登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 25

jinjin/wpa_supplicant

forked from src-openEuler/wpa_supplicant 
代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 6.07 KB
一键复制 编辑 原始数据 按行查看 历史
hexiaowen 提交于 2019-09-30 11:19 . Package init
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174
From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001

From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>

Date: Fri, 14 Jul 2017 15:15:35 +0200

Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake



Do not reinstall TK to the driver during Reassociation Response frame

processing if the first attempt of setting the TK succeeded. This avoids

issues related to clearing the TX/RX PN that could result in reusing

same PN values for transmitted frames (e.g., due to CCM nonce reuse and

also hitting replay protection on the receiver) and accepting replayed

frames on RX side.



This issue was introduced by the commit

0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in

authenticator') which allowed wpa_ft_install_ptk() to be called multiple

times with the same PTK. While the second configuration attempt is

needed with some drivers, it must be done only if the first attempt

failed.



Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>

---

 src/ap/ieee802_11.c  | 16 +++++++++++++---

 src/ap/wpa_auth.c    | 11 +++++++++++

 src/ap/wpa_auth.h    |  3 ++-

 src/ap/wpa_auth_ft.c | 10 ++++++++++

 src/ap/wpa_auth_i.h  |  1 +

 5 files changed, 37 insertions(+), 4 deletions(-)



diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c

index 4e04169..333035f 100644

--- a/src/ap/ieee802_11.c

+++ b/src/ap/ieee802_11.c

@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,

 {

 	struct ieee80211_ht_capabilities ht_cap;

 	struct ieee80211_vht_capabilities vht_cap;

+	int set = 1;

 

 	/*

 	 * Remove the STA entry to ensure the STA PS state gets cleared and

@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,

 	 * FT-over-the-DS, where a station re-associates back to the same AP but

 	 * skips the authentication flow, or if working with a driver that

 	 * does not support full AP client state.

+	 *

+	 * Skip this if the STA has already completed FT reassociation and the

+	 * TK has been configured since the TX/RX PN must not be reset to 0 for

+	 * the same key.

 	 */

-	if (!sta->added_unassoc)

+	if (!sta->added_unassoc &&

+	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||

+	     !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {

 		hostapd_drv_sta_remove(hapd, sta->addr);

+		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);

+		set = 0;

+	}

 

 #ifdef CONFIG_IEEE80211N

 	if (sta->flags & WLAN_STA_HT)

@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,

 			    sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,

 			    sta->flags | WLAN_STA_ASSOC, sta->qosinfo,

 			    sta->vht_opmode, sta->p2p_ie ? 1 : 0,

-			    sta->added_unassoc)) {

+			    set)) {

 		hostapd_logger(hapd, sta->addr,

 			       HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,

 			       "Could not %s STA to kernel driver",

-			       sta->added_unassoc ? "set" : "add");

+			       set ? "set" : "add");

 

 		if (sta->added_unassoc) {

 			hostapd_drv_sta_remove(hapd, sta->addr);

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c

index 3587086..707971d 100644

--- a/src/ap/wpa_auth.c

+++ b/src/ap/wpa_auth.c

@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)

 #else /* CONFIG_IEEE80211R */

 		break;

 #endif /* CONFIG_IEEE80211R */

+	case WPA_DRV_STA_REMOVED:

+		sm->tk_already_set = FALSE;

+		return 0;

 	}

 

 #ifdef CONFIG_IEEE80211R

@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)

 }

 

 

+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)

+{

+	if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))

+		return 0;

+	return sm->tk_already_set;

+}

+

+

 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,

 			     struct rsn_pmksa_cache_entry *entry)

 {

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h

index 0de8d97..97461b0 100644

--- a/src/ap/wpa_auth.h

+++ b/src/ap/wpa_auth.h

@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,

 		 u8 *data, size_t data_len);

 enum wpa_event {

 	WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,

-	WPA_REAUTH_EAPOL, WPA_ASSOC_FT

+	WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED

 };

 void wpa_remove_ptk(struct wpa_state_machine *sm);

 int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);

@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);

 int wpa_auth_get_pairwise(struct wpa_state_machine *sm);

 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);

 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);

+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);

 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,

 			     struct rsn_pmksa_cache_entry *entry);

 struct rsn_pmksa_cache_entry *

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c

index 42242a5..e63b99a 100644

--- a/src/ap/wpa_auth_ft.c

+++ b/src/ap/wpa_auth_ft.c

@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)

 		return;

 	}

 

+	if (sm->tk_already_set) {

+		/* Must avoid TK reconfiguration to prevent clearing of TX/RX

+		 * PN in the driver */

+		wpa_printf(MSG_DEBUG,

+			   "FT: Do not re-install same PTK to the driver");

+		return;

+	}

+

 	/* FIX: add STA entry to kernel/driver here? The set_key will fail

 	 * most likely without this.. At the moment, STA entry is added only

 	 * after association has been completed. This function will be called

@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)

 

 	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */

 	sm->pairwise_set = TRUE;

+	sm->tk_already_set = TRUE;

 }

 

 

@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,

 

 	sm->pairwise = pairwise;

 	sm->PTK_valid = TRUE;

+	sm->tk_already_set = FALSE;

 	wpa_ft_install_ptk(sm);

 

 	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +

diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h

index 72b7eb3..7fd8f05 100644

--- a/src/ap/wpa_auth_i.h

+++ b/src/ap/wpa_auth_i.h

@@ -65,6 +65,7 @@ struct wpa_state_machine {

 	struct wpa_ptk PTK;

 	Boolean PTK_valid;

 	Boolean pairwise_set;

+	Boolean tk_already_set;

 	int keycount;

 	Boolean Pair;

 	struct wpa_key_replay_counter {

-- 

2.7.4
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/yanglijin/wpa_supplicant.git
git@gitee.com:yanglijin/wpa_supplicant.git
yanglijin
wpa_supplicant
wpa_supplicant
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部