DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Add Key Length field into IGTK sub-element (FTIE) per 802.11w/D7.0

Browse source
This commit is contained in:
Jouni Malinen 2008-12-26 12:49:15 +02:00
parent 45c94154a6
commit ff89afb77b
2 changed files with 13 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
hostapd/wpa_ft.c
View file

@ -444,8 +444,9 @@ static u8 * wpa_ft_igtk_subelem(struct wpa_state_machine *sm, size_t *len)
struct wpa_group *gsm = sm->group; struct wpa_group *gsm = sm->group;
size_t subelem_len; size_t subelem_len;
/* Sub-elem ID[1] | Length[1] | KeyID[2] | PN[6] | Key[16+8] */ /* Sub-elem ID[1] | Length[1] | KeyID[2] | IPN[6] | Key Length[1] |
subelem_len = 1 + 1 + 2 + 6 + WPA_IGTK_LEN + 8; * Key[16+8] */
subelem_len = 1 + 1 + 2 + 6 + 1 + WPA_IGTK_LEN + 8;
subelem = os_zalloc(subelem_len); subelem = os_zalloc(subelem_len);
if (subelem == NULL) if (subelem == NULL)
return NULL; return NULL;
@ -457,6 +458,7 @@ static u8 * wpa_ft_igtk_subelem(struct wpa_state_machine *sm, size_t *len)
pos += 2; pos += 2;
wpa_auth_get_seqnum_igtk(sm->wpa_auth, NULL, gsm->GN_igtk, pos); wpa_auth_get_seqnum_igtk(sm->wpa_auth, NULL, gsm->GN_igtk, pos);
pos += 6; pos += 6;
*pos++ = WPA_IGTK_LEN;
if (aes_wrap(sm->PTK.kek, WPA_IGTK_LEN / 8, if (aes_wrap(sm->PTK.kek, WPA_IGTK_LEN / 8,
gsm->IGTK[gsm->GN_igtk - 4], pos)) { gsm->IGTK[gsm->GN_igtk - 4], pos)) {
os_free(subelem); os_free(subelem);

12
src/rsn_supp/wpa_ft.c
View file

@ -692,18 +692,24 @@ static int wpa_ft_process_igtk_subelem(struct wpa_sm *sm, const u8 *igtk_elem,
wpa_hexdump_key(MSG_DEBUG, "FT: Received IGTK in Reassoc Resp", wpa_hexdump_key(MSG_DEBUG, "FT: Received IGTK in Reassoc Resp",
igtk_elem, igtk_elem_len); igtk_elem, igtk_elem_len);
if (igtk_elem_len != 2 + 6 + 24) { if (igtk_elem_len != 2 + 6 + 1 + WPA_IGTK_LEN + 8) {
wpa_printf(MSG_DEBUG, "FT: Invalid IGTK sub-elem " wpa_printf(MSG_DEBUG, "FT: Invalid IGTK sub-elem "
"length %lu", (unsigned long) igtk_elem_len); "length %lu", (unsigned long) igtk_elem_len);
return -1; return -1;
} }
if (aes_unwrap(sm->ptk.kek, WPA_IGTK_LEN / 8, igtk_elem + 8, igtk)) { if (igtk_elem[8] != WPA_IGTK_LEN) {
wpa_printf(MSG_DEBUG, "FT: Invalid IGTK sub-elem Key Length "
"%d", igtk_elem[8]);
return -1;
}
if (aes_unwrap(sm->ptk.kek, WPA_IGTK_LEN / 8, igtk_elem + 9, igtk)) {
wpa_printf(MSG_WARNING, "FT: AES unwrap failed - could not " wpa_printf(MSG_WARNING, "FT: AES unwrap failed - could not "
"decrypt IGTK"); "decrypt IGTK");
return -1; return -1;
} }
/* KeyID[2] | PN[6] | Key[16+8] */ /* KeyID[2] | IPN[6] | Key Length[1] | Key[16+8] */
keyidx = WPA_GET_LE16(igtk_elem); keyidx = WPA_GET_LE16(igtk_elem);