[PATCH] Hostapd: Check the group_mgmt_cipher key length between AP and STA for MFP in Assoc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: sarada prasanna garnayak <sarada.prasanna.garnayak@xxxxxxxxx>

Observed some client adding invalid group cipher in association request which
is not matching with the AP which leads to EAPOL handshake failure due invalid key length.

e.g.
AP configuration : ieee80211w=1 and group_mgmt_cipher=BIP-GMAC-256
Station support : group_mgmt_cipher=AES-128-CMAC

. Hostap sending the IGTK in EAPOL 3rd message length 32 and WPA_supplicant validate
  the key length (expecting 16) but the cipher key length is 32 from hostapd as per
  the AP group mgmt. cipher.
. Invalid IGTK key length for wpa_supplicant and stop EAPOL handshake state machine
  and generate DEAUTH.

So reject the association request if management frame protection is true and cipher
key length is not matching between AP and STA.

Signed-off-by: sarada prasanna garnayak <sarada.prasanna.garnayak@xxxxxxxxx>
---
 src/ap/wpa_auth_ie.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 2e6d05910..2cef07cc8 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -815,6 +815,13 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 	else
 		sm->mgmt_frame_prot = 1;
 
+	if (sm->mgmt_frame_prot && (wpa_cipher_key_len(data.mgmt_group_cipher) !=
+	    wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher))) {
+		wpa_printf(MSG_ERROR,
+			   "Management frame protection required same key length for both AP and STA");
+		return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
+	}
+
 	if (sm->mgmt_frame_prot && (ciphers & WPA_CIPHER_TKIP)) {
 		    wpa_printf(MSG_DEBUG,
 			       "Management frame protection cannot use TKIP");
-- 
2.11.0


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux