From: Denis Kenzior <denkenz@gmail.com>
To: iwd@lists.linux.dev
Cc: Denis Kenzior <denkenz@gmail.com>
Subject: [PATCH 01/26] eapol: More strictly validate key_descriptor_version
Date: Fri, 21 Oct 2022 14:12:42 -0500 [thread overview]
Message-ID: <20221021191307.31492-1-denkenz@gmail.com> (raw)
---
src/eapol.c | 38 +++++++++++++++++++++++---------------
src/eapolutil.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
src/eapolutil.h | 6 ++++++
3 files changed, 73 insertions(+), 15 deletions(-)
diff --git a/src/eapol.c b/src/eapol.c
index e8bd5cdbf64b..c6439bb1302d 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -2238,12 +2238,14 @@ static void eapol_key_handle(struct eapol_sm *sm,
const struct eapol_frame *frame,
bool unencrypted)
{
+ struct handshake_state *hs = sm->handshake;
const struct eapol_key *ek;
const uint8_t *kck;
const uint8_t *kek;
uint8_t *decrypted_key_data = NULL;
size_t key_data_len = 0;
uint64_t replay_counter;
+ uint8_t expected_key_descriptor_version;
ek = eapol_key_validate((const uint8_t *) frame,
sizeof(struct eapol_header) +
@@ -2256,11 +2258,19 @@ static void eapol_key_handle(struct eapol_sm *sm,
if (!ek->key_ack)
return;
+ if (L_WARN_ON(eapol_key_descriptor_version_from_akm(hs->akm_suite,
+ hs->pairwise_cipher,
+ &expected_key_descriptor_version) < 0))
+ return;
+
+ if (L_WARN_ON(expected_key_descriptor_version !=
+ ek->key_descriptor_version))
+ return;
+
/* Further Descriptor Type check */
- if (!sm->handshake->wpa_ie &&
- ek->descriptor_type != EAPOL_DESCRIPTOR_TYPE_80211)
+ if (!hs->wpa_ie && ek->descriptor_type != EAPOL_DESCRIPTOR_TYPE_80211)
return;
- else if (sm->handshake->wpa_ie &&
+ else if (hs->wpa_ie &&
ek->descriptor_type != EAPOL_DESCRIPTOR_TYPE_WPA)
return;
@@ -2293,31 +2303,30 @@ static void eapol_key_handle(struct eapol_sm *sm,
if (sm->have_replay && sm->replay_counter >= replay_counter)
return;
- kck = handshake_state_get_kck(sm->handshake);
+ kck = handshake_state_get_kck(hs);
if (ek->key_mic) {
/* Haven't received step 1 yet, so no ptk */
- if (!sm->handshake->have_snonce)
+ if (!hs->have_snonce)
return;
- if (!eapol_verify_mic(sm->handshake->akm_suite, kck, ek,
- sm->mic_len))
+ if (!eapol_verify_mic(hs->akm_suite, kck, ek, sm->mic_len))
return;
}
- if ((ek->encrypted_key_data && !sm->handshake->wpa_ie) ||
- (ek->key_type == 0 && sm->handshake->wpa_ie)) {
+ if ((ek->encrypted_key_data && !hs->wpa_ie) ||
+ (ek->key_type == 0 && hs->wpa_ie)) {
/*
* If using a MIC (non-FILS) but haven't received step 1 yet
* we disregard since there will be no ptk
*/
- if (sm->mic_len && !sm->handshake->have_snonce)
+ if (sm->mic_len && !hs->have_snonce)
return;
- kek = handshake_state_get_kek(sm->handshake);
+ kek = handshake_state_get_kek(hs);
decrypted_key_data = eapol_decrypt_key_data(
- sm->handshake->akm_suite, kek,
+ hs->akm_suite, kek,
ek, &key_data_len, sm->mic_len);
if (!decrypted_key_data)
return;
@@ -2326,11 +2335,10 @@ static void eapol_key_handle(struct eapol_sm *sm,
if (ek->key_type == 0) {
/* GTK handshake allowed only after PTK handshake complete */
- if (!sm->handshake->ptk_complete)
+ if (!hs->ptk_complete)
goto done;
- if (sm->handshake->group_cipher ==
- IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC)
+ if (hs->group_cipher == IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC)
goto done;
if (!decrypted_key_data)
diff --git a/src/eapolutil.c b/src/eapolutil.c
index e2a41c2e823f..3a0ef26e62bc 100644
--- a/src/eapolutil.c
+++ b/src/eapolutil.c
@@ -25,9 +25,11 @@
#endif
#include <stdio.h>
+#include <errno.h>
#include <ell/ell.h>
#include "src/eapolutil.h"
+#include "src/ie.h"
const struct eapol_key *eapol_key_validate(const uint8_t *frame, size_t len,
size_t mic_len)
@@ -80,3 +82,45 @@ const struct eapol_key *eapol_key_validate(const uint8_t *frame, size_t len,
return ek;
}
+
+int eapol_key_descriptor_version_from_akm(enum ie_rsn_akm_suite akm,
+ enum ie_rsn_cipher_suite pairwise,
+ uint8_t *outv)
+{
+ /* 802.11-2020 Section 12.7.2 */
+ switch (akm) {
+ case IE_RSN_AKM_SUITE_8021X:
+ case IE_RSN_AKM_SUITE_PSK:
+ if (pairwise == IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER ||
+ pairwise == IE_RSN_CIPHER_SUITE_TKIP)
+ *outv = EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_MD5_ARC4;
+ else
+ *outv = EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_SHA1_AES;
+
+ return 0;
+ case IE_RSN_AKM_SUITE_FT_OVER_8021X:
+ case IE_RSN_AKM_SUITE_FT_USING_PSK:
+ case IE_RSN_AKM_SUITE_8021X_SHA256:
+ case IE_RSN_AKM_SUITE_PSK_SHA256:
+ *outv = EAPOL_KEY_DESCRIPTOR_VERSION_AES_128_CMAC_AES;
+ return 0;
+ case IE_RSN_AKM_SUITE_SAE_SHA256:
+ case IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256:
+ case IE_RSN_AKM_SUITE_8021X_SUITE_B_SHA256:
+ case IE_RSN_AKM_SUITE_8021X_SUITE_B_SHA384:
+ case IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384:
+ case IE_RSN_AKM_SUITE_FILS_SHA256:
+ case IE_RSN_AKM_SUITE_FILS_SHA384:
+ case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256:
+ case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384:
+ case IE_RSN_AKM_SUITE_OWE:
+ case IE_RSN_AKM_SUITE_OSEN:
+ *outv = EAPOL_KEY_DESCRIPTOR_VERSION_AKM_DEFINED;
+ return 0;
+ case IE_RSN_AKM_SUITE_TDLS:
+ case IE_RSN_AKM_SUITE_AP_PEER_KEY_SHA256:
+ break;
+ }
+
+ return -ENOTSUP;
+};
diff --git a/src/eapolutil.h b/src/eapolutil.h
index 1f15872eb2d7..7451f69bedd8 100644
--- a/src/eapolutil.h
+++ b/src/eapolutil.h
@@ -25,6 +25,9 @@
#include <asm/byteorder.h>
#include <linux/types.h>
+enum ie_rsn_akm_suite;
+enum ie_rsn_cipher_suite;
+
enum eapol_protocol_version {
EAPOL_PROTOCOL_VERSION_2001 = 1,
EAPOL_PROTOCOL_VERSION_2004 = 2,
@@ -116,3 +119,6 @@ struct eapol_key {
const struct eapol_key *eapol_key_validate(const uint8_t *frame, size_t len,
size_t mic_len);
+int eapol_key_descriptor_version_from_akm(enum ie_rsn_akm_suite akm,
+ enum ie_rsn_cipher_suite pairwise,
+ uint8_t *out_version);
--
2.35.1
next reply other threads:[~2022-10-21 19:13 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-21 19:12 Denis Kenzior [this message]
2022-10-21 19:12 ` [PATCH 02/26] crypto: Rename BIP to BIP_CMAC Denis Kenzior
2022-10-21 19:12 ` [PATCH 03/26] ie: Rename _BIP to _BIP_CMAC Denis Kenzior
2022-10-21 19:12 ` [PATCH 04/26] ie: Simplify implementation Denis Kenzior
2022-10-21 19:12 ` [PATCH 05/26] crypto: Add new cipher definitions Denis Kenzior
2022-10-21 19:12 ` [PATCH 06/26] ie: Skip unknown pairwise ciphers Denis Kenzior
2022-10-21 19:12 ` [PATCH 07/26] netdev: Build RSN attributes in a common function Denis Kenzior
2022-10-21 19:12 ` [PATCH 08/26] netdev: Add support for setting GCMP keys Denis Kenzior
2022-10-21 19:12 ` [PATCH 09/26] ie: Add support for GCMP cipher suite Denis Kenzior
2022-10-21 19:12 ` [PATCH 10/26] ie: add ie_rsn_cipher_suite_to_string Denis Kenzior
2022-10-21 19:12 ` [PATCH 11/26] wiphy: Generalize supported cipher dumper Denis Kenzior
2022-10-21 19:12 ` [PATCH 12/26] wiphy: Support GCMP cipher suite Denis Kenzior
2022-10-21 19:12 ` [PATCH 13/26] doc: Document PairwiseCipher property Denis Kenzior
2022-10-21 19:12 ` [PATCH 14/26] station: diagnostic: implement PairwiseCipher Denis Kenzior
2022-10-21 19:12 ` [PATCH 15/26] auto-t: Support multiple pairwise ciphers in WPA2 Denis Kenzior
2022-10-21 19:12 ` [PATCH 16/26] ie: Add support for GCMP|CCMP-256 Denis Kenzior
2022-10-21 19:12 ` [PATCH 17/26] netdev: Add support for CCMP|GCMP-256 Denis Kenzior
2022-10-21 19:12 ` [PATCH 18/26] ie: Add IE_CIPHER_IS_GCMP_CCMP inline Denis Kenzior
2022-10-21 19:13 ` [PATCH 19/26] station: Use IE_CIPHER_IS_GCMP_CCMP Denis Kenzior
2022-10-21 19:13 ` [PATCH 20/26] wiphy: Support GCMP|CCMP-256 cipher suites Denis Kenzior
2022-10-21 19:13 ` [PATCH 21/26] doc: Document GCMP|CCMP-256 ciphers Denis Kenzior
2022-10-21 19:13 ` [PATCH 22/26] auto-t: Add GCMP|CCMP-256 to WPA2 test Denis Kenzior
2022-10-21 19:13 ` [PATCH 23/26] ie: Support more group management cipher suites Denis Kenzior
2022-10-21 19:13 ` [PATCH 24/26] netdev: Support more IGTK " Denis Kenzior
2022-10-21 19:13 ` [PATCH 25/26] wiphy: Support more group management " Denis Kenzior
2022-10-21 19:13 ` [PATCH 26/26] auto-t: Add tests for GMAC/GMAC-256/CMAC-256 Denis Kenzior
2022-10-26 19:53 ` [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221021191307.31492-1-denkenz@gmail.com \
--to=denkenz@gmail.com \
--cc=iwd@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).