aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-09-03 12:59:44 (GMT)
committerJouni Malinen <j@w1.fi>2016-10-10 18:11:47 (GMT)
commit3b5b7aa8fb1ea0cd83cfdb246dc47d17734a5bc6 (patch)
tree258e655f229f01c1022a855abcb38bd7e6e7a40a /hostapd
parent2022f1d08d54ef706b4dc1afca4cc13e4599a577 (diff)
downloadhostap-3b5b7aa8fb1ea0cd83cfdb246dc47d17734a5bc6.zip
hostap-3b5b7aa8fb1ea0cd83cfdb246dc47d17734a5bc6.tar.gz
hostap-3b5b7aa8fb1ea0cd83cfdb246dc47d17734a5bc6.tar.bz2
FILS: Use AEAD cipher to check received EAPOL-Key frames (AP)
This changes 4-way handshake authenticator processing to decrypt the EAPOL-Key frames using an AEAD cipher (AES-SIV with FILS AKMs) before processing the Key Data field. This replaces Key MIC validation for the cases where AEAD cipher is used. This needs to move the EAPOL-Key msg 2/4 RSN element processing to happen only after the PTK has been derived and validated. That is done for all AKMs to avoid extra complexity with having to maintain two code paths for this. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/Android.mk4
-rw-r--r--hostapd/Makefile4
2 files changed, 8 insertions, 0 deletions
diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index da92639..1cc78d7 100644
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
@@ -262,6 +262,7 @@ ifdef CONFIG_FILS
L_CFLAGS += -DCONFIG_FILS
NEED_CRC32=y
NEED_SHA384=y
+NEED_AES_SIV=y
endif
ifdef CONFIG_WNM
@@ -743,6 +744,9 @@ ifneq ($(CONFIG_TLS), openssl)
AESOBJS += src/crypto/aes-cbc.c
endif
endif
+ifdef NEED_AES_SIV
+AESOBJS += src/crypto/aes-siv.c
+endif
ifdef NEED_AES_DEC
ifdef CONFIG_INTERNAL_AES
AESOBJS += src/crypto/aes-internal-dec.c
diff --git a/hostapd/Makefile b/hostapd/Makefile
index 61daf0d..044c8c0 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -309,6 +309,7 @@ ifdef CONFIG_FILS
CFLAGS += -DCONFIG_FILS
NEED_CRC32=y
NEED_SHA384=y
+NEED_AES_SIV=y
endif
ifdef CONFIG_WNM
@@ -783,6 +784,9 @@ ifneq ($(CONFIG_TLS), openssl)
AESOBJS += ../src/crypto/aes-cbc.o
endif
endif
+ifdef NEED_AES_SIV
+AESOBJS += ../src/crypto/aes-siv.o
+endif
ifdef NEED_AES_DEC
ifdef CONFIG_INTERNAL_AES
AESOBJS += ../src/crypto/aes-internal-dec.o