WNM: Do not expose GTK/IGTK in WNM Sleep Mode Response frame in OSEN
Do not include the actual GTK/IGTK value in WNM Sleep Mode Response frame if WNM Sleep Mode is used in OSEN or in a network where use of GTK is disabled. This was already the case for the EAPOL-Key cases of providing GTK/IGTK, but the WNM Sleep Mode exit case was missed. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
b50b8f0429
commit
a998337895
1 changed files with 18 additions and 0 deletions
|
@ -4078,6 +4078,7 @@ void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
|
||||||
|
|
||||||
int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
|
int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
|
||||||
{
|
{
|
||||||
|
struct wpa_auth_config *conf = &sm->wpa_auth->conf;
|
||||||
struct wpa_group *gsm = sm->group;
|
struct wpa_group *gsm = sm->group;
|
||||||
u8 *start = pos;
|
u8 *start = pos;
|
||||||
|
|
||||||
|
@ -4096,6 +4097,14 @@ int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
|
||||||
return 0;
|
return 0;
|
||||||
pos += 8;
|
pos += 8;
|
||||||
os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
|
os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
|
||||||
|
if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
|
||||||
|
/*
|
||||||
|
* Provide unique random GTK to each STA to prevent use
|
||||||
|
* of GTK in the BSS.
|
||||||
|
*/
|
||||||
|
if (random_get_bytes(pos, gsm->GTK_len) < 0)
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
pos += gsm->GTK_len;
|
pos += gsm->GTK_len;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
|
wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
|
||||||
|
@ -4109,6 +4118,7 @@ int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
|
||||||
|
|
||||||
int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
|
int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
|
||||||
{
|
{
|
||||||
|
struct wpa_auth_config *conf = &sm->wpa_auth->conf;
|
||||||
struct wpa_group *gsm = sm->group;
|
struct wpa_group *gsm = sm->group;
|
||||||
u8 *start = pos;
|
u8 *start = pos;
|
||||||
size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
|
size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
|
||||||
|
@ -4126,6 +4136,14 @@ int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
|
||||||
pos += 6;
|
pos += 6;
|
||||||
|
|
||||||
os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
|
os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
|
||||||
|
if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
|
||||||
|
/*
|
||||||
|
* Provide unique random IGTK to each STA to prevent use
|
||||||
|
* of IGTK in the BSS.
|
||||||
|
*/
|
||||||
|
if (random_get_bytes(pos, len) < 0)
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
pos += len;
|
pos += len;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
|
wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",
|
||||||
|
|
Loading…
Reference in a new issue