wok-current diff wpa_supplicant/stuff/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch @ rev 25040

cups-filters: use standard c++14
author Hans-G?nter Theisgen
date Fri May 27 07:47:27 2022 +0100 (2022-05-27)
parents
children
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/wpa_supplicant/stuff/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch	Fri May 27 07:47:27 2022 +0100
     1.3 @@ -0,0 +1,174 @@
     1.4 +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
     1.5 +From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
     1.6 +Date: Fri, 14 Jul 2017 15:15:35 +0200
     1.7 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
     1.8 +
     1.9 +Do not reinstall TK to the driver during Reassociation Response frame
    1.10 +processing if the first attempt of setting the TK succeeded. This avoids
    1.11 +issues related to clearing the TX/RX PN that could result in reusing
    1.12 +same PN values for transmitted frames (e.g., due to CCM nonce reuse and
    1.13 +also hitting replay protection on the receiver) and accepting replayed
    1.14 +frames on RX side.
    1.15 +
    1.16 +This issue was introduced by the commit
    1.17 +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
    1.18 +authenticator') which allowed wpa_ft_install_ptk() to be called multiple
    1.19 +times with the same PTK. While the second configuration attempt is
    1.20 +needed with some drivers, it must be done only if the first attempt
    1.21 +failed.
    1.22 +
    1.23 +Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
    1.24 +---
    1.25 + src/ap/ieee802_11.c  | 16 +++++++++++++---
    1.26 + src/ap/wpa_auth.c    | 11 +++++++++++
    1.27 + src/ap/wpa_auth.h    |  3 ++-
    1.28 + src/ap/wpa_auth_ft.c | 10 ++++++++++
    1.29 + src/ap/wpa_auth_i.h  |  1 +
    1.30 + 5 files changed, 37 insertions(+), 4 deletions(-)
    1.31 +
    1.32 +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
    1.33 +index 4e04169..333035f 100644
    1.34 +--- a/src/ap/ieee802_11.c
    1.35 ++++ b/src/ap/ieee802_11.c
    1.36 +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
    1.37 + {
    1.38 + 	struct ieee80211_ht_capabilities ht_cap;
    1.39 + 	struct ieee80211_vht_capabilities vht_cap;
    1.40 ++	int set = 1;
    1.41 + 
    1.42 + 	/*
    1.43 + 	 * Remove the STA entry to ensure the STA PS state gets cleared and
    1.44 +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
    1.45 + 	 * FT-over-the-DS, where a station re-associates back to the same AP but
    1.46 + 	 * skips the authentication flow, or if working with a driver that
    1.47 + 	 * does not support full AP client state.
    1.48 ++	 *
    1.49 ++	 * Skip this if the STA has already completed FT reassociation and the
    1.50 ++	 * TK has been configured since the TX/RX PN must not be reset to 0 for
    1.51 ++	 * the same key.
    1.52 + 	 */
    1.53 +-	if (!sta->added_unassoc)
    1.54 ++	if (!sta->added_unassoc &&
    1.55 ++	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
    1.56 ++	     !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
    1.57 + 		hostapd_drv_sta_remove(hapd, sta->addr);
    1.58 ++		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
    1.59 ++		set = 0;
    1.60 ++	}
    1.61 + 
    1.62 + #ifdef CONFIG_IEEE80211N
    1.63 + 	if (sta->flags & WLAN_STA_HT)
    1.64 +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
    1.65 + 			    sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
    1.66 + 			    sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
    1.67 + 			    sta->vht_opmode, sta->p2p_ie ? 1 : 0,
    1.68 +-			    sta->added_unassoc)) {
    1.69 ++			    set)) {
    1.70 + 		hostapd_logger(hapd, sta->addr,
    1.71 + 			       HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
    1.72 + 			       "Could not %s STA to kernel driver",
    1.73 +-			       sta->added_unassoc ? "set" : "add");
    1.74 ++			       set ? "set" : "add");
    1.75 + 
    1.76 + 		if (sta->added_unassoc) {
    1.77 + 			hostapd_drv_sta_remove(hapd, sta->addr);
    1.78 +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
    1.79 +index 3587086..707971d 100644
    1.80 +--- a/src/ap/wpa_auth.c
    1.81 ++++ b/src/ap/wpa_auth.c
    1.82 +@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
    1.83 + #else /* CONFIG_IEEE80211R */
    1.84 + 		break;
    1.85 + #endif /* CONFIG_IEEE80211R */
    1.86 ++	case WPA_DRV_STA_REMOVED:
    1.87 ++		sm->tk_already_set = FALSE;
    1.88 ++		return 0;
    1.89 + 	}
    1.90 + 
    1.91 + #ifdef CONFIG_IEEE80211R
    1.92 +@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
    1.93 + }
    1.94 + 
    1.95 + 
    1.96 ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
    1.97 ++{
    1.98 ++	if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
    1.99 ++		return 0;
   1.100 ++	return sm->tk_already_set;
   1.101 ++}
   1.102 ++
   1.103 ++
   1.104 + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
   1.105 + 			     struct rsn_pmksa_cache_entry *entry)
   1.106 + {
   1.107 +diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
   1.108 +index 0de8d97..97461b0 100644
   1.109 +--- a/src/ap/wpa_auth.h
   1.110 ++++ b/src/ap/wpa_auth.h
   1.111 +@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
   1.112 + 		 u8 *data, size_t data_len);
   1.113 + enum wpa_event {
   1.114 + 	WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
   1.115 +-	WPA_REAUTH_EAPOL, WPA_ASSOC_FT
   1.116 ++	WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
   1.117 + };
   1.118 + void wpa_remove_ptk(struct wpa_state_machine *sm);
   1.119 + int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
   1.120 +@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
   1.121 + int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
   1.122 + int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
   1.123 + int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
   1.124 ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
   1.125 + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
   1.126 + 			     struct rsn_pmksa_cache_entry *entry);
   1.127 + struct rsn_pmksa_cache_entry *
   1.128 +diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
   1.129 +index 42242a5..e63b99a 100644
   1.130 +--- a/src/ap/wpa_auth_ft.c
   1.131 ++++ b/src/ap/wpa_auth_ft.c
   1.132 +@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
   1.133 + 		return;
   1.134 + 	}
   1.135 + 
   1.136 ++	if (sm->tk_already_set) {
   1.137 ++		/* Must avoid TK reconfiguration to prevent clearing of TX/RX
   1.138 ++		 * PN in the driver */
   1.139 ++		wpa_printf(MSG_DEBUG,
   1.140 ++			   "FT: Do not re-install same PTK to the driver");
   1.141 ++		return;
   1.142 ++	}
   1.143 ++
   1.144 + 	/* FIX: add STA entry to kernel/driver here? The set_key will fail
   1.145 + 	 * most likely without this.. At the moment, STA entry is added only
   1.146 + 	 * after association has been completed. This function will be called
   1.147 +@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
   1.148 + 
   1.149 + 	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
   1.150 + 	sm->pairwise_set = TRUE;
   1.151 ++	sm->tk_already_set = TRUE;
   1.152 + }
   1.153 + 
   1.154 + 
   1.155 +@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
   1.156 + 
   1.157 + 	sm->pairwise = pairwise;
   1.158 + 	sm->PTK_valid = TRUE;
   1.159 ++	sm->tk_already_set = FALSE;
   1.160 + 	wpa_ft_install_ptk(sm);
   1.161 + 
   1.162 + 	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
   1.163 +diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
   1.164 +index 72b7eb3..7fd8f05 100644
   1.165 +--- a/src/ap/wpa_auth_i.h
   1.166 ++++ b/src/ap/wpa_auth_i.h
   1.167 +@@ -65,6 +65,7 @@ struct wpa_state_machine {
   1.168 + 	struct wpa_ptk PTK;
   1.169 + 	Boolean PTK_valid;
   1.170 + 	Boolean pairwise_set;
   1.171 ++	Boolean tk_already_set;
   1.172 + 	int keycount;
   1.173 + 	Boolean Pair;
   1.174 + 	struct wpa_key_replay_counter {
   1.175 +-- 
   1.176 +2.7.4
   1.177 +