diff options
author | Jouni Malinen <jouni@qca.qualcomm.com> | 2015-09-03 12:59:44 (GMT) |
---|---|---|
committer | Jouni Malinen <j@w1.fi> | 2016-10-10 18:11:47 (GMT) |
commit | 3b5b7aa8fb1ea0cd83cfdb246dc47d17734a5bc6 (patch) | |
tree | 258e655f229f01c1022a855abcb38bd7e6e7a40a /hostapd | |
parent | 2022f1d08d54ef706b4dc1afca4cc13e4599a577 (diff) | |
download | hostap-3b5b7aa8fb1ea0cd83cfdb246dc47d17734a5bc6.zip hostap-3b5b7aa8fb1ea0cd83cfdb246dc47d17734a5bc6.tar.gz hostap-3b5b7aa8fb1ea0cd83cfdb246dc47d17734a5bc6.tar.bz2 |
FILS: Use AEAD cipher to check received EAPOL-Key frames (AP)
This changes 4-way handshake authenticator processing to decrypt the
EAPOL-Key frames using an AEAD cipher (AES-SIV with FILS AKMs) before
processing the Key Data field. This replaces Key MIC validation for the
cases where AEAD cipher is used. This needs to move the EAPOL-Key msg
2/4 RSN element processing to happen only after the PTK has been derived
and validated. That is done for all AKMs to avoid extra complexity with
having to maintain two code paths for this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'hostapd')
-rw-r--r-- | hostapd/Android.mk | 4 | ||||
-rw-r--r-- | hostapd/Makefile | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/hostapd/Android.mk b/hostapd/Android.mk index da92639..1cc78d7 100644 --- a/hostapd/Android.mk +++ b/hostapd/Android.mk @@ -262,6 +262,7 @@ ifdef CONFIG_FILS L_CFLAGS += -DCONFIG_FILS NEED_CRC32=y NEED_SHA384=y +NEED_AES_SIV=y endif ifdef CONFIG_WNM @@ -743,6 +744,9 @@ ifneq ($(CONFIG_TLS), openssl) AESOBJS += src/crypto/aes-cbc.c endif endif +ifdef NEED_AES_SIV +AESOBJS += src/crypto/aes-siv.c +endif ifdef NEED_AES_DEC ifdef CONFIG_INTERNAL_AES AESOBJS += src/crypto/aes-internal-dec.c diff --git a/hostapd/Makefile b/hostapd/Makefile index 61daf0d..044c8c0 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -309,6 +309,7 @@ ifdef CONFIG_FILS CFLAGS += -DCONFIG_FILS NEED_CRC32=y NEED_SHA384=y +NEED_AES_SIV=y endif ifdef CONFIG_WNM @@ -783,6 +784,9 @@ ifneq ($(CONFIG_TLS), openssl) AESOBJS += ../src/crypto/aes-cbc.o endif endif +ifdef NEED_AES_SIV +AESOBJS += ../src/crypto/aes-siv.o +endif ifdef NEED_AES_DEC ifdef CONFIG_INTERNAL_AES AESOBJS += ../src/crypto/aes-internal-dec.o |