FILS: Fix AES-SIV AAD for (Re)Association Request frame decryption
The hostapd processing of the AES-SIV AAD was incorrect. The design for the AAD changed between P802.11ai/D7.0 and D8.0 from a single vector with concatenated data to separate vectors. The change in the implementation had missed the change in the aes_siv_decrypt() call for the num_elem parameter. This happened to work with the mac80211 implementation due to a similar error there. Fix this by using the correct numbers of vectors in the SIV AAD so that all the vectors get checked. The last vector was also 14 octets too long due to incorrect starting pointer, so fix that as well. The changes here are not backwards compatible, i.e., a similar fix in the Linux mac80211 is needed to make things interoperate again. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
7a6c3de23a
commit
d77f330418
1 changed files with 2 additions and 2 deletions
|
@ -2230,10 +2230,10 @@ int fils_decrypt_assoc(struct wpa_state_machine *sm, const u8 *fils_session,
|
|||
* field to the FILS Session element (both inclusive).
|
||||
*/
|
||||
aad[4] = (const u8 *) &mgmt->u.assoc_req.capab_info;
|
||||
aad_len[4] = crypt - aad[0];
|
||||
aad_len[4] = crypt - aad[4];
|
||||
|
||||
if (aes_siv_decrypt(sm->PTK.kek, sm->PTK.kek_len, crypt, end - crypt,
|
||||
1, aad, aad_len, pos + (crypt - ie_start)) < 0) {
|
||||
5, aad, aad_len, pos + (crypt - ie_start)) < 0) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"FILS: Invalid AES-SIV data in the frame");
|
||||
return -1;
|
||||
|
|
Loading…
Reference in a new issue