wlan: Fix incorrect length of encrypted auth frame
Memory for encrypted auth frame is allocated based on macro
SIR_MAC_AUTH_CHALLENGE_LENGTH. SIR_MAC_AUTH_CHALLENGE_LENGTH
was updated to 253 from 128. Auth failure is observed on
receiving challenge text of length 128.
Fix is to use length based on the challenge text received.
Change-Id: I5ba5748c9ae00b61743883862ca884ac1134da15
CRs-Fixed: 2084599
diff --git a/CORE/MAC/src/pe/lim/limSecurityUtils.c b/CORE/MAC/src/pe/lim/limSecurityUtils.c
index 468b6a4..9f88436 100644
--- a/CORE/MAC/src/pe/lim/limSecurityUtils.c
+++ b/CORE/MAC/src/pe/lim/limSecurityUtils.c
@@ -619,7 +619,10 @@
tANI_U8 *pEncrBody, tANI_U32 keyLength)
{
tANI_U8 seed[LIM_SEED_LENGTH], icv[SIR_MAC_WEP_ICV_LENGTH];
+ tANI_U16 frame_len;
+ frame_len = ((tpSirMacAuthFrameBody)pPlainText)->length +
+ SIR_MAC_AUTH_FRAME_INFO_LEN + SIR_MAC_CHALLENGE_ID_LEN;
keyLength += 3;
// Bytes 0-2 of seed is IV
@@ -630,15 +633,15 @@
vos_mem_copy((tANI_U8 *) &seed[3], pKey, keyLength - 3);
// Compute CRC-32 and place them in last 4 bytes of plain text
- limComputeCrc32(icv, pPlainText, sizeof(tSirMacAuthFrameBody));
+ limComputeCrc32(icv, pPlainText, frame_len);
- vos_mem_copy( pPlainText + sizeof(tSirMacAuthFrameBody),
+ vos_mem_copy( pPlainText + frame_len,
icv, SIR_MAC_WEP_ICV_LENGTH);
// Run RC4 on plain text with the seed
limRC4(pEncrBody + SIR_MAC_WEP_IV_LENGTH,
(tANI_U8 *) pPlainText, seed, keyLength,
- LIM_ENCR_AUTH_BODY_LEN - SIR_MAC_WEP_IV_LENGTH);
+ frame_len + SIR_MAC_WEP_ICV_LENGTH);
// Prepare IV
pEncrBody[0] = seed[0];