wok-6.x diff wpa_supplicant/stuff/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch @ rev 25563
New toolchain GCC 4.9.2, Glibc 2.19, Binutils 2.37
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Fri May 05 18:12:18 2023 +0200 (18 months ago) |
| parents | |
| children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/wpa_supplicant/stuff/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch Fri May 05 18:12:18 2023 +0200 1.3 @@ -0,0 +1,174 @@ 1.4 +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 1.5 +From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> 1.6 +Date: Fri, 14 Jul 2017 15:15:35 +0200 1.7 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake 1.8 + 1.9 +Do not reinstall TK to the driver during Reassociation Response frame 1.10 +processing if the first attempt of setting the TK succeeded. This avoids 1.11 +issues related to clearing the TX/RX PN that could result in reusing 1.12 +same PN values for transmitted frames (e.g., due to CCM nonce reuse and 1.13 +also hitting replay protection on the receiver) and accepting replayed 1.14 +frames on RX side. 1.15 + 1.16 +This issue was introduced by the commit 1.17 +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in 1.18 +authenticator') which allowed wpa_ft_install_ptk() to be called multiple 1.19 +times with the same PTK. While the second configuration attempt is 1.20 +needed with some drivers, it must be done only if the first attempt 1.21 +failed. 1.22 + 1.23 +Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> 1.24 +--- 1.25 + src/ap/ieee802_11.c | 16 +++++++++++++--- 1.26 + src/ap/wpa_auth.c | 11 +++++++++++ 1.27 + src/ap/wpa_auth.h | 3 ++- 1.28 + src/ap/wpa_auth_ft.c | 10 ++++++++++ 1.29 + src/ap/wpa_auth_i.h | 1 + 1.30 + 5 files changed, 37 insertions(+), 4 deletions(-) 1.31 + 1.32 +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c 1.33 +index 4e04169..333035f 100644 1.34 +--- a/src/ap/ieee802_11.c 1.35 ++++ b/src/ap/ieee802_11.c 1.36 +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, 1.37 + { 1.38 + struct ieee80211_ht_capabilities ht_cap; 1.39 + struct ieee80211_vht_capabilities vht_cap; 1.40 ++ int set = 1; 1.41 + 1.42 + /* 1.43 + * Remove the STA entry to ensure the STA PS state gets cleared and 1.44 +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, 1.45 + * FT-over-the-DS, where a station re-associates back to the same AP but 1.46 + * skips the authentication flow, or if working with a driver that 1.47 + * does not support full AP client state. 1.48 ++ * 1.49 ++ * Skip this if the STA has already completed FT reassociation and the 1.50 ++ * TK has been configured since the TX/RX PN must not be reset to 0 for 1.51 ++ * the same key. 1.52 + */ 1.53 +- if (!sta->added_unassoc) 1.54 ++ if (!sta->added_unassoc && 1.55 ++ (!(sta->flags & WLAN_STA_AUTHORIZED) || 1.56 ++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { 1.57 + hostapd_drv_sta_remove(hapd, sta->addr); 1.58 ++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); 1.59 ++ set = 0; 1.60 ++ } 1.61 + 1.62 + #ifdef CONFIG_IEEE80211N 1.63 + if (sta->flags & WLAN_STA_HT) 1.64 +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, 1.65 + sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, 1.66 + sta->flags | WLAN_STA_ASSOC, sta->qosinfo, 1.67 + sta->vht_opmode, sta->p2p_ie ? 1 : 0, 1.68 +- sta->added_unassoc)) { 1.69 ++ set)) { 1.70 + hostapd_logger(hapd, sta->addr, 1.71 + HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, 1.72 + "Could not %s STA to kernel driver", 1.73 +- sta->added_unassoc ? "set" : "add"); 1.74 ++ set ? "set" : "add"); 1.75 + 1.76 + if (sta->added_unassoc) { 1.77 + hostapd_drv_sta_remove(hapd, sta->addr); 1.78 +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c 1.79 +index 3587086..707971d 100644 1.80 +--- a/src/ap/wpa_auth.c 1.81 ++++ b/src/ap/wpa_auth.c 1.82 +@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) 1.83 + #else /* CONFIG_IEEE80211R */ 1.84 + break; 1.85 + #endif /* CONFIG_IEEE80211R */ 1.86 ++ case WPA_DRV_STA_REMOVED: 1.87 ++ sm->tk_already_set = FALSE; 1.88 ++ return 0; 1.89 + } 1.90 + 1.91 + #ifdef CONFIG_IEEE80211R 1.92 +@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) 1.93 + } 1.94 + 1.95 + 1.96 ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) 1.97 ++{ 1.98 ++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) 1.99 ++ return 0; 1.100 ++ return sm->tk_already_set; 1.101 ++} 1.102 ++ 1.103 ++ 1.104 + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, 1.105 + struct rsn_pmksa_cache_entry *entry) 1.106 + { 1.107 +diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h 1.108 +index 0de8d97..97461b0 100644 1.109 +--- a/src/ap/wpa_auth.h 1.110 ++++ b/src/ap/wpa_auth.h 1.111 +@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, 1.112 + u8 *data, size_t data_len); 1.113 + enum wpa_event { 1.114 + WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, 1.115 +- WPA_REAUTH_EAPOL, WPA_ASSOC_FT 1.116 ++ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED 1.117 + }; 1.118 + void wpa_remove_ptk(struct wpa_state_machine *sm); 1.119 + int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); 1.120 +@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm); 1.121 + int wpa_auth_get_pairwise(struct wpa_state_machine *sm); 1.122 + int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); 1.123 + int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); 1.124 ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); 1.125 + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, 1.126 + struct rsn_pmksa_cache_entry *entry); 1.127 + struct rsn_pmksa_cache_entry * 1.128 +diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c 1.129 +index 42242a5..e63b99a 100644 1.130 +--- a/src/ap/wpa_auth_ft.c 1.131 ++++ b/src/ap/wpa_auth_ft.c 1.132 +@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) 1.133 + return; 1.134 + } 1.135 + 1.136 ++ if (sm->tk_already_set) { 1.137 ++ /* Must avoid TK reconfiguration to prevent clearing of TX/RX 1.138 ++ * PN in the driver */ 1.139 ++ wpa_printf(MSG_DEBUG, 1.140 ++ "FT: Do not re-install same PTK to the driver"); 1.141 ++ return; 1.142 ++ } 1.143 ++ 1.144 + /* FIX: add STA entry to kernel/driver here? The set_key will fail 1.145 + * most likely without this.. At the moment, STA entry is added only 1.146 + * after association has been completed. This function will be called 1.147 +@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) 1.148 + 1.149 + /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ 1.150 + sm->pairwise_set = TRUE; 1.151 ++ sm->tk_already_set = TRUE; 1.152 + } 1.153 + 1.154 + 1.155 +@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, 1.156 + 1.157 + sm->pairwise = pairwise; 1.158 + sm->PTK_valid = TRUE; 1.159 ++ sm->tk_already_set = FALSE; 1.160 + wpa_ft_install_ptk(sm); 1.161 + 1.162 + buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + 1.163 +diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h 1.164 +index 72b7eb3..7fd8f05 100644 1.165 +--- a/src/ap/wpa_auth_i.h 1.166 ++++ b/src/ap/wpa_auth_i.h 1.167 +@@ -65,6 +65,7 @@ struct wpa_state_machine { 1.168 + struct wpa_ptk PTK; 1.169 + Boolean PTK_valid; 1.170 + Boolean pairwise_set; 1.171 ++ Boolean tk_already_set; 1.172 + int keycount; 1.173 + Boolean Pair; 1.174 + struct wpa_key_replay_counter { 1.175 +-- 1.176 +2.7.4 1.177 +