
u8 *start = pos;
|
||||
size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
|
||||
|
@ -4126,6 +4136,14 @@ int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
|
|||
pos += 6;
|
||||
|
||||
os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
|
||||
if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
|
||||
/*
|
||||
* Provide unique random IGTK to each STA to prevent use
|
||||
* of IGTK in the BSS.
|
||||
*/
|
||||
if (random_get_bytes(pos, len) < 0)
|
||||
return 0;
|
||||
}
|
||||
pos += len;
|
||||
|
||||
wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
|
||||
|
|
Loading…
Reference in a new issue