All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2 2/5] eapol: include OCI in GTK 2/2
@ 2021-09-28 22:05 James Prestwood
  0 siblings, 0 replies; only message in thread
From: James Prestwood @ 2021-09-28 22:05 UTC (permalink / raw)
  To: iwd

[-- Attachment #1: Type: text/plain, Size: 2680 bytes --]

---
 src/eapol.c | 24 +++++++++++++++++++++++-
 src/eapol.h |  2 ++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/eapol.c b/src/eapol.c
index 3127e066..9543bced 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -762,6 +762,8 @@ struct eapol_key *eapol_create_gtk_2_of_2(
 				enum eapol_protocol_version protocol,
 				enum eapol_key_descriptor_version version,
 				uint64_t key_replay_counter,
+				size_t extra_len,
+				const uint8_t *extra_data,
 				bool is_wpa, uint8_t wpa_key_id, size_t mic_len)
 {
 	uint8_t snonce[32];
@@ -770,7 +772,8 @@ struct eapol_key *eapol_create_gtk_2_of_2(
 	memset(snonce, 0, sizeof(snonce));
 	step2 = eapol_create_common(protocol, version, true,
 					key_replay_counter, snonce,
-					0, NULL, 0, is_wpa, mic_len);
+					extra_len, extra_data, 0, is_wpa,
+					mic_len);
 
 	if (!step2)
 		return step2;
@@ -2010,6 +2013,8 @@ static void eapol_handle_gtk_1_of_2(struct eapol_sm *sm,
 	uint16_t igtk_key_index;
 	const uint8_t *oci = NULL;
 	size_t oci_len;
+	uint8_t oci_out[9];
+
 
 	l_debug("ifindex=%u", hs->ifindex);
 
@@ -2068,6 +2073,22 @@ static void eapol_handle_gtk_1_of_2(struct eapol_sm *sm,
 	} else
 		igtk = NULL;
 
+	/*
+	 * IEEE 802.11-2020 Section 12.7.7.3
+	 * "If dot11RSNAOperatingChannelValidationActivated is true and
+	 * Supplicant RSNE indicates OCVC capability, the Authenticator silently
+	 * discards message 2 if any of the following are true:
+	 *     - OCI KDE is missing in the message
+	 *     - Channel information in the OCI KDE does not match current
+	 *       operating channel parameters (see 12.2.9)"
+	 */
+	if (sm->handshake->supplicant_ocvc && sm->handshake->chandef) {
+		oci_out[0] = IE_TYPE_VENDOR_SPECIFIC;
+		oci_out[1] = 4 + 3;
+		l_put_be32(HANDSHAKE_KDE_OCI, oci_out + 2);
+		oci_from_chandef(sm->handshake->chandef, oci_out + 6);
+	}
+
 	/*
 	 * 802.11-2016, Section 12.7.7.2:
 	 * "
@@ -2089,6 +2110,7 @@ static void eapol_handle_gtk_1_of_2(struct eapol_sm *sm,
 	step2 = eapol_create_gtk_2_of_2(sm->protocol_version,
 					ek->key_descriptor_version,
 					sm->replay_counter,
+					oci_out[1] + 2, oci_out,
 					hs->wpa_ie, ek->wpa_key_id,
 					sm->mic_len);
 
diff --git a/src/eapol.h b/src/eapol.h
index a948c018..53ae6e8f 100644
--- a/src/eapol.h
+++ b/src/eapol.h
@@ -95,6 +95,8 @@ struct eapol_key *eapol_create_gtk_2_of_2(
 				enum eapol_protocol_version protocol,
 				enum eapol_key_descriptor_version version,
 				uint64_t key_replay_counter,
+				size_t extra_len,
+				const uint8_t *extra_data,
 				bool is_wpa, uint8_t wpa_key_id,
 				size_t mic_len);
 
-- 
2.31.1

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2021-09-28 22:05 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-28 22:05 [PATCH v2 2/5] eapol: include OCI in GTK 2/2 James Prestwood

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.