* [PATCH v3 1/5] ft: check authenticator_ie from ft_ds_info, not handshake
@ 2021-09-28 22:25 James Prestwood
0 siblings, 0 replies; 2+ messages in thread
From: James Prestwood @ 2021-09-28 22:25 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 1686 bytes --]
The handshake contains the current BSS's RSNE/WPA which may differ
from the FT-over-DS target. When verifying the target BSS's RSNE/WPA
IE needs to be checked, not the current BSS.
---
src/ft.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/ft.c b/src/ft.c
index fecb4c0e..7a4b16f3 100644
--- a/src/ft.c
+++ b/src/ft.c
@@ -354,6 +354,7 @@ static bool ft_verify_rsne(const uint8_t *rsne, const uint8_t *pmk_r0_name,
}
static int ft_parse_ies(struct handshake_state *hs,
+ const uint8_t *authenticator_ie,
const uint8_t *ies, size_t ies_len,
const uint8_t **mde_out,
const uint8_t **fte_out)
@@ -394,8 +395,7 @@ static int ft_parse_ies(struct handshake_state *hs,
is_rsn = hs->supplicant_ie != NULL;
if (is_rsn) {
- if (!ft_verify_rsne(rsne, hs->pmk_r0_name,
- hs->authenticator_ie))
+ if (!ft_verify_rsne(rsne, hs->pmk_r0_name, authenticator_ie))
goto ft_error;
} else if (rsne)
goto ft_error;
@@ -485,7 +485,8 @@ bool ft_over_ds_parse_action_ies(struct ft_ds_info *info,
const uint8_t *fte = NULL;
bool is_rsn = hs->supplicant_ie != NULL;
- if (ft_parse_ies(hs, ies, ies_len, &mde, &fte) < 0)
+ if (ft_parse_ies(hs, info->authenticator_ie, ies, ies_len,
+ &mde, &fte) < 0)
return false;
if (!mde_equal(info->mde, mde))
@@ -516,7 +517,8 @@ static int ft_process_ies(struct handshake_state *hs, const uint8_t *ies,
if (!ies)
goto ft_error;
- if (ft_parse_ies(hs, ies, ies_len, &mde, &fte) < 0)
+ if (ft_parse_ies(hs, hs->authenticator_ie, ies, ies_len,
+ &mde, &fte) < 0)
goto ft_error;
if (!mde_equal(hs->mde, mde))
--
2.31.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v3 1/5] ft: check authenticator_ie from ft_ds_info, not handshake
@ 2021-09-28 22:26 Denis Kenzior
0 siblings, 0 replies; 2+ messages in thread
From: Denis Kenzior @ 2021-09-28 22:26 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 385 bytes --]
Hi James,
On 9/28/21 5:25 PM, James Prestwood wrote:
> The handshake contains the current BSS's RSNE/WPA which may differ
> from the FT-over-DS target. When verifying the target BSS's RSNE/WPA
> IE needs to be checked, not the current BSS.
> ---
> src/ft.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
All applied, thanks.
Regards,
-Denis
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-09-28 22:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-28 22:25 [PATCH v3 1/5] ft: check authenticator_ie from ft_ds_info, not handshake James Prestwood
2021-09-28 22:26 Denis Kenzior
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.