OSEN: Do not send the actual BIGTK to OSEN STAs

OSEN STAs are not authenticated, so do not send the actual BIGTK for
them so that they cannot generate forged protected Beacon frames. This
means that OSEN STAs cannot enable beacon protection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 6b8fa52fc0f6388eb2eda2e40b9dc21bc7a8a44f..50b42646e7d843290bd9888d8fbd7832e2b8ce84 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -3212,6 +3212,14 @@ static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
        else
                os_memcpy(bigtk.pn, rsc, sizeof(bigtk.pn));
        os_memcpy(bigtk.bigtk, gsm->BIGTK[gsm->GN_bigtk - 6], len);
+       if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
+               /*
+                * Provide unique random BIGTK to each OSEN STA to prevent use
+                * of BIGTK in the BSS.
+                */
+               if (random_get_bytes(bigtk.bigtk, len) < 0)
+                       return pos;
+       }
        pos = wpa_add_kde(pos, RSN_KEY_DATA_BIGTK,
                          (const u8 *) &bigtk, WPA_BIGTK_KDE_PREFIX_LEN + len,
                          NULL, 0);
@@ -4174,6 +4182,14 @@ int wpa_wnmsleep_bigtk_subelem(struct wpa_state_machine *sm, u8 *pos)
        pos += 6;
 
        os_memcpy(pos, gsm->BIGTK[gsm->GN_bigtk - 6], len);
+       if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
+               /*
+                * Provide unique random BIGTK to each STA to prevent use
+                * of BIGTK in the BSS.
+                */
+               if (random_get_bytes(pos, len) < 0)
+                       return 0;
+       }
        pos += len;
 
        wpa_printf(MSG_DEBUG, "WNM: BIGTK Key ID %u in WNM-Sleep Mode exit",

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 79cf10866a3026cb332640f980dc2eb4c0e1e53a..570e2ee4a58e63347b8aa0f7ad2d5708e95e52c2 100644 (file)
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -2315,9 +2315,10 @@ static u8 * wpa_ft_bigtk_subelem(struct wpa_state_machine *sm, size_t *len)
        u8 *subelem, *pos;
        struct wpa_group *gsm = sm->group;
        size_t subelem_len;
-       const u8 *kek;
+       const u8 *kek, *bigtk;
        size_t kek_len;
        size_t bigtk_len;
+       u8 dummy_bigtk[WPA_IGTK_MAX_LEN];
 
        if (wpa_key_mgmt_fils(sm->wpa_key_mgmt)) {
                kek = sm->PTK.kek2;
@@ -2344,8 +2345,19 @@ static u8 * wpa_ft_bigtk_subelem(struct wpa_state_machine *sm, size_t *len)
        wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_bigtk, pos);
        pos += 6;
        *pos++ = bigtk_len;
-       if (aes_wrap(kek, kek_len, bigtk_len / 8,
-                    gsm->IGTK[gsm->GN_bigtk - 6], pos)) {
+       bigtk = gsm->IGTK[gsm->GN_bigtk - 6];
+       if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
+               /*
+                * Provide unique random BIGTK to each OSEN STA to prevent use
+                * of BIGTK in the BSS.
+                */
+               if (random_get_bytes(dummy_bigtk, bigtk_len / 8) < 0) {
+                       os_free(subelem);
+                       return NULL;
+               }
+               bigtk = dummy_bigtk;
+       }
+       if (aes_wrap(kek, kek_len, bigtk_len / 8, bigtk, pos)) {
                wpa_printf(MSG_DEBUG,
                           "FT: BIGTK subelem encryption failed: kek_len=%d",
                           (int) kek_len);