[v2,16/18] eapol: include IGTK in 4-way handshake as AP

Message ID	20240506003518.320176-17-brandtwjohn@gmail.com (mailing list archive)
State	New
Headers	show Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D39BB673 for <iwd@lists.linux.dev>; Mon, 6 May 2024 00:50:49 +0000 (UTC) From: John Brandt <brandtwjohn@gmail.com> To: iwd@lists.linux.dev Cc: John Brandt <brandtwjohn@gmail.com> Subject: [PATCH v2 16/18] eapol: include IGTK in 4-way handshake as AP Date: Sun, 5 May 2024 17:30:39 -0700 Message-ID: <20240506003518.320176-17-brandtwjohn@gmail.com> In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Basic WPA3 support in AP mode \| expand [v2,00/18] Basic WPA3 support in AP mode [v2,01/18] ap: ability to advertise PSK and SAE [v2,02/18] ap: accept PSK/SAE in auth depending on config [v2,03/18] unit: fix SAE unit tests [v2,04/18] sae: add function sae_set_group [v2,05/18] sae: refactor and add function sae_calculate_keys [v2,06/18] sae: make sae_process_commit callable in AP mode [v2,07/18] sae: verify offered group in AP mode [v2,08/18] sae: support reception of Confirm frame by AP [v2,09/18] ap: add support to handle SAE authentication [v2,10/18] ap: enable start of 4-way HS after SAE [v2,11/18] eapol: support PTK derivation with SHA256 [v2,12/18] eapol: encrypt key data for AKM-defined ciphers [v2,13/18] unit: add unit test for SAE AP mode [v2,14/18] ap: move toward requiring MFP when using SAE [v2,15/18] handshake: add functions to save and set IGTK [v2,16/18] eapol: include IGTK in 4-way handshake as AP [v2,17/18] ap: generate IGTK on startup if MFP is enabled [v2,18/18] ap: propogate IGTK and RSC to handshake

Message ID

20240506003518.320176-17-brandtwjohn@gmail.com (mailing list archive)

State

New

Headers

From: John Brandt <brandtwjohn@gmail.com>
To: iwd@lists.linux.dev
Cc: John Brandt <brandtwjohn@gmail.com>
Subject: [PATCH v2 16/18] eapol: include IGTK in 4-way handshake as AP
Date: Sun,  5 May 2024 17:30:39 -0700
Message-ID: <20240506003518.320176-17-brandtwjohn@gmail.com>
In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com>
References: <20240506003518.320176-1-brandtwjohn@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Basic WPA3 support in AP mode | expand

Context	Check	Description
tedd_an/pre-ci_am	success	Success
prestwoj/iwd-ci-gitlint	success	GitLint

Context

Check

Description

tedd_an/pre-ci_am

success

Success

prestwoj/iwd-ci-gitlint

success

GitLint

Comments

Denis Kenzior May 7, 2024, 4:20 p.m. UTC | #1

Hi John,

On 5/5/24 7:30 PM, John Brandt wrote:
> When SAE with MFP is being used, include the IGTK in message 3 of the
> 4-way handshake.
> ---
>   src/eapol.c | 12 ++++++++++++
>   1 file changed, 12 insertions(+)
> 

Applied after amending > 80 char line.

Regards,
-Denis

diff --git a/src/eapol.c b/src/eapol.c
index 524a26c9..8b21b886 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -1454,6 +1454,18 @@  static void eapol_send_ptk_3_of_4(struct eapol_sm *sm)
 		key_data_len += gtk_kde[1] + 2;
 	}
 
+	if (sm->handshake->mfp) {
+		enum crypto_cipher group_management_cipher = ie_rsn_cipher_suite_to_cipher(
+				sm->handshake->group_management_cipher);
+		uint8_t *igtk_kde = key_data_buf + key_data_len;
+
+		handshake_util_build_igtk_kde(group_management_cipher,
+						sm->handshake->igtk,
+						sm->handshake->igtk_index,
+						igtk_kde);
+		key_data_len += igtk_kde[1] + 2;
+	}
+
 	if (sm->handshake->support_ip_allocation &&
 			!sm->handshake->client_ip_addr) {
 		handshake_event(sm->handshake, HANDSHAKE_EVENT_P2P_IP_REQUEST);

[v2,16/18] eapol: include IGTK in 4-way handshake as AP

Checks

Commit Message

Comments

Patch