aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-01-15 04:29:43 (GMT)
committerJouni Malinen <j@w1.fi>2008-01-15 04:29:43 (GMT)
commit396cab107ebba8458ba2327cf4feef578bd29f97 (patch)
treea6381e27d9d94319ce7267321bab32a704008ded /hostapd
parentbb2497132cfc61062e46dd2c255d0a773f75c590 (diff)
downloadhostap-history-396cab107ebba8458ba2327cf4feef578bd29f97.zip
hostap-history-396cab107ebba8458ba2327cf4feef578bd29f97.tar.gz
hostap-history-396cab107ebba8458ba2327cf4feef578bd29f97.tar.bz2
FT: Use AES-128-CMAC for MIC regardless of pairwise cipher suite
IEEE 802.11r was changed to use AES-128-CMAC for MIC in EAPOL-Key and FT Action frames regardless of the negotiated pairwise cipher suite. This changed couple of drafts back, but the implementation here was still using the old version that had different MIC algorithm for cases when CCMP was not the negotiated cipher suite.
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/wpa.c8
-rw-r--r--hostapd/wpa_ft.c7
2 files changed, 7 insertions, 8 deletions
diff --git a/hostapd/wpa.c b/hostapd/wpa.c
index 98021f2..08104c2 100644
--- a/hostapd/wpa.c
+++ b/hostapd/wpa.c
@@ -874,11 +874,11 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
if (force_version)
version = force_version;
- else if (sm->pairwise == WPA_CIPHER_CCMP) {
+ else if (wpa_use_aes_cmac(sm))
+ version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
+ else if (sm->pairwise == WPA_CIPHER_CCMP)
version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
- if (wpa_use_aes_cmac(sm))
- version = WPA_KEY_INFO_TYPE_AES_128_CMAC;
- } else
+ else
version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4;
pairwise = key_info & WPA_KEY_INFO_KEY_TYPE;
diff --git a/hostapd/wpa_ft.c b/hostapd/wpa_ft.c
index 76a97b5..44249e2 100644
--- a/hostapd/wpa_ft.c
+++ b/hostapd/wpa_ft.c
@@ -482,8 +482,8 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
_ftie = (struct rsn_ftie *) (ftie + 2);
_ftie->mic_control[1] = 3; /* Information element count */
- if (wpa_ft_mic(sm->PTK.kck, sm->pairwise == WPA_CIPHER_CCMP, sm->addr,
- sm->wpa_auth->addr, 6, mdie, mdie_len, ftie, ftie_len,
+ if (wpa_ft_mic(sm->PTK.kck, sm->addr, sm->wpa_auth->addr, 6,
+ mdie, mdie_len, ftie, ftie_len,
rsnie, rsnie_len, NULL, 0, _ftie->mic) < 0)
wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
@@ -880,8 +880,7 @@ u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies,
return WLAN_STATUS_INVALID_FTIE;
}
- if (wpa_ft_mic(sm->PTK.kck, sm->pairwise == WPA_CIPHER_CCMP, sm->addr,
- sm->wpa_auth->addr, 5,
+ if (wpa_ft_mic(sm->PTK.kck, sm->addr, sm->wpa_auth->addr, 5,
parse.mdie - 2, parse.mdie_len + 2,
parse.ftie - 2, parse.ftie_len + 2,
parse.rsn - 2, parse.rsn_len + 2, NULL, 0,