Corrected eapol key length

Mika Leppänen · Mika Leppänen · commit 45a76e1a338c · 2019-03-29T12:10:17.000+02:00
Set the key length to 16 octets. Also set the initial EAPOL-Key sequence
counter and key length to zero.
diff --git a/source/Security/eapol/eapol_helper.h b/source/Security/eapol/eapol_helper.h
@@ -18,15 +18,16 @@
 #ifndef EAPOL_HELPER_H_
 #define EAPOL_HELPER_H_
 
-#define EAPOL_PROTOCOL_VERSION 3
-#define EAPOL_EAP_TYPE 0
-#define EAPOL_KEY_TYPE 3
-#define EAPOL_KEY_NONCE_LEN 32
-#define EAPOL_KEY_MIC_LEN 16
+#define EAPOL_PROTOCOL_VERSION      3
+#define EAPOL_EAP_TYPE              0
+#define EAPOL_KEY_TYPE              3
+#define EAPOL_KEY_NONCE_LEN         32
+#define EAPOL_KEY_MIC_LEN           16
+#define EAPOL_KEY_LEN               16
 
-#define EAPOL_BASE_LENGTH 4 //Protocol version 1 byte, Packet type 1 byte, packet length 2 byte
+#define EAPOL_BASE_LENGTH           4 //Protocol version 1 byte, Packet type 1 byte, packet length 2 byte
 
-#define EAPOL_KEY_FRAME_BASE_SIZE 95
+#define EAPOL_KEY_FRAME_BASE_SIZE   95
 
 struct eap_header_t;
 
diff --git a/source/Security/protocols/fwh_sec_prot/auth_fwh_sec_prot.c b/source/Security/protocols/fwh_sec_prot/auth_fwh_sec_prot.c
@@ -273,7 +273,7 @@ static int8_t auth_fwh_sec_prot_message_send(sec_prot_t *prot, fwh_sec_prot_msg_
             sec_prot_keys_pmk_replay_cnt_increment(prot->sec_keys);
             eapol_pdu.msg.key.replay_counter = sec_prot_keys_pmk_replay_cnt_get(prot->sec_keys);
             eapol_pdu.msg.key.key_information.key_ack = true;
-            eapol_pdu.msg.key.key_length = 32;
+            eapol_pdu.msg.key.key_length = EAPOL_KEY_LEN;
             eapol_pdu.msg.key.key_nonce = data->nonce;
             break;
         case FWH_MESSAGE_3:
@@ -285,7 +285,7 @@ static int8_t auth_fwh_sec_prot_message_send(sec_prot_t *prot, fwh_sec_prot_msg_
             eapol_pdu.msg.key.key_information.secured_key_frame = true;
             eapol_pdu.msg.key.key_information.encrypted_key_data = true;
             eapol_pdu.msg.key.key_nonce = data->nonce;
-            eapol_pdu.msg.key.key_length = 32;
+            eapol_pdu.msg.key.key_length = EAPOL_KEY_LEN;
             break;
         default:
             break;
diff --git a/source/Security/protocols/key_sec_prot/key_sec_prot.c b/source/Security/protocols/key_sec_prot/key_sec_prot.c
@@ -161,12 +161,11 @@ static void key_sec_prot_create_request(sec_prot_t *prot, sec_prot_keys_t *sec_k
     if (!eapol_decoded_data) {
         data->result = SEC_RESULT_ERR_NO_MEM;
     } else {
-        //Test Data
         eapol_pdu.msg.key.key_information.install = false;
         eapol_pdu.msg.key.key_information.pairwise_key = false;
         eapol_pdu.msg.key.key_information.request = true;
-        eapol_pdu.msg.key.replay_counter = 10;
-        eapol_pdu.msg.key.key_length = 32;
+        eapol_pdu.msg.key.replay_counter = 0;
+        eapol_pdu.msg.key.key_length = 0;
         eapol_write_pdu_frame(eapol_decoded_data + prot->header_size, &eapol_pdu);
 
         tr_info("Initial EAPOL-Key send, PMKID %s PTKID %s GTKL %x", pmk ? "set" : "not set", ptk ? "set" : "not set", gtkl);
