Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

FILS: Add FTE into FILS Authentication frame from AP when using FILS+FT

MDE was already added with RSNE, but FTE needed to be added to the FILS
Authentication frame for the FT initial mobility domain association
using FILS authentication case.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 8 years ago
parent
af3e362fa7
commit
5db997e343
3 changed files with 30 additions and 5 deletions
Split View Show Diff Stats
  1. 16 5
      src/ap/ieee802_11.c
  2. 12 0
      src/ap/wpa_auth.c
  3. 2 0
      src/ap/wpa_auth.h

+ 16 - 5
src/ap/ieee802_11.c
View File 

@@ -1140,9 +1140,6 @@ static void handle_auth_fils(struct hostapd_data *hapd, struct sta_info *sta,
 
 	if (resp != WLAN_STATUS_SUCCESS)
 
 		goto fail;
 
 
-	/* TODO: MDE when using FILS+FT */
 
-	/* TODO: FTE when using FILS+FT */
 
-
 
 	if (!elems.fils_nonce) {
 
 		wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field");
 
 		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
 
@@ -1305,8 +1302,22 @@ static void handle_auth_fils_finish(struct hostapd_data *hapd,
 
 	/* RSNE */
 
 	wpabuf_put_data(data, ie, ielen);
 
 
-	/* TODO: MDE when using FILS+FT */
 
-	/* TODO: FTE when using FILS+FT */
 
+	/* MDE when using FILS+FT (already included in ie,ielen with RSNE) */
 
+
 
+#ifdef CONFIG_IEEE80211R_AP
 
+	if (wpa_key_mgmt_ft(wpa_auth_sta_key_mgmt(sta->wpa_sm))) {
 
+		/* FTE[R1KH-ID,R0KH-ID] when using FILS+FT */
 
+		int res;
 
+
 
+		res = wpa_auth_write_fte(hapd->wpa_auth, wpabuf_put(data, 0),
 
+					 wpabuf_tailroom(data));
 
+		if (res < 0) {
 
+			resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
 
+			goto fail;
 
+		}
 
+		wpabuf_put(data, res);
 
+	}
 
+#endif /* CONFIG_IEEE80211R_AP */
 
 
 	/* FILS Nonce */
 
 	wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */

+ 12 - 0
src/ap/wpa_auth.c
View File 

@@ -4272,4 +4272,16 @@ wpa_auth_pmksa_get_fils_cache_id(struct wpa_authenticator *wpa_auth,
 
 	return idata.pmksa;
 
 }
 
 
+
 
+#ifdef CONFIG_IEEE80211R_AP
 
+int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, u8 *buf, size_t len)
 
+{
 
+	struct wpa_auth_config *conf = &wpa_auth->conf;
 
+
 
+	return wpa_write_ftie(conf, conf->r0_key_holder,
 
+			      conf->r0_key_holder_len,
 
+			      NULL, NULL, buf, len, NULL, 0);
 
+}
 
+#endif /* CONFIG_IEEE80211R_AP */
 
+
 
 #endif /* CONFIG_FILS */

+ 2 - 0
src/ap/wpa_auth.h
View File 

@@ -375,4 +375,6 @@ int fils_encrypt_assoc(struct wpa_state_machine *sm, u8 *buf,
 
 		       const struct wpabuf *hlp);
 
 int fils_set_tk(struct wpa_state_machine *sm);
 
 
+int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, u8 *buf, size_t len);
 
+
 
 #endif /* WPA_AUTH_H */