81 	struct ieee80211_eapol_key *key;
94 	if (m->m_pkthdr.len < sizeof(*key))
96 	if (m->m_len < sizeof(*key) &&
97 	    (m = m_pullup(m, sizeof(*key))) == NULL) {
101 	key = mtod(m, struct ieee80211_eapol_key *);
103 	if (key->type != EAPOL_KEY)
108 	     key->desc != EAPOL_KEY_DESC_IEEE80211) ||
110 	     key->desc != EAPOL_KEY_DESC_WPA))
114 	bodylen = BE_READ_2(key->len);
119 	/* check key data length */
120 	paylen = BE_READ_2(key->paylen);
121 	if (paylen > totlen - sizeof(*key))
124 	info = BE_READ_2(key->info);
140 	/* make sure the key data field is contiguous */
145 	key = mtod(m, struct ieee80211_eapol_key *);
151 		ieee80211_recv_eapol_key_req(ic, key, ni);
157 				ieee80211_recv_4way_msg3(ic, key, ni);
160 				ieee80211_recv_4way_msg2or4(ic, key, ni);
163 			ieee80211_recv_4way_msg1(ic, key, ni);
169 			if (key->desc == EAPOL_KEY_DESC_WPA)
170 				ieee80211_recv_wpa_group_msg1(ic, key, ni);
172 				ieee80211_recv_rsn_group_msg1(ic, key, ni);
176 			ieee80211_recv_group_msg2(ic, key, ni);
188     struct ieee80211_eapol_key *key, struct ieee80211_node *ni)
208 	/* enforce monotonicity of key request replay counter */
210 	    BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) {
215 	/* parse key data field (may contain an encapsulated PMKID) */
216 	frm = (const u_int8_t *)&key[1];
217 	efrm = frm + BE_READ_2(key->paylen);
252 	} else	/* use pre-shared key */
257 	memcpy(ni->ni_nonce, key->nonce, EAPOL_KEY_NONCE_LEN);
266 	/* We are now expecting a new pairwise key. */
275 	(void)ieee80211_send_4way_msg2(ic, ni, key->replaycnt, &tptk);
284     struct ieee80211_eapol_key *key, struct ieee80211_node *ni,
305 	    ni->ni_macaddr, ni->ni_nonce, key->nonce, &tptk);
308 	if (ieee80211_eapol_key_check_mic(key, tptk.kck) != 0) {
309 		DPRINTF(("key MIC failed\n"));
344  * Check if a group key must be updated with a new GTK from an EAPOL frame.
345  * Manipulated group key handshake messages could trick clients into
346  * reinstalling an already used group key and hence lower or reset the
362     struct ieee80211_eapol_key *key, struct ieee80211_node *ni)
382 	/* enforce monotonicity of key request replay counter */
384 	    BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) {
395 	if (memcmp(key->nonce, ni->ni_nonce, EAPOL_KEY_NONCE_LEN) != 0) {
401 	    ic->ic_myaddr, key->nonce, ic->ic_nonce, &tptk);
403 	info = BE_READ_2(key->info);
406 	if (ieee80211_eapol_key_check_mic(key, tptk.kck) != 0) {
407 		DPRINTF(("key MIC failed\n"));
416 	    ieee80211_eapol_key_decrypt(key, ni->ni_ptk.kek) != 0) {
421 	/* parse key data field */
422 	frm = (const u_int8_t *)&key[1];
423 	efrm = frm + BE_READ_2(key->paylen);
476 	/* key data must be encrypted if GTK is included */
524 	/* update the last seen value of the key replay counter field */
525 	ni->ni_replaycnt = BE_READ_8(key->replaycnt);
538 	 * Only install a new pairwise key if we are still expecting a new key,
542 	 * used pairwise key. If this attack succeeded, the incremental nonce
543 	 * and replay counter associated with the key would be reset.
552 		/* check that key length matches that of pairwise cipher */
554 		if (BE_READ_2(key->keylen) != keylen) {
558 		prsc = (gtk == NULL) ? LE_READ_6(key->rsc) : 0;
560 		/* map PTK to 802.11 key */
582 		printf("%s: unexpected pairwise key update received from %s\n",
588 		/* check that key length matches that of group cipher */
594 		/* map GTK to 802.11 key */
604 			k->k_rsc[0] = LE_READ_6(key->rsc);
634 		/* map IGTK to 802.11 key */
692     struct ieee80211_eapol_key *key, struct ieee80211_node *ni)
707 	if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) {
708 		DPRINTF(("key MIC failed\n"));
720 		/* map PTK to 802.11 key */
751 	/* initiate a group key handshake for WPA */
764     struct ieee80211_eapol_key *key, struct ieee80211_node *ni)
769 	if (BE_READ_8(key->replaycnt) != ni->ni_replaycnt) {
774 	/* parse key data field (check if an RSN IE is present) */
775 	frm = (const u_int8_t *)&key[1];
776 	efrm = frm + BE_READ_2(key->paylen);
800 		ieee80211_recv_4way_msg2(ic, key, ni, rsnie);
802 		ieee80211_recv_4way_msg4(ic, key, ni);
811     struct ieee80211_eapol_key *key, struct ieee80211_node *ni)
829 	/* enforce monotonicity of key request replay counter */
830 	if (BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) {
835 	if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) {
836 		DPRINTF(("key MIC failed\n"));
840 	info = BE_READ_2(key->info);
844 	    ieee80211_eapol_key_decrypt(key, ni->ni_ptk.kek) != 0) {
849 	/* parse key data field (shall contain a GTK KDE) */
850 	frm = (const u_int8_t *)&key[1];
851 	efrm = frm + BE_READ_2(key->paylen);
882 	/* check that key length matches that of group cipher */
887 	/* map GTK to 802.11 key */
897 		k->k_rsc[0] = LE_READ_6(key->rsc);
922 		/* map IGTK to 802.11 key */
956 	/* update the last seen value of the key replay counter field */
957 	ni->ni_replaycnt = BE_READ_8(key->replaycnt);
961 		    ic->ic_if.if_xname, 1, 2, "group key",
977     struct ieee80211_eapol_key *key, struct ieee80211_node *ni)
995 	/* enforce monotonicity of key request replay counter */
996 	if (BE_READ_8(key->replaycnt) <= ni->ni_replaycnt) {
1001 	if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) {
1002 		DPRINTF(("key MIC failed\n"));
1010 	if (ieee80211_eapol_key_decrypt(key, ni->ni_ptk.kek) != 0) {
1015 	/* check that key length matches that of group cipher */
1017 	if (BE_READ_2(key->keylen) != keylen)
1020 	/* check that the data length is large enough to hold the key */
1021 	if (BE_READ_2(key->paylen) < keylen)
1024 	info = BE_READ_2(key->info);
1026 	/* map GTK to 802.11 key */
1029 	gtk = (const uint8_t *)&key[1]; /* key data field contains the GTK */
1037 		k->k_rsc[0] = LE_READ_6(key->rsc);
1065 	/* update the last seen value of the key replay counter field */
1066 	ni->ni_replaycnt = BE_READ_8(key->replaycnt);
1070 		    ic->ic_if.if_xname, 1, 2, "group key",
1083     struct ieee80211_eapol_key *key, struct ieee80211_node *ni)
1095 	/* enforce monotonicity of key request replay counter */
1096 	if (BE_READ_8(key->replaycnt) != ni->ni_replaycnt) {
1101 	if (ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) {
1102 		DPRINTF(("key MIC failed\n"));
1125 		    ic->ic_if.if_xname, 2, 2, "group key",
1136     struct ieee80211_eapol_key *key, struct ieee80211_node *ni)
1149 	/* enforce monotonicity of key request replay counter */
1151 	    BE_READ_8(key->replaycnt) <= ni->ni_reqreplaycnt) {
1155 	info = BE_READ_2(key->info);
1158 	    ieee80211_eapol_key_check_mic(key, ni->ni_ptk.kck) != 0) {
1159 		DPRINTF(("key request MIC failed\n"));
1163 	/* update key request replay counter now that MIC is verified */
1164 	ni->ni_reqreplaycnt = BE_READ_8(key->replaycnt);
1176 		ieee80211_michael_mic_failure(ic, LE_READ_6(key->rsc));

Indexes created Wed May 22 12:01:17 MDT 2024