From: sarada prasanna garnayak <sarada.prasanna.garnayak@xxxxxxxxx>
Observed some client adding invalid group cipher in association request which
is not matching with the AP which leads to EAPOL handshake failure due invalid key length.
e.g.
AP configuration : ieee80211w=1 and group_mgmt_cipher=BIP-GMAC-256
Station support : group_mgmt_cipher=AES-128-CMAC
. Hostap sending the IGTK in EAPOL 3rd message length 32 and WPA_supplicant validate
the key length (expecting 16) but the cipher key length is 32 from hostapd as per
the AP group mgmt. cipher.
. Invalid IGTK key length for wpa_supplicant and stop EAPOL handshake state machine
and generate DEAUTH.
So reject the association request if management frame protection is true and cipher
key length is not matching between AP and STA.
Signed-off-by: sarada prasanna garnayak <sarada.prasanna.garnayak@xxxxxxxxx>
---
src/ap/wpa_auth_ie.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 2e6d05910..2cef07cc8 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -815,6 +815,13 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
else
sm->mgmt_frame_prot = 1;
+ if (sm->mgmt_frame_prot && (wpa_cipher_key_len(data.mgmt_group_cipher) !=
+ wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher))) {
+ wpa_printf(MSG_ERROR,
+ "Management frame protection required same key length for both AP and STA");
+ return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
+ }
+
if (sm->mgmt_frame_prot && (ciphers & WPA_CIPHER_TKIP)) {
wpa_printf(MSG_DEBUG,
"Management frame protection cannot use TKIP");
--
2.11.0
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
