robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

[wpa] Remove PMKID checking 

PMKID checking is an additional pre-check that helps detect invalid
passphrases before going through the full handshaking procedure. It
takes up some amount of code size, and is not necessary from a
security perspective. It also is implemented improperly by some
routers, which was causing iPXE to give spurious authentication
errors. Remove it for these reasons.

Signed-off-by: Joshua Oreman <oremanj@rwcr.net>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Joshua Oreman 14 years ago
parent
83efb3d750
commit
723cfad316
1 changed files with 0 additions and 64 deletions
Split View Show Diff Stats
  1. 0
    64
      src/net/80211/wpa.c

+ 0
- 64
src/net/80211/wpa.c View File 

@@ -268,44 +268,6 @@ void wpa_stop ( struct net80211_device *dev )
268 268 
 }
269 269
270 270
271 
-/**
272 
- * Check PMKID consistency
273 
- *
274 
- * @v ctx	WPA common context
275 
- * @v pmkid	PMKID to check against (16 bytes long)
276 
- * @ret rc	Zero if they match, or a negative error code if not
277 
- */
278 
-int wpa_check_pmkid ( struct wpa_common_ctx *ctx, const u8 *pmkid )
279 
-{
280 
-	u8 sha1_ctx[SHA1_CTX_SIZE];
281 
-	u8 my_pmkid[SHA1_SIZE];
282 
-	u8 pmk[ctx->pmk_len];
283 
-	size_t pmk_len;
284 
-	struct {
285 
-		char name[8];
286 
-		u8 aa[ETH_ALEN];
287 
-		u8 spa[ETH_ALEN];
288 
-	} __attribute__ (( packed )) pmkid_data;
289 
-
290 
-	memcpy ( pmk, ctx->pmk, ctx->pmk_len );
291 
-	pmk_len = ctx->pmk_len;
292 
-
293 
-	memcpy ( pmkid_data.name, "PMK Name", 8 );
294 
-	memcpy ( pmkid_data.aa, ctx->dev->bssid, ETH_ALEN );
295 
-	memcpy ( pmkid_data.spa, ctx->dev->netdev->ll_addr, ETH_ALEN );
296 
-
297 
-	hmac_init ( &sha1_algorithm, sha1_ctx, pmk, &pmk_len );
298 
-	hmac_update ( &sha1_algorithm, sha1_ctx, &pmkid_data,
299 
-		      sizeof ( pmkid_data ) );
300 
-	hmac_final ( &sha1_algorithm, sha1_ctx, pmk, &pmk_len, my_pmkid );
301 
-
302 
-	if ( memcmp ( my_pmkid, pmkid, WPA_PMKID_LEN ) != 0 )
303 
-		return -EACCES;
304 
-
305 
-	return 0;
306 
-}
307 
-
308 
-
309 271 
 /**
310 272 
  * Derive pairwise transient key
311 273 
  *
 
@@ -546,8 +508,6 @@ static int wpa_handle_1_of_4 ( struct wpa_common_ctx *ctx,
546 508 
 			       struct eapol_key_pkt *pkt, int is_rsn,
547 509 
 			       struct wpa_kie *kie )
548 510 
 {
549 
-	int rc;
550 
-
551 511 
 	if ( ctx->state == WPA_WAITING )
552 512 
 		return -EINVAL;
553 513 
 
@@ -558,30 +518,6 @@ static int wpa_handle_1_of_4 ( struct wpa_common_ctx *ctx,
558 518 
 		ctx->have_Snonce = 1;
559 519 
 	}
560 520
561 
-	if ( is_rsn && pkt->datalen ) {
562 
-		union ieee80211_ie *ie = ( union ieee80211_ie * ) pkt->data;
563 
-		void *ie_end = pkt->data + pkt->datalen;
564 
-
565 
-		if ( ! ieee80211_ie_bound ( ie, ie_end ) ) {
566 
-			DBGC ( ctx, "WPA %p: malformed PMKID KDE\n", ctx );
567 
-			return wpa_fail ( ctx, -EINVAL );
568 
-		}
569 
-
570 
-		while ( ie ) {
571 
-			if ( ie->id == IEEE80211_IE_VENDOR &&
572 
-			     ie->vendor.oui == WPA_KDE_PMKID ) {
573 
-				rc = wpa_check_pmkid ( ctx, ie->vendor.data );
574 
-				if ( rc < 0 ) {
575 
-					DBGC ( ctx, "WPA %p ALERT: PMKID "
576 
-					       "mismatch in 1/4\n", ctx );
577 
-					return wpa_fail ( ctx, rc );
578 
-				}
579 
-			}
580 
-
581 
-			ie = ieee80211_next_ie ( ie, ie_end );
582 
-		}
583 
-	}
584 
-
585 521 
 	DBGC ( ctx, "WPA %p: received 1/4, looks OK\n", ctx );
586 522
587 523 
 	wpa_derive_ptk ( ctx );

Write Preview
Loading…
Cancel
Save