summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys/net80211/ieee80211_crypto.c25
-rw-r--r--sys/net80211/ieee80211_proto.h4
2 files changed, 27 insertions, 2 deletions
diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c
index 86fb47c3a60..139658bed88 100644
--- a/sys/net80211/ieee80211_crypto.c
+++ b/sys/net80211/ieee80211_crypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_crypto.c,v 1.24 2007/07/24 19:39:22 damien Exp $ */
+/* $OpenBSD: ieee80211_crypto.c,v 1.25 2007/07/24 20:34:16 damien Exp $ */
/* $NetBSD: ieee80211_crypto.c,v 1.5 2003/12/14 09:56:53 dyoung Exp $ */
/*-
@@ -677,6 +677,29 @@ ieee80211_eapol_key_mic(struct ieee80211_eapol_key *key, const u_int8_t *kck)
}
/*
+ * Check the MIC of a received EAPOL-Key frame using the specified Key
+ * Confirmation Key (KCK).
+ */
+int
+ieee80211_eapol_key_check_mic(struct ieee80211_eapol_key *key,
+ const u_int8_t *kck)
+{
+ u_int8_t mic[EAPOL_KEY_MIC_LEN];
+ u_int16_t info;
+
+ info = BE_READ_2(key->info);
+ KASSERT(info & EAPOL_KEY_KEYMIC);
+
+ memcpy(mic, key->mic, EAPOL_KEY_MIC_LEN);
+ memset(key->mic, 0, EAPOL_KEY_MIC_LEN);
+ info &= ~EAPOL_KEY_KEYMIC;
+ BE_WRITE_2(key->info, info);
+ ieee80211_eapol_key_mic(key, kck);
+
+ return memcmp(key->mic, mic, EAPOL_KEY_MIC_LEN) != 0;
+}
+
+/*
* Encrypt the Key Data field of an EAPOL-Key frame using the specified Key
* Encryption Key (KEK). The encryption algorithm can be either ARC4 or
* AES Key Wrap depending on the EAPOL-Key Key Descriptor Version.
diff --git a/sys/net80211/ieee80211_proto.h b/sys/net80211/ieee80211_proto.h
index 352cb285543..f8cb2c63bd9 100644
--- a/sys/net80211/ieee80211_proto.h
+++ b/sys/net80211/ieee80211_proto.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ieee80211_proto.h,v 1.22 2007/07/24 16:53:03 damien Exp $ */
+/* $OpenBSD: ieee80211_proto.h,v 1.23 2007/07/24 20:34:16 damien Exp $ */
/* $NetBSD: ieee80211_proto.h,v 1.3 2003/10/13 04:23:56 dyoung Exp $ */
/*-
@@ -108,6 +108,8 @@ extern void ieee80211_reset_erp(struct ieee80211com *);
extern void ieee80211_set_shortslottime(struct ieee80211com *, int);
extern void ieee80211_eapol_key_mic(struct ieee80211_eapol_key *,
const u_int8_t *);
+extern int ieee80211_eapol_key_check_mic(struct ieee80211_eapol_key *,
+ const u_int8_t *);
extern void ieee80211_eapol_key_encrypt(struct ieee80211com *,
struct ieee80211_eapol_key *, const u_int8_t *);
extern int ieee80211_eapol_key_decrypt(struct ieee80211_eapol_key *,