apply patches from upstream, namely from https://w1.fi/security/2017-1/ : rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 02-Oct-2017 16:19 6.1K rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch 02-Oct-2017 16:19 7.7K rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch 02-Oct-2017 16:19 6.7K rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch 02-Oct-2017 16:19 2.5K rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch 02-Oct-2017 16:19 1.9K rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch 02-Oct-2017 16:19 4.2K rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch 02-Oct-2017 16:19 1.6K rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch 02-Oct-2017 16:19 2.7K for CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 (see https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt for details)diff -r1.1.1.7 -r1.2 src/external/bsd/wpa/dist/src/ap/ieee802_11.c
(spz)
--- src/external/bsd/wpa/dist/src/ap/ieee802_11.c 2016/11/21 16:42:50 1.1.1.7
+++ src/external/bsd/wpa/dist/src/ap/ieee802_11.c 2017/10/16 17:36:16 1.2
@@ -1831,63 +1831,73 @@ static void send_deauth(struct hostapd_d | @@ -1831,63 +1831,73 @@ static void send_deauth(struct hostapd_d | |||
1831 | reply.u.deauth.reason_code = host_to_le16(reason_code); | 1831 | reply.u.deauth.reason_code = host_to_le16(reason_code); | |
1832 | 1832 | |||
1833 | if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0) | 1833 | if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0) | |
1834 | wpa_printf(MSG_INFO, "Failed to send deauth: %s", | 1834 | wpa_printf(MSG_INFO, "Failed to send deauth: %s", | |
1835 | strerror(errno)); | 1835 | strerror(errno)); | |
1836 | } | 1836 | } | |
1837 | 1837 | |||
1838 | 1838 | |||
1839 | static int add_associated_sta(struct hostapd_data *hapd, | 1839 | static int add_associated_sta(struct hostapd_data *hapd, | |
1840 | struct sta_info *sta) | 1840 | struct sta_info *sta) | |
1841 | { | 1841 | { | |
1842 | struct ieee80211_ht_capabilities ht_cap; | 1842 | struct ieee80211_ht_capabilities ht_cap; | |
1843 | struct ieee80211_vht_capabilities vht_cap; | 1843 | struct ieee80211_vht_capabilities vht_cap; | |
1844 | int set = 1; | |||
1844 | 1845 | |||
1845 | /* | 1846 | /* | |
1846 | * Remove the STA entry to ensure the STA PS state gets cleared and | 1847 | * Remove the STA entry to ensure the STA PS state gets cleared and | |
1847 | * configuration gets updated. This is relevant for cases, such as | 1848 | * configuration gets updated. This is relevant for cases, such as | |
1848 | * FT-over-the-DS, where a station re-associates back to the same AP but | 1849 | * FT-over-the-DS, where a station re-associates back to the same AP but | |
1849 | * skips the authentication flow, or if working with a driver that | 1850 | * skips the authentication flow, or if working with a driver that | |
1850 | * does not support full AP client state. | 1851 | * does not support full AP client state. | |
1852 | * | |||
1853 | * Skip this if the STA has already completed FT reassociation and the | |||
1854 | * TK has been configured since the TX/RX PN must not be reset to 0 for | |||
1855 | * the same key. | |||
1851 | */ | 1856 | */ | |
1852 | if (!sta->added_unassoc) | 1857 | if (!sta->added_unassoc && | |
1858 | (!(sta->flags & WLAN_STA_AUTHORIZED) || | |||
1859 | !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { | |||
1853 | hostapd_drv_sta_remove(hapd, sta->addr); | 1860 | hostapd_drv_sta_remove(hapd, sta->addr); | |
1861 | wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); | |||
1862 | set = 0; | |||
1863 | } | |||
1854 | 1864 | |||
1855 | #ifdef CONFIG_IEEE80211N | 1865 | #ifdef CONFIG_IEEE80211N | |
1856 | if (sta->flags & WLAN_STA_HT) | 1866 | if (sta->flags & WLAN_STA_HT) | |
1857 | hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap); | 1867 | hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap); | |
1858 | #endif /* CONFIG_IEEE80211N */ | 1868 | #endif /* CONFIG_IEEE80211N */ | |
1859 | #ifdef CONFIG_IEEE80211AC | 1869 | #ifdef CONFIG_IEEE80211AC | |
1860 | if (sta->flags & WLAN_STA_VHT) | 1870 | if (sta->flags & WLAN_STA_VHT) | |
1861 | hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap); | 1871 | hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap); | |
1862 | #endif /* CONFIG_IEEE80211AC */ | 1872 | #endif /* CONFIG_IEEE80211AC */ | |
1863 | 1873 | |||
1864 | /* | 1874 | /* | |
1865 | * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags | 1875 | * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags | |
1866 | * will be set when the ACK frame for the (Re)Association Response frame | 1876 | * will be set when the ACK frame for the (Re)Association Response frame | |
1867 | * is processed (TX status driver event). | 1877 | * is processed (TX status driver event). | |
1868 | */ | 1878 | */ | |
1869 | if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability, | 1879 | if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability, | |
1870 | sta->supported_rates, sta->supported_rates_len, | 1880 | sta->supported_rates, sta->supported_rates_len, | |
1871 | sta->listen_interval, | 1881 | sta->listen_interval, | |
1872 | sta->flags & WLAN_STA_HT ? &ht_cap : NULL, | 1882 | sta->flags & WLAN_STA_HT ? &ht_cap : NULL, | |
1873 | sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, | 1883 | sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, | |
1874 | sta->flags | WLAN_STA_ASSOC, sta->qosinfo, | 1884 | sta->flags | WLAN_STA_ASSOC, sta->qosinfo, | |
1875 | sta->vht_opmode, sta->p2p_ie ? 1 : 0, | 1885 | sta->vht_opmode, sta->p2p_ie ? 1 : 0, | |
1876 | sta->added_unassoc)) { | 1886 | set)) { | |
1877 | hostapd_logger(hapd, sta->addr, | 1887 | hostapd_logger(hapd, sta->addr, | |
1878 | HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, | 1888 | HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, | |
1879 | "Could not %s STA to kernel driver", | 1889 | "Could not %s STA to kernel driver", | |
1880 | sta->added_unassoc ? "set" : "add"); | 1890 | set ? "set" : "add"); | |
1881 | 1891 | |||
1882 | if (sta->added_unassoc) { | 1892 | if (sta->added_unassoc) { | |
1883 | hostapd_drv_sta_remove(hapd, sta->addr); | 1893 | hostapd_drv_sta_remove(hapd, sta->addr); | |
1884 | sta->added_unassoc = 0; | 1894 | sta->added_unassoc = 0; | |
1885 | } | 1895 | } | |
1886 | 1896 | |||
1887 | return -1; | 1897 | return -1; | |
1888 | } | 1898 | } | |
1889 | 1899 | |||
1890 | sta->added_unassoc = 0; | 1900 | sta->added_unassoc = 0; | |
1891 | 1901 | |||
1892 | return 0; | 1902 | return 0; | |
1893 | } | 1903 | } |
--- src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c 2016/11/21 16:42:50 1.1.1.7
+++ src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c 2017/10/16 17:36:16 1.2
@@ -770,38 +770,47 @@ void wpa_ft_install_ptk(struct wpa_state | @@ -770,38 +770,47 @@ void wpa_ft_install_ptk(struct wpa_state | |||
770 | { | 770 | { | |
771 | enum wpa_alg alg; | 771 | enum wpa_alg alg; | |
772 | int klen; | 772 | int klen; | |
773 | 773 | |||
774 | /* MLME-SETKEYS.request(PTK) */ | 774 | /* MLME-SETKEYS.request(PTK) */ | |
775 | alg = wpa_cipher_to_alg(sm->pairwise); | 775 | alg = wpa_cipher_to_alg(sm->pairwise); | |
776 | klen = wpa_cipher_key_len(sm->pairwise); | 776 | klen = wpa_cipher_key_len(sm->pairwise); | |
777 | if (!wpa_cipher_valid_pairwise(sm->pairwise)) { | 777 | if (!wpa_cipher_valid_pairwise(sm->pairwise)) { | |
778 | wpa_printf(MSG_DEBUG, "FT: Unknown pairwise alg 0x%x - skip " | 778 | wpa_printf(MSG_DEBUG, "FT: Unknown pairwise alg 0x%x - skip " | |
779 | "PTK configuration", sm->pairwise); | 779 | "PTK configuration", sm->pairwise); | |
780 | return; | 780 | return; | |
781 | } | 781 | } | |
782 | 782 | |||
783 | if (sm->tk_already_set) { | |||
784 | /* Must avoid TK reconfiguration to prevent clearing of TX/RX | |||
785 | * PN in the driver */ | |||
786 | wpa_printf(MSG_DEBUG, | |||
787 | "FT: Do not re-install same PTK to the driver"); | |||
788 | return; | |||
789 | } | |||
790 | ||||
783 | /* FIX: add STA entry to kernel/driver here? The set_key will fail | 791 | /* FIX: add STA entry to kernel/driver here? The set_key will fail | |
784 | * most likely without this.. At the moment, STA entry is added only | 792 | * most likely without this.. At the moment, STA entry is added only | |
785 | * after association has been completed. This function will be called | 793 | * after association has been completed. This function will be called | |
786 | * again after association to get the PTK configured, but that could be | 794 | * again after association to get the PTK configured, but that could be | |
787 | * optimized by adding the STA entry earlier. | 795 | * optimized by adding the STA entry earlier. | |
788 | */ | 796 | */ | |
789 | if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0, | 797 | if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0, | |
790 | sm->PTK.tk, klen)) | 798 | sm->PTK.tk, klen)) | |
791 | return; | 799 | return; | |
792 | 800 | |||
793 | /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ | 801 | /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ | |
794 | sm->pairwise_set = TRUE; | 802 | sm->pairwise_set = TRUE; | |
803 | sm->tk_already_set = TRUE; | |||
795 | } | 804 | } | |
796 | 805 | |||
797 | 806 | |||
798 | static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, | 807 | static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, | |
799 | const u8 *ies, size_t ies_len, | 808 | const u8 *ies, size_t ies_len, | |
800 | u8 **resp_ies, size_t *resp_ies_len) | 809 | u8 **resp_ies, size_t *resp_ies_len) | |
801 | { | 810 | { | |
802 | struct rsn_mdie *mdie; | 811 | struct rsn_mdie *mdie; | |
803 | struct rsn_ftie *ftie; | 812 | struct rsn_ftie *ftie; | |
804 | u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN]; | 813 | u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN]; | |
805 | u8 ptk_name[WPA_PMK_NAME_LEN]; | 814 | u8 ptk_name[WPA_PMK_NAME_LEN]; | |
806 | struct wpa_auth_config *conf; | 815 | struct wpa_auth_config *conf; | |
807 | struct wpa_ft_ies parse; | 816 | struct wpa_ft_ies parse; | |
@@ -888,26 +897,27 @@ static int wpa_ft_process_auth_req(struc | @@ -888,26 +897,27 @@ static int wpa_ft_process_auth_req(struc | |||
888 | wpa_hexdump(MSG_DEBUG, "FT: Received SNonce", | 897 | wpa_hexdump(MSG_DEBUG, "FT: Received SNonce", | |
889 | sm->SNonce, WPA_NONCE_LEN); | 898 | sm->SNonce, WPA_NONCE_LEN); | |
890 | wpa_hexdump(MSG_DEBUG, "FT: Generated ANonce", | 899 | wpa_hexdump(MSG_DEBUG, "FT: Generated ANonce", | |
891 | sm->ANonce, WPA_NONCE_LEN); | 900 | sm->ANonce, WPA_NONCE_LEN); | |
892 | 901 | |||
893 | if (wpa_pmk_r1_to_ptk(pmk_r1, sm->SNonce, sm->ANonce, sm->addr, | 902 | if (wpa_pmk_r1_to_ptk(pmk_r1, sm->SNonce, sm->ANonce, sm->addr, | |
894 | sm->wpa_auth->addr, pmk_r1_name, | 903 | sm->wpa_auth->addr, pmk_r1_name, | |
895 | &sm->PTK, ptk_name, sm->wpa_key_mgmt, | 904 | &sm->PTK, ptk_name, sm->wpa_key_mgmt, | |
896 | pairwise) < 0) | 905 | pairwise) < 0) | |
897 | return WLAN_STATUS_UNSPECIFIED_FAILURE; | 906 | return WLAN_STATUS_UNSPECIFIED_FAILURE; | |
898 | 907 | |||
899 | sm->pairwise = pairwise; | 908 | sm->pairwise = pairwise; | |
900 | sm->PTK_valid = TRUE; | 909 | sm->PTK_valid = TRUE; | |
910 | sm->tk_already_set = FALSE; | |||
901 | wpa_ft_install_ptk(sm); | 911 | wpa_ft_install_ptk(sm); | |
902 | 912 | |||
903 | buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + | 913 | buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + | |
904 | 2 + FT_R1KH_ID_LEN + 200; | 914 | 2 + FT_R1KH_ID_LEN + 200; | |
905 | *resp_ies = os_zalloc(buflen); | 915 | *resp_ies = os_zalloc(buflen); | |
906 | if (*resp_ies == NULL) { | 916 | if (*resp_ies == NULL) { | |
907 | return WLAN_STATUS_UNSPECIFIED_FAILURE; | 917 | return WLAN_STATUS_UNSPECIFIED_FAILURE; | |
908 | } | 918 | } | |
909 | 919 | |||
910 | pos = *resp_ies; | 920 | pos = *resp_ies; | |
911 | end = *resp_ies + buflen; | 921 | end = *resp_ies + buflen; | |
912 | 922 | |||
913 | ret = wpa_write_rsn_ie(conf, pos, end - pos, parse.rsn_pmkid); | 923 | ret = wpa_write_rsn_ie(conf, pos, end - pos, parse.rsn_pmkid); |
--- src/external/bsd/wpa/dist/src/ap/wpa_auth.c 2016/11/21 20:15:17 1.9
+++ src/external/bsd/wpa/dist/src/ap/wpa_auth.c 2017/10/16 17:36:16 1.10
@@ -1735,26 +1735,29 @@ int wpa_auth_sm_event(struct wpa_state_m | @@ -1735,26 +1735,29 @@ int wpa_auth_sm_event(struct wpa_state_m | |||
1735 | break; | 1735 | break; | |
1736 | case WPA_ASSOC_FT: | 1736 | case WPA_ASSOC_FT: | |
1737 | #ifdef CONFIG_IEEE80211R | 1737 | #ifdef CONFIG_IEEE80211R | |
1738 | wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration " | 1738 | wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration " | |
1739 | "after association"); | 1739 | "after association"); | |
1740 | wpa_ft_install_ptk(sm); | 1740 | wpa_ft_install_ptk(sm); | |
1741 | 1741 | |||
1742 | /* Using FT protocol, not WPA auth state machine */ | 1742 | /* Using FT protocol, not WPA auth state machine */ | |
1743 | sm->ft_completed = 1; | 1743 | sm->ft_completed = 1; | |
1744 | return 0; | 1744 | return 0; | |
1745 | #else /* CONFIG_IEEE80211R */ | 1745 | #else /* CONFIG_IEEE80211R */ | |
1746 | break; | 1746 | break; | |
1747 | #endif /* CONFIG_IEEE80211R */ | 1747 | #endif /* CONFIG_IEEE80211R */ | |
1748 | case WPA_DRV_STA_REMOVED: | |||
1749 | sm->tk_already_set = FALSE; | |||
1750 | return 0; | |||
1748 | } | 1751 | } | |
1749 | 1752 | |||
1750 | #ifdef CONFIG_IEEE80211R | 1753 | #ifdef CONFIG_IEEE80211R | |
1751 | sm->ft_completed = 0; | 1754 | sm->ft_completed = 0; | |
1752 | #endif /* CONFIG_IEEE80211R */ | 1755 | #endif /* CONFIG_IEEE80211R */ | |
1753 | 1756 | |||
1754 | #ifdef CONFIG_IEEE80211W | 1757 | #ifdef CONFIG_IEEE80211W | |
1755 | if (sm->mgmt_frame_prot && event == WPA_AUTH) | 1758 | if (sm->mgmt_frame_prot && event == WPA_AUTH) | |
1756 | remove_ptk = 0; | 1759 | remove_ptk = 0; | |
1757 | #endif /* CONFIG_IEEE80211W */ | 1760 | #endif /* CONFIG_IEEE80211W */ | |
1758 | 1761 | |||
1759 | if (remove_ptk) { | 1762 | if (remove_ptk) { | |
1760 | sm->PTK_valid = FALSE; | 1763 | sm->PTK_valid = FALSE; | |
@@ -1888,26 +1891,41 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) | @@ -1888,26 +1891,41 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) | |||
1888 | sm->Disconnect = TRUE; | 1891 | sm->Disconnect = TRUE; | |
1889 | return; | 1892 | return; | |
1890 | } | 1893 | } | |
1891 | wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce, | 1894 | wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce, | |
1892 | WPA_NONCE_LEN); | 1895 | WPA_NONCE_LEN); | |
1893 | /* IEEE 802.11i does not clear TimeoutCtr here, but this is more | 1896 | /* IEEE 802.11i does not clear TimeoutCtr here, but this is more | |
1894 | * logical place than INITIALIZE since AUTHENTICATION2 can be | 1897 | * logical place than INITIALIZE since AUTHENTICATION2 can be | |
1895 | * re-entered on ReAuthenticationRequest without going through | 1898 | * re-entered on ReAuthenticationRequest without going through | |
1896 | * INITIALIZE. */ | 1899 | * INITIALIZE. */ | |
1897 | sm->TimeoutCtr = 0; | 1900 | sm->TimeoutCtr = 0; | |
1898 | } | 1901 | } | |
1899 | 1902 | |||
1900 | 1903 | |||
1904 | static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) | |||
1905 | { | |||
1906 | if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { | |||
1907 | wpa_printf(MSG_ERROR, | |||
1908 | "WPA: Failed to get random data for ANonce"); | |||
1909 | sm->Disconnect = TRUE; | |||
1910 | return -1; | |||
1911 | } | |||
1912 | wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, | |||
1913 | WPA_NONCE_LEN); | |||
1914 | sm->TimeoutCtr = 0; | |||
1915 | return 0; | |||
1916 | } | |||
1917 | ||||
1918 | ||||
1901 | SM_STATE(WPA_PTK, INITPMK) | 1919 | SM_STATE(WPA_PTK, INITPMK) | |
1902 | { | 1920 | { | |
1903 | u8 msk[2 * PMK_LEN]; | 1921 | u8 msk[2 * PMK_LEN]; | |
1904 | size_t len = 2 * PMK_LEN; | 1922 | size_t len = 2 * PMK_LEN; | |
1905 | 1923 | |||
1906 | SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk); | 1924 | SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk); | |
1907 | #ifdef CONFIG_IEEE80211R | 1925 | #ifdef CONFIG_IEEE80211R | |
1908 | sm->xxkey_len = 0; | 1926 | sm->xxkey_len = 0; | |
1909 | #endif /* CONFIG_IEEE80211R */ | 1927 | #endif /* CONFIG_IEEE80211R */ | |
1910 | if (sm->pmksa) { | 1928 | if (sm->pmksa) { | |
1911 | wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache"); | 1929 | wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache"); | |
1912 | os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len); | 1930 | os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len); | |
1913 | sm->pmk_len = sm->pmksa->pmk_len; | 1931 | sm->pmk_len = sm->pmksa->pmk_len; | |
@@ -2445,29 +2463,32 @@ SM_STEP(WPA_PTK) | @@ -2445,29 +2463,32 @@ SM_STEP(WPA_PTK) | |||
2445 | SM_ENTER(WPA_PTK, INITIALIZE); | 2463 | SM_ENTER(WPA_PTK, INITIALIZE); | |
2446 | else if (sm->Disconnect | 2464 | else if (sm->Disconnect | |
2447 | /* || FIX: dot11RSNAConfigSALifetime timeout */) { | 2465 | /* || FIX: dot11RSNAConfigSALifetime timeout */) { | |
2448 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, | 2466 | wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, | |
2449 | "WPA_PTK: sm->Disconnect"); | 2467 | "WPA_PTK: sm->Disconnect"); | |
2450 | SM_ENTER(WPA_PTK, DISCONNECT); | 2468 | SM_ENTER(WPA_PTK, DISCONNECT); | |
2451 | } | 2469 | } | |
2452 | else if (sm->DeauthenticationRequest) | 2470 | else if (sm->DeauthenticationRequest) | |
2453 | SM_ENTER(WPA_PTK, DISCONNECTED); | 2471 | SM_ENTER(WPA_PTK, DISCONNECTED); | |
2454 | else if (sm->AuthenticationRequest) | 2472 | else if (sm->AuthenticationRequest) | |
2455 | SM_ENTER(WPA_PTK, AUTHENTICATION); | 2473 | SM_ENTER(WPA_PTK, AUTHENTICATION); | |
2456 | else if (sm->ReAuthenticationRequest) | 2474 | else if (sm->ReAuthenticationRequest) | |
2457 | SM_ENTER(WPA_PTK, AUTHENTICATION2); | 2475 | SM_ENTER(WPA_PTK, AUTHENTICATION2); | |
2458 | else if (sm->PTKRequest) | 2476 | else if (sm->PTKRequest) { | |
2459 | SM_ENTER(WPA_PTK, PTKSTART); | 2477 | if (wpa_auth_sm_ptk_update(sm) < 0) | |
2460 | else switch (sm->wpa_ptk_state) { | 2478 | SM_ENTER(WPA_PTK, DISCONNECTED); | |
2479 | else | |||
2480 | SM_ENTER(WPA_PTK, PTKSTART); | |||
2481 | } else switch (sm->wpa_ptk_state) { | |||
2461 | case WPA_PTK_INITIALIZE: | 2482 | case WPA_PTK_INITIALIZE: | |
2462 | break; | 2483 | break; | |
2463 | case WPA_PTK_DISCONNECT: | 2484 | case WPA_PTK_DISCONNECT: | |
2464 | SM_ENTER(WPA_PTK, DISCONNECTED); | 2485 | SM_ENTER(WPA_PTK, DISCONNECTED); | |
2465 | break; | 2486 | break; | |
2466 | case WPA_PTK_DISCONNECTED: | 2487 | case WPA_PTK_DISCONNECTED: | |
2467 | SM_ENTER(WPA_PTK, INITIALIZE); | 2488 | SM_ENTER(WPA_PTK, INITIALIZE); | |
2468 | break; | 2489 | break; | |
2469 | case WPA_PTK_AUTHENTICATION: | 2490 | case WPA_PTK_AUTHENTICATION: | |
2470 | SM_ENTER(WPA_PTK, AUTHENTICATION2); | 2491 | SM_ENTER(WPA_PTK, AUTHENTICATION2); | |
2471 | break; | 2492 | break; | |
2472 | case WPA_PTK_AUTHENTICATION2: | 2493 | case WPA_PTK_AUTHENTICATION2: | |
2473 | if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) && | 2494 | if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) && | |
@@ -3240,26 +3261,34 @@ int wpa_auth_sta_key_mgmt(struct wpa_sta | @@ -3240,26 +3261,34 @@ int wpa_auth_sta_key_mgmt(struct wpa_sta | |||
3240 | return -1; | 3261 | return -1; | |
3241 | return sm->wpa_key_mgmt; | 3262 | return sm->wpa_key_mgmt; | |
3242 | } | 3263 | } | |
3243 | 3264 | |||
3244 | 3265 | |||
3245 | int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) | 3266 | int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) | |
3246 | { | 3267 | { | |
3247 | if (sm == NULL) | 3268 | if (sm == NULL) | |
3248 | return 0; | 3269 | return 0; | |
3249 | return sm->wpa; | 3270 | return sm->wpa; | |
3250 | } | 3271 | } | |
3251 | 3272 | |||
3252 | 3273 | |||
3274 | int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) | |||
3275 | { | |||
3276 | if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) | |||
3277 | return 0; | |||
3278 | return sm->tk_already_set; | |||
3279 | } | |||
3280 | ||||
3281 | ||||
3253 | int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, | 3282 | int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, | |
3254 | struct rsn_pmksa_cache_entry *entry) | 3283 | struct rsn_pmksa_cache_entry *entry) | |
3255 | { | 3284 | { | |
3256 | if (sm == NULL || sm->pmksa != entry) | 3285 | if (sm == NULL || sm->pmksa != entry) | |
3257 | return -1; | 3286 | return -1; | |
3258 | sm->pmksa = NULL; | 3287 | sm->pmksa = NULL; | |
3259 | return 0; | 3288 | return 0; | |
3260 | } | 3289 | } | |
3261 | 3290 | |||
3262 | 3291 | |||
3263 | struct rsn_pmksa_cache_entry * | 3292 | struct rsn_pmksa_cache_entry * | |
3264 | wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm) | 3293 | wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm) | |
3265 | { | 3294 | { |
--- src/external/bsd/wpa/dist/src/ap/wpa_auth.h 2016/11/21 16:42:50 1.1.1.6
+++ src/external/bsd/wpa/dist/src/ap/wpa_auth.h 2017/10/16 17:36:16 1.2
@@ -257,39 +257,40 @@ int wpa_validate_osen(struct wpa_authent | @@ -257,39 +257,40 @@ int wpa_validate_osen(struct wpa_authent | |||
257 | int wpa_auth_uses_mfp(struct wpa_state_machine *sm); | 257 | int wpa_auth_uses_mfp(struct wpa_state_machine *sm); | |
258 | struct wpa_state_machine * | 258 | struct wpa_state_machine * | |
259 | wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr, | 259 | wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr, | |
260 | const u8 *p2p_dev_addr); | 260 | const u8 *p2p_dev_addr); | |
261 | int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, | 261 | int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, | |
262 | struct wpa_state_machine *sm); | 262 | struct wpa_state_machine *sm); | |
263 | void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm); | 263 | void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm); | |
264 | void wpa_auth_sta_deinit(struct wpa_state_machine *sm); | 264 | void wpa_auth_sta_deinit(struct wpa_state_machine *sm); | |
265 | void wpa_receive(struct wpa_authenticator *wpa_auth, | 265 | void wpa_receive(struct wpa_authenticator *wpa_auth, | |
266 | struct wpa_state_machine *sm, | 266 | struct wpa_state_machine *sm, | |
267 | u8 *data, size_t data_len); | 267 | u8 *data, size_t data_len); | |
268 | enum wpa_event { | 268 | enum wpa_event { | |
269 | WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, | 269 | WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, | |
270 | WPA_REAUTH_EAPOL, WPA_ASSOC_FT | 270 | WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED | |
271 | }; | 271 | }; | |
272 | void wpa_remove_ptk(struct wpa_state_machine *sm); | 272 | void wpa_remove_ptk(struct wpa_state_machine *sm); | |
273 | int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); | 273 | int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); | |
274 | void wpa_auth_sm_notify(struct wpa_state_machine *sm); | 274 | void wpa_auth_sm_notify(struct wpa_state_machine *sm); | |
275 | void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth); | 275 | void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth); | |
276 | int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen); | 276 | int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen); | |
277 | int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen); | 277 | int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen); | |
278 | void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth); | 278 | void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth); | |
279 | int wpa_auth_pairwise_set(struct wpa_state_machine *sm); | 279 | int wpa_auth_pairwise_set(struct wpa_state_machine *sm); | |
280 | int wpa_auth_get_pairwise(struct wpa_state_machine *sm); | 280 | int wpa_auth_get_pairwise(struct wpa_state_machine *sm); | |
281 | int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); | 281 | int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); | |
282 | int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); | 282 | int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); | |
283 | int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); | |||
283 | int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, | 284 | int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, | |
284 | struct rsn_pmksa_cache_entry *entry); | 285 | struct rsn_pmksa_cache_entry *entry); | |
285 | struct rsn_pmksa_cache_entry * | 286 | struct rsn_pmksa_cache_entry * | |
286 | wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm); | 287 | wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm); | |
287 | void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm); | 288 | void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm); | |
288 | const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, | 289 | const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, | |
289 | size_t *len); | 290 | size_t *len); | |
290 | int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, | 291 | int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, | |
291 | unsigned int pmk_len, | 292 | unsigned int pmk_len, | |
292 | int session_timeout, struct eapol_state_machine *eapol); | 293 | int session_timeout, struct eapol_state_machine *eapol); | |
293 | int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, | 294 | int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, | |
294 | const u8 *pmk, size_t len, const u8 *sta_addr, | 295 | const u8 *pmk, size_t len, const u8 *sta_addr, | |
295 | int session_timeout, | 296 | int session_timeout, |
--- src/external/bsd/wpa/dist/src/ap/wpa_auth_i.h 2016/11/21 16:42:50 1.1.1.6
+++ src/external/bsd/wpa/dist/src/ap/wpa_auth_i.h 2017/10/16 17:36:16 1.2
@@ -55,26 +55,27 @@ struct wpa_state_machine { | @@ -55,26 +55,27 @@ struct wpa_state_machine { | |||
55 | Boolean EAPOLKeyPairwise; | 55 | Boolean EAPOLKeyPairwise; | |
56 | Boolean EAPOLKeyRequest; | 56 | Boolean EAPOLKeyRequest; | |
57 | Boolean MICVerified; | 57 | Boolean MICVerified; | |
58 | Boolean GUpdateStationKeys; | 58 | Boolean GUpdateStationKeys; | |
59 | u8 ANonce[WPA_NONCE_LEN]; | 59 | u8 ANonce[WPA_NONCE_LEN]; | |
60 | u8 SNonce[WPA_NONCE_LEN]; | 60 | u8 SNonce[WPA_NONCE_LEN]; | |
61 | u8 alt_SNonce[WPA_NONCE_LEN]; | 61 | u8 alt_SNonce[WPA_NONCE_LEN]; | |
62 | u8 alt_replay_counter[WPA_REPLAY_COUNTER_LEN]; | 62 | u8 alt_replay_counter[WPA_REPLAY_COUNTER_LEN]; | |
63 | u8 PMK[PMK_LEN_MAX]; | 63 | u8 PMK[PMK_LEN_MAX]; | |
64 | unsigned int pmk_len; | 64 | unsigned int pmk_len; | |
65 | struct wpa_ptk PTK; | 65 | struct wpa_ptk PTK; | |
66 | Boolean PTK_valid; | 66 | Boolean PTK_valid; | |
67 | Boolean pairwise_set; | 67 | Boolean pairwise_set; | |
68 | Boolean tk_already_set; | |||
68 | int keycount; | 69 | int keycount; | |
69 | Boolean Pair; | 70 | Boolean Pair; | |
70 | struct wpa_key_replay_counter { | 71 | struct wpa_key_replay_counter { | |
71 | u8 counter[WPA_REPLAY_COUNTER_LEN]; | 72 | u8 counter[WPA_REPLAY_COUNTER_LEN]; | |
72 | Boolean valid; | 73 | Boolean valid; | |
73 | } key_replay[RSNA_MAX_EAPOL_RETRIES], | 74 | } key_replay[RSNA_MAX_EAPOL_RETRIES], | |
74 | prev_key_replay[RSNA_MAX_EAPOL_RETRIES]; | 75 | prev_key_replay[RSNA_MAX_EAPOL_RETRIES]; | |
75 | Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i */ | 76 | Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i */ | |
76 | Boolean PTKRequest; /* not in IEEE 802.11i state machine */ | 77 | Boolean PTKRequest; /* not in IEEE 802.11i state machine */ | |
77 | Boolean has_GTK; | 78 | Boolean has_GTK; | |
78 | Boolean PtkGroupInit; /* init request for PTK Group state machine */ | 79 | Boolean PtkGroupInit; /* init request for PTK Group state machine */ | |
79 | 80 | |||
80 | u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */ | 81 | u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */ |
--- src/external/bsd/wpa/dist/src/common/wpa_common.h 2017/01/12 19:15:10 1.2
+++ src/external/bsd/wpa/dist/src/common/wpa_common.h 2017/10/16 17:36:16 1.3
@@ -208,28 +208,40 @@ struct wpa_eapol_key_192 { | @@ -208,28 +208,40 @@ struct wpa_eapol_key_192 { | |||
208 | #define WPA_TK_MAX_LEN 32 | 208 | #define WPA_TK_MAX_LEN 32 | |
209 | 209 | |||
210 | /** | 210 | /** | |
211 | * struct wpa_ptk - WPA Pairwise Transient Key | 211 | * struct wpa_ptk - WPA Pairwise Transient Key | |
212 | * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy | 212 | * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy | |
213 | */ | 213 | */ | |
214 | struct wpa_ptk { | 214 | struct wpa_ptk { | |
215 | u8 kck[WPA_KCK_MAX_LEN]; /* EAPOL-Key Key Confirmation Key (KCK) */ | 215 | u8 kck[WPA_KCK_MAX_LEN]; /* EAPOL-Key Key Confirmation Key (KCK) */ | |
216 | u8 kek[WPA_KEK_MAX_LEN]; /* EAPOL-Key Key Encryption Key (KEK) */ | 216 | u8 kek[WPA_KEK_MAX_LEN]; /* EAPOL-Key Key Encryption Key (KEK) */ | |
217 | u8 tk[WPA_TK_MAX_LEN]; /* Temporal Key (TK) */ | 217 | u8 tk[WPA_TK_MAX_LEN]; /* Temporal Key (TK) */ | |
218 | size_t kck_len; | 218 | size_t kck_len; | |
219 | size_t kek_len; | 219 | size_t kek_len; | |
220 | size_t tk_len; | 220 | size_t tk_len; | |
221 | int installed; /* 1 if key has already been installed to driver */ | |||
221 | }; | 222 | }; | |
222 | 223 | |||
224 | struct wpa_gtk { | |||
225 | u8 gtk[WPA_GTK_MAX_LEN]; | |||
226 | size_t gtk_len; | |||
227 | }; | |||
228 | ||||
229 | #ifdef CONFIG_IEEE80211W | |||
230 | struct wpa_igtk { | |||
231 | u8 igtk[WPA_IGTK_MAX_LEN]; | |||
232 | size_t igtk_len; | |||
233 | }; | |||
234 | #endif /* CONFIG_IEEE80211W */ | |||
223 | 235 | |||
224 | /* WPA IE version 1 | 236 | /* WPA IE version 1 | |
225 | * 00-50-f2:1 (OUI:OUI type) | 237 | * 00-50-f2:1 (OUI:OUI type) | |
226 | * 0x01 0x00 (version; little endian) | 238 | * 0x01 0x00 (version; little endian) | |
227 | * (all following fields are optional:) | 239 | * (all following fields are optional:) | |
228 | * Group Suite Selector (4 octets) (default: TKIP) | 240 | * Group Suite Selector (4 octets) (default: TKIP) | |
229 | * Pairwise Suite Count (2 octets, little endian) (default: 1) | 241 | * Pairwise Suite Count (2 octets, little endian) (default: 1) | |
230 | * Pairwise Suite List (4 * n octets) (default: TKIP) | 242 | * Pairwise Suite List (4 * n octets) (default: TKIP) | |
231 | * Authenticated Key Management Suite Count (2 octets, little endian) | 243 | * Authenticated Key Management Suite Count (2 octets, little endian) | |
232 | * (default: 1) | 244 | * (default: 1) | |
233 | * Authenticated Key Management Suite List (4 * n octets) | 245 | * Authenticated Key Management Suite List (4 * n octets) | |
234 | * (default: unspec 802.1X) | 246 | * (default: unspec 802.1X) | |
235 | * WPA Capabilities (2 octets, little endian) (default: 0) | 247 | * WPA Capabilities (2 octets, little endian) (default: 0) |
--- src/external/bsd/wpa/dist/src/rsn_supp/tdls.c 2016/11/21 16:42:49 1.1.1.5
+++ src/external/bsd/wpa/dist/src/rsn_supp/tdls.c 2017/10/16 17:36:16 1.2
@@ -102,26 +102,27 @@ struct wpa_tdls_peer { | @@ -102,26 +102,27 @@ struct wpa_tdls_peer { | |||
102 | u8 rsnie_i[TDLS_MAX_IE_LEN]; /* Initiator RSN IE */ | 102 | u8 rsnie_i[TDLS_MAX_IE_LEN]; /* Initiator RSN IE */ | |
103 | size_t rsnie_i_len; | 103 | size_t rsnie_i_len; | |
104 | u8 rsnie_p[TDLS_MAX_IE_LEN]; /* Peer RSN IE */ | 104 | u8 rsnie_p[TDLS_MAX_IE_LEN]; /* Peer RSN IE */ | |
105 | size_t rsnie_p_len; | 105 | size_t rsnie_p_len; | |
106 | u32 lifetime; | 106 | u32 lifetime; | |
107 | int cipher; /* Selected cipher (WPA_CIPHER_*) */ | 107 | int cipher; /* Selected cipher (WPA_CIPHER_*) */ | |
108 | u8 dtoken; | 108 | u8 dtoken; | |
109 | 109 | |||
110 | struct tpk { | 110 | struct tpk { | |
111 | u8 kck[16]; /* TPK-KCK */ | 111 | u8 kck[16]; /* TPK-KCK */ | |
112 | u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ | 112 | u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ | |
113 | } tpk; | 113 | } tpk; | |
114 | int tpk_set; | 114 | int tpk_set; | |
115 | int tk_set; /* TPK-TK configured to the driver */ | |||
115 | int tpk_success; | 116 | int tpk_success; | |
116 | int tpk_in_progress; | 117 | int tpk_in_progress; | |
117 | 118 | |||
118 | struct tpk_timer { | 119 | struct tpk_timer { | |
119 | u8 dest[ETH_ALEN]; | 120 | u8 dest[ETH_ALEN]; | |
120 | int count; /* Retry Count */ | 121 | int count; /* Retry Count */ | |
121 | int timer; /* Timeout in milliseconds */ | 122 | int timer; /* Timeout in milliseconds */ | |
122 | u8 action_code; /* TDLS frame type */ | 123 | u8 action_code; /* TDLS frame type */ | |
123 | u8 dialog_token; | 124 | u8 dialog_token; | |
124 | u16 status_code; | 125 | u16 status_code; | |
125 | u32 peer_capab; | 126 | u32 peer_capab; | |
126 | int buf_len; /* length of TPK message for retransmission */ | 127 | int buf_len; /* length of TPK message for retransmission */ | |
127 | u8 *buf; /* buffer for TPK message */ | 128 | u8 *buf; /* buffer for TPK message */ | |
@@ -182,49 +183,66 @@ static int wpa_tdls_del_key(struct wpa_s | @@ -182,49 +183,66 @@ static int wpa_tdls_del_key(struct wpa_s | |||
182 | return -1; | 183 | return -1; | |
183 | } | 184 | } | |
184 | 185 | |||
185 | return 0; | 186 | return 0; | |
186 | } | 187 | } | |
187 | 188 | |||
188 | 189 | |||
189 | static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) | 190 | static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) | |
190 | { | 191 | { | |
191 | u8 key_len; | 192 | u8 key_len; | |
192 | u8 rsc[6]; | 193 | u8 rsc[6]; | |
193 | enum wpa_alg alg; | 194 | enum wpa_alg alg; | |
194 | 195 | |||
196 | if (peer->tk_set) { | |||
197 | /* | |||
198 | * This same TPK-TK has already been configured to the driver | |||
199 | * and this new configuration attempt (likely due to an | |||
200 | * unexpected retransmitted frame) would result in clearing | |||
201 | * the TX/RX sequence number which can break security, so must | |||
202 | * not allow that to happen. | |||
203 | */ | |||
204 | wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR | |||
205 | " has already been configured to the driver - do not reconfigure", | |||
206 | MAC2STR(peer->addr)); | |||
207 | return -1; | |||
208 | } | |||
209 | ||||
195 | os_memset(rsc, 0, 6); | 210 | os_memset(rsc, 0, 6); | |
196 | 211 | |||
197 | switch (peer->cipher) { | 212 | switch (peer->cipher) { | |
198 | case WPA_CIPHER_CCMP: | 213 | case WPA_CIPHER_CCMP: | |
199 | alg = WPA_ALG_CCMP; | 214 | alg = WPA_ALG_CCMP; | |
200 | key_len = 16; | 215 | key_len = 16; | |
201 | break; | 216 | break; | |
202 | case WPA_CIPHER_NONE: | 217 | case WPA_CIPHER_NONE: | |
203 | wpa_printf(MSG_DEBUG, "TDLS: Pairwise Cipher Suite: " | 218 | wpa_printf(MSG_DEBUG, "TDLS: Pairwise Cipher Suite: " | |
204 | "NONE - do not use pairwise keys"); | 219 | "NONE - do not use pairwise keys"); | |
205 | return -1; | 220 | return -1; | |
206 | default: | 221 | default: | |
207 | wpa_printf(MSG_WARNING, "TDLS: Unsupported pairwise cipher %d", | 222 | wpa_printf(MSG_WARNING, "TDLS: Unsupported pairwise cipher %d", | |
208 | sm->pairwise_cipher); | 223 | sm->pairwise_cipher); | |
209 | return -1; | 224 | return -1; | |
210 | } | 225 | } | |
211 | 226 | |||
227 | wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, | |||
228 | MAC2STR(peer->addr)); | |||
212 | if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, | 229 | if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, | |
213 | rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { | 230 | rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { | |
214 | wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " | 231 | wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " | |
215 | "driver"); | 232 | "driver"); | |
216 | return -1; | 233 | return -1; | |
217 | } | 234 | } | |
235 | peer->tk_set = 1; | |||
218 | return 0; | 236 | return 0; | |
219 | } | 237 | } | |
220 | 238 | |||
221 | 239 | |||
222 | static int wpa_tdls_send_tpk_msg(struct wpa_sm *sm, const u8 *dst, | 240 | static int wpa_tdls_send_tpk_msg(struct wpa_sm *sm, const u8 *dst, | |
223 | u8 action_code, u8 dialog_token, | 241 | u8 action_code, u8 dialog_token, | |
224 | u16 status_code, u32 peer_capab, | 242 | u16 status_code, u32 peer_capab, | |
225 | int initiator, const u8 *buf, size_t len) | 243 | int initiator, const u8 *buf, size_t len) | |
226 | { | 244 | { | |
227 | return wpa_sm_send_tdls_mgmt(sm, dst, action_code, dialog_token, | 245 | return wpa_sm_send_tdls_mgmt(sm, dst, action_code, dialog_token, | |
228 | status_code, peer_capab, initiator, buf, | 246 | status_code, peer_capab, initiator, buf, | |
229 | len); | 247 | len); | |
230 | } | 248 | } | |
@@ -686,27 +704,27 @@ static void wpa_tdls_peer_clear(struct w | @@ -686,27 +704,27 @@ static void wpa_tdls_peer_clear(struct w | |||
686 | peer->ht_capabilities = NULL; | 704 | peer->ht_capabilities = NULL; | |
687 | os_free(peer->vht_capabilities); | 705 | os_free(peer->vht_capabilities); | |
688 | peer->vht_capabilities = NULL; | 706 | peer->vht_capabilities = NULL; | |
689 | os_free(peer->ext_capab); | 707 | os_free(peer->ext_capab); | |
690 | peer->ext_capab = NULL; | 708 | peer->ext_capab = NULL; | |
691 | os_free(peer->supp_channels); | 709 | os_free(peer->supp_channels); | |
692 | peer->supp_channels = NULL; | 710 | peer->supp_channels = NULL; | |
693 | os_free(peer->supp_oper_classes); | 711 | os_free(peer->supp_oper_classes); | |
694 | peer->supp_oper_classes = NULL; | 712 | peer->supp_oper_classes = NULL; | |
695 | peer->rsnie_i_len = peer->rsnie_p_len = 0; | 713 | peer->rsnie_i_len = peer->rsnie_p_len = 0; | |
696 | peer->cipher = 0; | 714 | peer->cipher = 0; | |
697 | peer->qos_info = 0; | 715 | peer->qos_info = 0; | |
698 | peer->wmm_capable = 0; | 716 | peer->wmm_capable = 0; | |
699 | peer->tpk_set = peer->tpk_success = 0; | 717 | peer->tk_set = peer->tpk_set = peer->tpk_success = 0; | |
700 | peer->chan_switch_enabled = 0; | 718 | peer->chan_switch_enabled = 0; | |
701 | os_memset(&peer->tpk, 0, sizeof(peer->tpk)); | 719 | os_memset(&peer->tpk, 0, sizeof(peer->tpk)); | |
702 | os_memset(peer->inonce, 0, WPA_NONCE_LEN); | 720 | os_memset(peer->inonce, 0, WPA_NONCE_LEN); | |
703 | os_memset(peer->rnonce, 0, WPA_NONCE_LEN); | 721 | os_memset(peer->rnonce, 0, WPA_NONCE_LEN); | |
704 | } | 722 | } | |
705 | 723 | |||
706 | 724 | |||
707 | static void wpa_tdls_peer_free(struct wpa_sm *sm, struct wpa_tdls_peer *peer) | 725 | static void wpa_tdls_peer_free(struct wpa_sm *sm, struct wpa_tdls_peer *peer) | |
708 | { | 726 | { | |
709 | wpa_tdls_peer_clear(sm, peer); | 727 | wpa_tdls_peer_clear(sm, peer); | |
710 | wpa_tdls_peer_remove_from_list(sm, peer); | 728 | wpa_tdls_peer_remove_from_list(sm, peer); | |
711 | os_free(peer); | 729 | os_free(peer); | |
712 | } | 730 | } | |
@@ -1149,26 +1167,27 @@ skip_rsnie: | @@ -1149,26 +1167,27 @@ skip_rsnie: | |||
1149 | pos = wpa_add_ie(pos, peer->rsnie_i, peer->rsnie_i_len); | 1167 | pos = wpa_add_ie(pos, peer->rsnie_i, peer->rsnie_i_len); | |
1150 | 1168 | |||
1151 | ftie = (struct wpa_tdls_ftie *) pos; | 1169 | ftie = (struct wpa_tdls_ftie *) pos; | |
1152 | ftie->ie_type = WLAN_EID_FAST_BSS_TRANSITION; | 1170 | ftie->ie_type = WLAN_EID_FAST_BSS_TRANSITION; | |
1153 | ftie->ie_len = sizeof(struct wpa_tdls_ftie) - 2; | 1171 | ftie->ie_len = sizeof(struct wpa_tdls_ftie) - 2; | |
1154 | 1172 | |||
1155 | if (os_get_random(peer->inonce, WPA_NONCE_LEN)) { | 1173 | if (os_get_random(peer->inonce, WPA_NONCE_LEN)) { | |
1156 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | 1174 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | |
1157 | "TDLS: Failed to get random data for initiator Nonce"); | 1175 | "TDLS: Failed to get random data for initiator Nonce"); | |
1158 | os_free(rbuf); | 1176 | os_free(rbuf); | |
1159 | wpa_tdls_peer_free(sm, peer); | 1177 | wpa_tdls_peer_free(sm, peer); | |
1160 | return -1; | 1178 | return -1; | |
1161 | } | 1179 | } | |
1180 | peer->tk_set = 0; /* A new nonce results in a new TK */ | |||
1162 | wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", | 1181 | wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", | |
1163 | peer->inonce, WPA_NONCE_LEN); | 1182 | peer->inonce, WPA_NONCE_LEN); | |
1164 | os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); | 1183 | os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); | |
1165 | 1184 | |||
1166 | wpa_hexdump(MSG_DEBUG, "TDLS: FTIE for TPK Handshake M1", | 1185 | wpa_hexdump(MSG_DEBUG, "TDLS: FTIE for TPK Handshake M1", | |
1167 | (u8 *) ftie, sizeof(struct wpa_tdls_ftie)); | 1186 | (u8 *) ftie, sizeof(struct wpa_tdls_ftie)); | |
1168 | 1187 | |||
1169 | pos = (u8 *) (ftie + 1); | 1188 | pos = (u8 *) (ftie + 1); | |
1170 | 1189 | |||
1171 | #ifdef CONFIG_TDLS_TESTING | 1190 | #ifdef CONFIG_TDLS_TESTING | |
1172 | if (tdls_testing & TDLS_TESTING_LONG_FRAME) { | 1191 | if (tdls_testing & TDLS_TESTING_LONG_FRAME) { | |
1173 | wpa_printf(MSG_DEBUG, "TDLS: Testing - add extra subelem to " | 1192 | wpa_printf(MSG_DEBUG, "TDLS: Testing - add extra subelem to " | |
1174 | "FTIE"); | 1193 | "FTIE"); | |
@@ -1741,26 +1760,39 @@ static int wpa_tdls_addset_peer(struct w | @@ -1741,26 +1760,39 @@ static int wpa_tdls_addset_peer(struct w | |||
1741 | peer->capability, | 1760 | peer->capability, | |
1742 | peer->supp_rates, peer->supp_rates_len, | 1761 | peer->supp_rates, peer->supp_rates_len, | |
1743 | peer->ht_capabilities, | 1762 | peer->ht_capabilities, | |
1744 | peer->vht_capabilities, | 1763 | peer->vht_capabilities, | |
1745 | peer->qos_info, peer->wmm_capable, | 1764 | peer->qos_info, peer->wmm_capable, | |
1746 | peer->ext_capab, peer->ext_capab_len, | 1765 | peer->ext_capab, peer->ext_capab_len, | |
1747 | peer->supp_channels, | 1766 | peer->supp_channels, | |
1748 | peer->supp_channels_len, | 1767 | peer->supp_channels_len, | |
1749 | peer->supp_oper_classes, | 1768 | peer->supp_oper_classes, | |
1750 | peer->supp_oper_classes_len); | 1769 | peer->supp_oper_classes_len); | |
1751 | } | 1770 | } | |
1752 | 1771 | |||
1753 | 1772 | |||
1773 | static int tdls_nonce_set(const u8 *nonce) | |||
1774 | { | |||
1775 | int i; | |||
1776 | ||||
1777 | for (i = 0; i < WPA_NONCE_LEN; i++) { | |||
1778 | if (nonce[i]) | |||
1779 | return 1; | |||
1780 | } | |||
1781 | ||||
1782 | return 0; | |||
1783 | } | |||
1784 | ||||
1785 | ||||
1754 | static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, | 1786 | static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, | |
1755 | const u8 *buf, size_t len) | 1787 | const u8 *buf, size_t len) | |
1756 | { | 1788 | { | |
1757 | struct wpa_tdls_peer *peer; | 1789 | struct wpa_tdls_peer *peer; | |
1758 | struct wpa_eapol_ie_parse kde; | 1790 | struct wpa_eapol_ie_parse kde; | |
1759 | struct wpa_ie_data ie; | 1791 | struct wpa_ie_data ie; | |
1760 | int cipher; | 1792 | int cipher; | |
1761 | const u8 *cpos; | 1793 | const u8 *cpos; | |
1762 | struct wpa_tdls_ftie *ftie = NULL; | 1794 | struct wpa_tdls_ftie *ftie = NULL; | |
1763 | struct wpa_tdls_timeoutie *timeoutie; | 1795 | struct wpa_tdls_timeoutie *timeoutie; | |
1764 | struct wpa_tdls_lnkid *lnkid; | 1796 | struct wpa_tdls_lnkid *lnkid; | |
1765 | u32 lifetime = 0; | 1797 | u32 lifetime = 0; | |
1766 | #if 0 | 1798 | #if 0 | |
@@ -1994,42 +2026,44 @@ skip_rsn: | @@ -1994,42 +2026,44 @@ skip_rsn: | |||
1994 | 2026 | |||
1995 | if (!wpa_tdls_get_privacy(sm)) { | 2027 | if (!wpa_tdls_get_privacy(sm)) { | |
1996 | peer->rsnie_i_len = 0; | 2028 | peer->rsnie_i_len = 0; | |
1997 | peer->rsnie_p_len = 0; | 2029 | peer->rsnie_p_len = 0; | |
1998 | peer->cipher = WPA_CIPHER_NONE; | 2030 | peer->cipher = WPA_CIPHER_NONE; | |
1999 | goto skip_rsn_check; | 2031 | goto skip_rsn_check; | |
2000 | } | 2032 | } | |
2001 | 2033 | |||
2002 | ftie = (struct wpa_tdls_ftie *) kde.ftie; | 2034 | ftie = (struct wpa_tdls_ftie *) kde.ftie; | |
2003 | os_memcpy(peer->rsnie_i, kde.rsn_ie, kde.rsn_ie_len); | 2035 | os_memcpy(peer->rsnie_i, kde.rsn_ie, kde.rsn_ie_len); | |
2004 | peer->rsnie_i_len = kde.rsn_ie_len; | 2036 | peer->rsnie_i_len = kde.rsn_ie_len; | |
2005 | peer->cipher = cipher; | 2037 | peer->cipher = cipher; | |
2006 | 2038 | |||
2007 | if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { | 2039 | if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 || | |
2040 | !tdls_nonce_set(peer->inonce)) { | |||
2008 | /* | 2041 | /* | |
2009 | * There is no point in updating the RNonce for every obtained | 2042 | * There is no point in updating the RNonce for every obtained | |
2010 | * TPK M1 frame (e.g., retransmission due to timeout) with the | 2043 | * TPK M1 frame (e.g., retransmission due to timeout) with the | |
2011 | * same INonce (SNonce in FTIE). However, if the TPK M1 is | 2044 | * same INonce (SNonce in FTIE). However, if the TPK M1 is | |
2012 | * retransmitted with a different INonce, update the RNonce | 2045 | * retransmitted with a different INonce, update the RNonce | |
2013 | * since this is for a new TDLS session. | 2046 | * since this is for a new TDLS session. | |
2014 | */ | 2047 | */ | |
2015 | wpa_printf(MSG_DEBUG, | 2048 | wpa_printf(MSG_DEBUG, | |
2016 | "TDLS: New TPK M1 INonce - generate new RNonce"); | 2049 | "TDLS: New TPK M1 INonce - generate new RNonce"); | |
2017 | os_memcpy(peer->inonce, ftie->Snonce, WPA_NONCE_LEN); | 2050 | os_memcpy(peer->inonce, ftie->Snonce, WPA_NONCE_LEN); | |
2018 | if (os_get_random(peer->rnonce, WPA_NONCE_LEN)) { | 2051 | if (os_get_random(peer->rnonce, WPA_NONCE_LEN)) { | |
2019 | wpa_msg(sm->ctx->ctx, MSG_WARNING, | 2052 | wpa_msg(sm->ctx->ctx, MSG_WARNING, | |
2020 | "TDLS: Failed to get random data for responder nonce"); | 2053 | "TDLS: Failed to get random data for responder nonce"); | |
2021 | goto error; | 2054 | goto error; | |
2022 | } | 2055 | } | |
2056 | peer->tk_set = 0; /* A new nonce results in a new TK */ | |||
2023 | } | 2057 | } | |
2024 | 2058 | |||
2025 | #if 0 | 2059 | #if 0 | |
2026 | /* get version info from RSNIE received from Peer */ | 2060 | /* get version info from RSNIE received from Peer */ | |
2027 | hdr = (struct rsn_ie_hdr *) kde.rsn_ie; | 2061 | hdr = (struct rsn_ie_hdr *) kde.rsn_ie; | |
2028 | rsn_ver = WPA_GET_LE16(hdr->version); | 2062 | rsn_ver = WPA_GET_LE16(hdr->version); | |
2029 | 2063 | |||
2030 | /* use min(peer's version, out version) */ | 2064 | /* use min(peer's version, out version) */ | |
2031 | if (rsn_ver > RSN_VERSION) | 2065 | if (rsn_ver > RSN_VERSION) | |
2032 | rsn_ver = RSN_VERSION; | 2066 | rsn_ver = RSN_VERSION; | |
2033 | 2067 | |||
2034 | hdr = (struct rsn_ie_hdr *) peer->rsnie_p; | 2068 | hdr = (struct rsn_ie_hdr *) peer->rsnie_p; | |
2035 | 2069 |
--- src/external/bsd/wpa/dist/src/rsn_supp/wpa.c 2016/11/21 16:42:49 1.1.1.8
+++ src/external/bsd/wpa/dist/src/rsn_supp/wpa.c 2017/10/16 17:36:16 1.2
@@ -500,27 +500,26 @@ static void wpa_supplicant_process_1_of_ | @@ -500,27 +500,26 @@ static void wpa_supplicant_process_1_of_ | |||
500 | /* Calculate PTK which will be stored as a temporary PTK until it has | 500 | /* Calculate PTK which will be stored as a temporary PTK until it has | |
501 | * been verified when processing message 3/4. */ | 501 | * been verified when processing message 3/4. */ | |
502 | ptk = &sm->tptk; | 502 | ptk = &sm->tptk; | |
503 | wpa_derive_ptk(sm, src_addr, key, ptk); | 503 | wpa_derive_ptk(sm, src_addr, key, ptk); | |
504 | if (sm->pairwise_cipher == WPA_CIPHER_TKIP) { | 504 | if (sm->pairwise_cipher == WPA_CIPHER_TKIP) { | |
505 | u8 buf[8]; | 505 | u8 buf[8]; | |
506 | /* Supplicant: swap tx/rx Mic keys */ | 506 | /* Supplicant: swap tx/rx Mic keys */ | |
507 | os_memcpy(buf, &ptk->tk[16], 8); | 507 | os_memcpy(buf, &ptk->tk[16], 8); | |
508 | os_memcpy(&ptk->tk[16], &ptk->tk[24], 8); | 508 | os_memcpy(&ptk->tk[16], &ptk->tk[24], 8); | |
509 | os_memcpy(&ptk->tk[24], buf, 8); | 509 | os_memcpy(&ptk->tk[24], buf, 8); | |
510 | os_memset(buf, 0, sizeof(buf)); | 510 | os_memset(buf, 0, sizeof(buf)); | |
511 | } | 511 | } | |
512 | sm->tptk_set = 1; | 512 | sm->tptk_set = 1; | |
513 | sm->tk_to_set = 1; | |||
514 | 513 | |||
515 | kde = sm->assoc_wpa_ie; | 514 | kde = sm->assoc_wpa_ie; | |
516 | kde_len = sm->assoc_wpa_ie_len; | 515 | kde_len = sm->assoc_wpa_ie_len; | |
517 | 516 | |||
518 | #ifdef CONFIG_P2P | 517 | #ifdef CONFIG_P2P | |
519 | if (sm->p2p) { | 518 | if (sm->p2p) { | |
520 | kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1); | 519 | kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1); | |
521 | if (kde_buf) { | 520 | if (kde_buf) { | |
522 | u8 *pos; | 521 | u8 *pos; | |
523 | wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE " | 522 | wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE " | |
524 | "into EAPOL-Key 2/4"); | 523 | "into EAPOL-Key 2/4"); | |
525 | os_memcpy(kde_buf, kde, kde_len); | 524 | os_memcpy(kde_buf, kde, kde_len); | |
526 | kde = kde_buf; | 525 | kde = kde_buf; | |
@@ -605,27 +604,27 @@ static void wpa_sm_rekey_ptk(void *eloop | @@ -605,27 +604,27 @@ static void wpa_sm_rekey_ptk(void *eloop | |||
605 | struct wpa_sm *sm = eloop_ctx; | 604 | struct wpa_sm *sm = eloop_ctx; | |
606 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying"); | 605 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying"); | |
607 | wpa_sm_key_request(sm, 0, 1); | 606 | wpa_sm_key_request(sm, 0, 1); | |
608 | } | 607 | } | |
609 | 608 | |||
610 | 609 | |||
611 | static int wpa_supplicant_install_ptk(struct wpa_sm *sm, | 610 | static int wpa_supplicant_install_ptk(struct wpa_sm *sm, | |
612 | const struct wpa_eapol_key *key) | 611 | const struct wpa_eapol_key *key) | |
613 | { | 612 | { | |
614 | int keylen, rsclen; | 613 | int keylen, rsclen; | |
615 | enum wpa_alg alg; | 614 | enum wpa_alg alg; | |
616 | const u8 *key_rsc; | 615 | const u8 *key_rsc; | |
617 | 616 | |||
618 | if (!sm->tk_to_set) { | 617 | if (sm->ptk.installed) { | |
619 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | 618 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | |
620 | "WPA: Do not re-install same PTK to the driver"); | 619 | "WPA: Do not re-install same PTK to the driver"); | |
621 | return 0; | 620 | return 0; | |
622 | } | 621 | } | |
623 | 622 | |||
624 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | 623 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | |
625 | "WPA: Installing PTK to the driver"); | 624 | "WPA: Installing PTK to the driver"); | |
626 | 625 | |||
627 | if (sm->pairwise_cipher == WPA_CIPHER_NONE) { | 626 | if (sm->pairwise_cipher == WPA_CIPHER_NONE) { | |
628 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher " | 627 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher " | |
629 | "Suite: NONE - do not use pairwise keys"); | 628 | "Suite: NONE - do not use pairwise keys"); | |
630 | return 0; | 629 | return 0; | |
631 | } | 630 | } | |
@@ -649,27 +648,27 @@ static int wpa_supplicant_install_ptk(st | @@ -649,27 +648,27 @@ static int wpa_supplicant_install_ptk(st | |||
649 | } | 648 | } | |
650 | 649 | |||
651 | if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen, | 650 | if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen, | |
652 | sm->ptk.tk, keylen) < 0) { | 651 | sm->ptk.tk, keylen) < 0) { | |
653 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | 652 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | |
654 | "WPA: Failed to set PTK to the " | 653 | "WPA: Failed to set PTK to the " | |
655 | "driver (alg=%d keylen=%d bssid=" MACSTR ")", | 654 | "driver (alg=%d keylen=%d bssid=" MACSTR ")", | |
656 | alg, keylen, MAC2STR(sm->bssid)); | 655 | alg, keylen, MAC2STR(sm->bssid)); | |
657 | return -1; | 656 | return -1; | |
658 | } | 657 | } | |
659 | 658 | |||
660 | /* TK is not needed anymore in supplicant */ | 659 | /* TK is not needed anymore in supplicant */ | |
661 | os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); | 660 | os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); | |
662 | sm->tk_to_set = 0; | 661 | sm->ptk.installed = 1; | |
663 | 662 | |||
664 | if (sm->wpa_ptk_rekey) { | 663 | if (sm->wpa_ptk_rekey) { | |
665 | eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); | 664 | eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); | |
666 | eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, | 665 | eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, | |
667 | sm, NULL); | 666 | sm, NULL); | |
668 | } | 667 | } | |
669 | 668 | |||
670 | return 0; | 669 | return 0; | |
671 | } | 670 | } | |
672 | 671 | |||
673 | 672 | |||
674 | static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm, | 673 | static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm, | |
675 | int group_cipher, | 674 | int group_cipher, | |
@@ -699,31 +698,43 @@ static int wpa_supplicant_check_group_ci | @@ -699,31 +698,43 @@ static int wpa_supplicant_check_group_ci | |||
699 | } | 698 | } | |
700 | 699 | |||
701 | 700 | |||
702 | struct wpa_gtk_data { | 701 | struct wpa_gtk_data { | |
703 | enum wpa_alg alg; | 702 | enum wpa_alg alg; | |
704 | int tx, key_rsc_len, keyidx; | 703 | int tx, key_rsc_len, keyidx; | |
705 | u8 gtk[32]; | 704 | u8 gtk[32]; | |
706 | int gtk_len; | 705 | int gtk_len; | |
707 | }; | 706 | }; | |
708 | 707 | |||
709 | 708 | |||
710 | static int wpa_supplicant_install_gtk(struct wpa_sm *sm, | 709 | static int wpa_supplicant_install_gtk(struct wpa_sm *sm, | |
711 | const struct wpa_gtk_data *gd, | 710 | const struct wpa_gtk_data *gd, | |
712 | const u8 *key_rsc) | 711 | const u8 *key_rsc, int wnm_sleep) | |
713 | { | 712 | { | |
714 | const u8 *_gtk = gd->gtk; | 713 | const u8 *_gtk = gd->gtk; | |
715 | u8 gtk_buf[32]; | 714 | u8 gtk_buf[32]; | |
716 | 715 | |||
716 | /* Detect possible key reinstallation */ | |||
717 | if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && | |||
718 | os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || | |||
719 | (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && | |||
720 | os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, | |||
721 | sm->gtk_wnm_sleep.gtk_len) == 0)) { | |||
722 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | |||
723 | "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", | |||
724 | gd->keyidx, gd->tx, gd->gtk_len); | |||
725 | return 0; | |||
726 | } | |||
727 | ||||
717 | wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); | 728 | wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); | |
718 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | 729 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | |
719 | "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", | 730 | "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", | |
720 | gd->keyidx, gd->tx, gd->gtk_len); | 731 | gd->keyidx, gd->tx, gd->gtk_len); | |
721 | wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len); | 732 | wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len); | |
722 | if (sm->group_cipher == WPA_CIPHER_TKIP) { | 733 | if (sm->group_cipher == WPA_CIPHER_TKIP) { | |
723 | /* Swap Tx/Rx keys for Michael MIC */ | 734 | /* Swap Tx/Rx keys for Michael MIC */ | |
724 | os_memcpy(gtk_buf, gd->gtk, 16); | 735 | os_memcpy(gtk_buf, gd->gtk, 16); | |
725 | os_memcpy(gtk_buf + 16, gd->gtk + 24, 8); | 736 | os_memcpy(gtk_buf + 16, gd->gtk + 24, 8); | |
726 | os_memcpy(gtk_buf + 24, gd->gtk + 16, 8); | 737 | os_memcpy(gtk_buf + 24, gd->gtk + 16, 8); | |
727 | _gtk = gtk_buf; | 738 | _gtk = gtk_buf; | |
728 | } | 739 | } | |
729 | if (sm->pairwise_cipher == WPA_CIPHER_NONE) { | 740 | if (sm->pairwise_cipher == WPA_CIPHER_NONE) { | |
@@ -738,26 +749,35 @@ static int wpa_supplicant_install_gtk(st | @@ -738,26 +749,35 @@ static int wpa_supplicant_install_gtk(st | |||
738 | } | 749 | } | |
739 | } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr, | 750 | } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr, | |
740 | gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, | 751 | gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, | |
741 | _gtk, gd->gtk_len) < 0) { | 752 | _gtk, gd->gtk_len) < 0) { | |
742 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | 753 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | |
743 | "WPA: Failed to set GTK to " | 754 | "WPA: Failed to set GTK to " | |
744 | "the driver (alg=%d keylen=%d keyidx=%d)", | 755 | "the driver (alg=%d keylen=%d keyidx=%d)", | |
745 | gd->alg, gd->gtk_len, gd->keyidx); | 756 | gd->alg, gd->gtk_len, gd->keyidx); | |
746 | os_memset(gtk_buf, 0, sizeof(gtk_buf)); | 757 | os_memset(gtk_buf, 0, sizeof(gtk_buf)); | |
747 | return -1; | 758 | return -1; | |
748 | } | 759 | } | |
749 | os_memset(gtk_buf, 0, sizeof(gtk_buf)); | 760 | os_memset(gtk_buf, 0, sizeof(gtk_buf)); | |
750 | 761 | |||
762 | if (wnm_sleep) { | |||
763 | sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; | |||
764 | os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, | |||
765 | sm->gtk_wnm_sleep.gtk_len); | |||
766 | } else { | |||
767 | sm->gtk.gtk_len = gd->gtk_len; | |||
768 | os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); | |||
769 | } | |||
770 | ||||
751 | return 0; | 771 | return 0; | |
752 | } | 772 | } | |
753 | 773 | |||
754 | 774 | |||
755 | static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, | 775 | static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, | |
756 | int tx) | 776 | int tx) | |
757 | { | 777 | { | |
758 | if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) { | 778 | if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) { | |
759 | /* Ignore Tx bit for GTK if a pairwise key is used. One AP | 779 | /* Ignore Tx bit for GTK if a pairwise key is used. One AP | |
760 | * seemed to set this bit (incorrectly, since Tx is only when | 780 | * seemed to set this bit (incorrectly, since Tx is only when | |
761 | * doing Group Key only APs) and without this workaround, the | 781 | * doing Group Key only APs) and without this workaround, the | |
762 | * data connection does not work because wpa_supplicant | 782 | * data connection does not work because wpa_supplicant | |
763 | * configured non-zero keyidx to be used for unicast. */ | 783 | * configured non-zero keyidx to be used for unicast. */ | |
@@ -830,74 +850,110 @@ static int wpa_supplicant_pairwise_gtk(s | @@ -830,74 +850,110 @@ static int wpa_supplicant_pairwise_gtk(s | |||
830 | gtk_len -= 2; | 850 | gtk_len -= 2; | |
831 | 851 | |||
832 | os_memcpy(gd.gtk, gtk, gtk_len); | 852 | os_memcpy(gd.gtk, gtk, gtk_len); | |
833 | gd.gtk_len = gtk_len; | 853 | gd.gtk_len = gtk_len; | |
834 | 854 | |||
835 | key_rsc = key->key_rsc; | 855 | key_rsc = key->key_rsc; | |
836 | if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) | 856 | if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) | |
837 | key_rsc = null_rsc; | 857 | key_rsc = null_rsc; | |
838 | 858 | |||
839 | if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED && | 859 | if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED && | |
840 | (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, | 860 | (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, | |
841 | gtk_len, gtk_len, | 861 | gtk_len, gtk_len, | |
842 | &gd.key_rsc_len, &gd.alg) || | 862 | &gd.key_rsc_len, &gd.alg) || | |
843 | wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { | 863 | wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { | |
844 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | 864 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | |
845 | "RSN: Failed to install GTK"); | 865 | "RSN: Failed to install GTK"); | |
846 | os_memset(&gd, 0, sizeof(gd)); | 866 | os_memset(&gd, 0, sizeof(gd)); | |
847 | return -1; | 867 | return -1; | |
848 | } | 868 | } | |
849 | os_memset(&gd, 0, sizeof(gd)); | 869 | os_memset(&gd, 0, sizeof(gd)); | |
850 | 870 | |||
851 | wpa_supplicant_key_neg_complete(sm, sm->bssid, | 871 | wpa_supplicant_key_neg_complete(sm, sm->bssid, | |
852 | key_info & WPA_KEY_INFO_SECURE); | 872 | key_info & WPA_KEY_INFO_SECURE); | |
853 | return 0; | 873 | return 0; | |
854 | } | 874 | } | |
855 | 875 | |||
856 | 876 | |||
877 | #ifdef CONFIG_IEEE80211W | |||
878 | static int wpa_supplicant_install_igtk(struct wpa_sm *sm, | |||
879 | const struct wpa_igtk_kde *igtk, | |||
880 | int wnm_sleep) | |||
881 | { | |||
882 | size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); | |||
883 | u16 keyidx = WPA_GET_LE16(igtk->keyid); | |||
884 | ||||
885 | /* Detect possible key reinstallation */ | |||
886 | if ((sm->igtk.igtk_len == len && | |||
887 | os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || | |||
888 | (sm->igtk_wnm_sleep.igtk_len == len && | |||
889 | os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, | |||
890 | sm->igtk_wnm_sleep.igtk_len) == 0)) { | |||
891 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | |||
892 | "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", | |||
893 | keyidx); | |||
894 | return 0; | |||
895 | } | |||
896 | ||||
897 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | |||
898 | "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", | |||
899 | keyidx, MAC2STR(igtk->pn)); | |||
900 | wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); | |||
901 | if (keyidx > 4095) { | |||
902 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | |||
903 | "WPA: Invalid IGTK KeyID %d", keyidx); | |||
904 | return -1; | |||
905 | } | |||
906 | if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), | |||
907 | broadcast_ether_addr, | |||
908 | keyidx, 0, igtk->pn, sizeof(igtk->pn), | |||
909 | igtk->igtk, len) < 0) { | |||
910 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | |||
911 | "WPA: Failed to configure IGTK to the driver"); | |||
912 | return -1; | |||
913 | } | |||
914 | ||||
915 | if (wnm_sleep) { | |||
916 | sm->igtk_wnm_sleep.igtk_len = len; | |||
917 | os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, | |||
918 | sm->igtk_wnm_sleep.igtk_len); | |||
919 | } else { | |||
920 | sm->igtk.igtk_len = len; | |||
921 | os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); | |||
922 | } | |||
923 | ||||
924 | return 0; | |||
925 | } | |||
926 | #endif /* CONFIG_IEEE80211W */ | |||
927 | ||||
928 | ||||
857 | static int ieee80211w_set_keys(struct wpa_sm *sm, | 929 | static int ieee80211w_set_keys(struct wpa_sm *sm, | |
858 | struct wpa_eapol_ie_parse *ie) | 930 | struct wpa_eapol_ie_parse *ie) | |
859 | { | 931 | { | |
860 | #ifdef CONFIG_IEEE80211W | 932 | #ifdef CONFIG_IEEE80211W | |
861 | if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher)) | 933 | if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher)) | |
862 | return 0; | 934 | return 0; | |
863 | 935 | |||
864 | if (ie->igtk) { | 936 | if (ie->igtk) { | |
865 | size_t len; | 937 | size_t len; | |
866 | const struct wpa_igtk_kde *igtk; | 938 | const struct wpa_igtk_kde *igtk; | |
867 | u16 keyidx; | 939 | ||
868 | len = wpa_cipher_key_len(sm->mgmt_group_cipher); | 940 | len = wpa_cipher_key_len(sm->mgmt_group_cipher); | |
869 | if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) | 941 | if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) | |
870 | return -1; | 942 | return -1; | |
943 | ||||
871 | igtk = (const struct wpa_igtk_kde *) ie->igtk; | 944 | igtk = (const struct wpa_igtk_kde *) ie->igtk; | |
872 | keyidx = WPA_GET_LE16(igtk->keyid); | 945 | if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) | |
873 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " | |||
874 | "pn %02x%02x%02x%02x%02x%02x", | |||
875 | keyidx, MAC2STR(igtk->pn)); | |||
876 | wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", | |||
877 | igtk->igtk, len); | |||
878 | if (keyidx > 4095) { | |||
879 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | |||
880 | "WPA: Invalid IGTK KeyID %d", keyidx); | |||
881 | return -1; | |||
882 | } | |||
883 | if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), | |||
884 | broadcast_ether_addr, | |||
885 | keyidx, 0, igtk->pn, sizeof(igtk->pn), | |||
886 | igtk->igtk, len) < 0) { | |||
887 | wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | |||
888 | "WPA: Failed to configure IGTK to the driver"); | |||
889 | return -1; | 946 | return -1; | |
890 | } | |||
891 | } | 947 | } | |
892 | 948 | |||
893 | return 0; | 949 | return 0; | |
894 | #else /* CONFIG_IEEE80211W */ | 950 | #else /* CONFIG_IEEE80211W */ | |
895 | return 0; | 951 | return 0; | |
896 | #endif /* CONFIG_IEEE80211W */ | 952 | #endif /* CONFIG_IEEE80211W */ | |
897 | } | 953 | } | |
898 | 954 | |||
899 | 955 | |||
900 | static void wpa_report_ie_mismatch(struct wpa_sm *sm, | 956 | static void wpa_report_ie_mismatch(struct wpa_sm *sm, | |
901 | const char *reason, const u8 *src_addr, | 957 | const char *reason, const u8 *src_addr, | |
902 | const u8 *wpa_ie, size_t wpa_ie_len, | 958 | const u8 *wpa_ie, size_t wpa_ie_len, | |
903 | const u8 *rsn_ie, size_t rsn_ie_len) | 959 | const u8 *rsn_ie, size_t rsn_ie_len) | |
@@ -1526,27 +1582,27 @@ static void wpa_supplicant_process_1_of_ | @@ -1526,27 +1582,27 @@ static void wpa_supplicant_process_1_of_ | |||
1526 | key_data_len, | 1582 | key_data_len, | |
1527 | key_info, ver, &gd); | 1583 | key_info, ver, &gd); | |
1528 | } | 1584 | } | |
1529 | 1585 | |||
1530 | wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); | 1586 | wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); | |
1531 | 1587 | |||
1532 | if (ret) | 1588 | if (ret) | |
1533 | goto failed; | 1589 | goto failed; | |
1534 | 1590 | |||
1535 | key_rsc = key->key_rsc; | 1591 | key_rsc = key->key_rsc; | |
1536 | if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) | 1592 | if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) | |
1537 | key_rsc = null_rsc; | 1593 | key_rsc = null_rsc; | |
1538 | 1594 | |||
1539 | if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || | 1595 | if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || | |
1540 | wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) | 1596 | wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) | |
1541 | goto failed; | 1597 | goto failed; | |
1542 | os_memset(&gd, 0, sizeof(gd)); | 1598 | os_memset(&gd, 0, sizeof(gd)); | |
1543 | 1599 | |||
1544 | if (rekey) { | 1600 | if (rekey) { | |
1545 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying " | 1601 | wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying " | |
1546 | "completed with " MACSTR " [GTK=%s]", | 1602 | "completed with " MACSTR " [GTK=%s]", | |
1547 | MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); | 1603 | MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); | |
1548 | wpa_sm_cancel_auth_timeout(sm); | 1604 | wpa_sm_cancel_auth_timeout(sm); | |
1549 | wpa_sm_set_state(sm, WPA_COMPLETED); | 1605 | wpa_sm_set_state(sm, WPA_COMPLETED); | |
1550 | } else { | 1606 | } else { | |
1551 | wpa_supplicant_key_neg_complete(sm, sm->bssid, | 1607 | wpa_supplicant_key_neg_complete(sm, sm->bssid, | |
1552 | key_info & | 1608 | key_info & | |
@@ -2297,66 +2353,72 @@ void wpa_sm_deinit(struct wpa_sm *sm) | @@ -2297,66 +2353,72 @@ void wpa_sm_deinit(struct wpa_sm *sm) | |||
2297 | } | 2353 | } | |
2298 | 2354 | |||
2299 | 2355 | |||
2300 | /** | 2356 | /** | |
2301 | * wpa_sm_notify_assoc - Notify WPA state machine about association | 2357 | * wpa_sm_notify_assoc - Notify WPA state machine about association | |
2302 | * @sm: Pointer to WPA state machine data from wpa_sm_init() | 2358 | * @sm: Pointer to WPA state machine data from wpa_sm_init() | |
2303 | * @bssid: The BSSID of the new association | 2359 | * @bssid: The BSSID of the new association | |
2304 | * | 2360 | * | |
2305 | * This function is called to let WPA state machine know that the connection | 2361 | * This function is called to let WPA state machine know that the connection | |
2306 | * was established. | 2362 | * was established. | |
2307 | */ | 2363 | */ | |
2308 | void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) | 2364 | void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) | |
2309 | { | 2365 | { | |
2310 | int clear_ptk = 1; | 2366 | int clear_keys = 1; | |
2311 | 2367 | |||
2312 | if (sm == NULL) | 2368 | if (sm == NULL) | |
2313 | return; | 2369 | return; | |
2314 | 2370 | |||
2315 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | 2371 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | |
2316 | "WPA: Association event - clear replay counter"); | 2372 | "WPA: Association event - clear replay counter"); | |
2317 | os_memcpy(sm->bssid, bssid, ETH_ALEN); | 2373 | os_memcpy(sm->bssid, bssid, ETH_ALEN); | |
2318 | os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); | 2374 | os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); | |
2319 | sm->rx_replay_counter_set = 0; | 2375 | sm->rx_replay_counter_set = 0; | |
2320 | sm->renew_snonce = 1; | 2376 | sm->renew_snonce = 1; | |
2321 | if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0) | 2377 | if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0) | |
2322 | rsn_preauth_deinit(sm); | 2378 | rsn_preauth_deinit(sm); | |
2323 | 2379 | |||
2324 | #ifdef CONFIG_IEEE80211R | 2380 | #ifdef CONFIG_IEEE80211R | |
2325 | if (wpa_ft_is_completed(sm)) { | 2381 | if (wpa_ft_is_completed(sm)) { | |
2326 | /* | 2382 | /* | |
2327 | * Clear portValid to kick EAPOL state machine to re-enter | 2383 | * Clear portValid to kick EAPOL state machine to re-enter | |
2328 | * AUTHENTICATED state to get the EAPOL port Authorized. | 2384 | * AUTHENTICATED state to get the EAPOL port Authorized. | |
2329 | */ | 2385 | */ | |
2330 | eapol_sm_notify_portValid(sm->eapol, FALSE); | 2386 | eapol_sm_notify_portValid(sm->eapol, FALSE); | |
2331 | wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); | 2387 | wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); | |
2332 | 2388 | |||
2333 | /* Prepare for the next transition */ | 2389 | /* Prepare for the next transition */ | |
2334 | wpa_ft_prepare_auth_request(sm, NULL); | 2390 | wpa_ft_prepare_auth_request(sm, NULL); | |
2335 | 2391 | |||
2336 | clear_ptk = 0; | 2392 | clear_keys = 0; | |
2337 | } | 2393 | } | |
2338 | #endif /* CONFIG_IEEE80211R */ | 2394 | #endif /* CONFIG_IEEE80211R */ | |
2339 | 2395 | |||
2340 | if (clear_ptk) { | 2396 | if (clear_keys) { | |
2341 | /* | 2397 | /* | |
2342 | * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if | 2398 | * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if | |
2343 | * this is not part of a Fast BSS Transition. | 2399 | * this is not part of a Fast BSS Transition. | |
2344 | */ | 2400 | */ | |
2345 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK"); | 2401 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK"); | |
2346 | sm->ptk_set = 0; | 2402 | sm->ptk_set = 0; | |
2347 | os_memset(&sm->ptk, 0, sizeof(sm->ptk)); | 2403 | os_memset(&sm->ptk, 0, sizeof(sm->ptk)); | |
2348 | sm->tptk_set = 0; | 2404 | sm->tptk_set = 0; | |
2349 | os_memset(&sm->tptk, 0, sizeof(sm->tptk)); | 2405 | os_memset(&sm->tptk, 0, sizeof(sm->tptk)); | |
2406 | os_memset(&sm->gtk, 0, sizeof(sm->gtk)); | |||
2407 | os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); | |||
2408 | #ifdef CONFIG_IEEE80211W | |||
2409 | os_memset(&sm->igtk, 0, sizeof(sm->igtk)); | |||
2410 | os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); | |||
2411 | #endif /* CONFIG_IEEE80211W */ | |||
2350 | } | 2412 | } | |
2351 | 2413 | |||
2352 | #ifdef CONFIG_TDLS | 2414 | #ifdef CONFIG_TDLS | |
2353 | wpa_tdls_assoc(sm); | 2415 | wpa_tdls_assoc(sm); | |
2354 | #endif /* CONFIG_TDLS */ | 2416 | #endif /* CONFIG_TDLS */ | |
2355 | 2417 | |||
2356 | #ifdef CONFIG_P2P | 2418 | #ifdef CONFIG_P2P | |
2357 | os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr)); | 2419 | os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr)); | |
2358 | #endif /* CONFIG_P2P */ | 2420 | #endif /* CONFIG_P2P */ | |
2359 | } | 2421 | } | |
2360 | 2422 | |||
2361 | 2423 | |||
2362 | /** | 2424 | /** | |
@@ -2368,26 +2430,29 @@ void wpa_sm_notify_assoc(struct wpa_sm * | @@ -2368,26 +2430,29 @@ void wpa_sm_notify_assoc(struct wpa_sm * | |||
2368 | */ | 2430 | */ | |
2369 | void wpa_sm_notify_disassoc(struct wpa_sm *sm) | 2431 | void wpa_sm_notify_disassoc(struct wpa_sm *sm) | |
2370 | { | 2432 | { | |
2371 | eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); | 2433 | eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); | |
2372 | eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); | 2434 | eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); | |
2373 | peerkey_deinit(sm); | 2435 | peerkey_deinit(sm); | |
2374 | rsn_preauth_deinit(sm); | 2436 | rsn_preauth_deinit(sm); | |
2375 | pmksa_cache_clear_current(sm); | 2437 | pmksa_cache_clear_current(sm); | |
2376 | if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE) | 2438 | if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE) | |
2377 | sm->dot11RSNA4WayHandshakeFailures++; | 2439 | sm->dot11RSNA4WayHandshakeFailures++; | |
2378 | #ifdef CONFIG_TDLS | 2440 | #ifdef CONFIG_TDLS | |
2379 | wpa_tdls_disassoc(sm); | 2441 | wpa_tdls_disassoc(sm); | |
2380 | #endif /* CONFIG_TDLS */ | 2442 | #endif /* CONFIG_TDLS */ | |
2443 | #ifdef CONFIG_IEEE80211R | |||
2444 | sm->ft_reassoc_completed = 0; | |||
2445 | #endif /* CONFIG_IEEE80211R */ | |||
2381 | 2446 | |||
2382 | /* Keys are not needed in the WPA state machine anymore */ | 2447 | /* Keys are not needed in the WPA state machine anymore */ | |
2383 | wpa_sm_drop_sa(sm); | 2448 | wpa_sm_drop_sa(sm); | |
2384 | 2449 | |||
2385 | sm->msg_3_of_4_ok = 0; | 2450 | sm->msg_3_of_4_ok = 0; | |
2386 | } | 2451 | } | |
2387 | 2452 | |||
2388 | 2453 | |||
2389 | /** | 2454 | /** | |
2390 | * wpa_sm_set_pmk - Set PMK | 2455 | * wpa_sm_set_pmk - Set PMK | |
2391 | * @sm: Pointer to WPA state machine data from wpa_sm_init() | 2456 | * @sm: Pointer to WPA state machine data from wpa_sm_init() | |
2392 | * @pmk: The new PMK | 2457 | * @pmk: The new PMK | |
2393 | * @pmk_len: The length of the new PMK in bytes | 2458 | * @pmk_len: The length of the new PMK in bytes | |
@@ -2867,26 +2932,32 @@ int wpa_sm_pmksa_cache_list(struct wpa_s | @@ -2867,26 +2932,32 @@ int wpa_sm_pmksa_cache_list(struct wpa_s | |||
2867 | { | 2932 | { | |
2868 | return pmksa_cache_list(sm->pmksa, buf, len); | 2933 | return pmksa_cache_list(sm->pmksa, buf, len); | |
2869 | } | 2934 | } | |
2870 | 2935 | |||
2871 | 2936 | |||
2872 | void wpa_sm_drop_sa(struct wpa_sm *sm) | 2937 | void wpa_sm_drop_sa(struct wpa_sm *sm) | |
2873 | { | 2938 | { | |
2874 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK"); | 2939 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK"); | |
2875 | sm->ptk_set = 0; | 2940 | sm->ptk_set = 0; | |
2876 | sm->tptk_set = 0; | 2941 | sm->tptk_set = 0; | |
2877 | os_memset(sm->pmk, 0, sizeof(sm->pmk)); | 2942 | os_memset(sm->pmk, 0, sizeof(sm->pmk)); | |
2878 | os_memset(&sm->ptk, 0, sizeof(sm->ptk)); | 2943 | os_memset(&sm->ptk, 0, sizeof(sm->ptk)); | |
2879 | os_memset(&sm->tptk, 0, sizeof(sm->tptk)); | 2944 | os_memset(&sm->tptk, 0, sizeof(sm->tptk)); | |
2945 | os_memset(&sm->gtk, 0, sizeof(sm->gtk)); | |||
2946 | os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); | |||
2947 | #ifdef CONFIG_IEEE80211W | |||
2948 | os_memset(&sm->igtk, 0, sizeof(sm->igtk)); | |||
2949 | os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); | |||
2950 | #endif /* CONFIG_IEEE80211W */ | |||
2880 | #ifdef CONFIG_IEEE80211R | 2951 | #ifdef CONFIG_IEEE80211R | |
2881 | os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); | 2952 | os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); | |
2882 | os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); | 2953 | os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); | |
2883 | os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1)); | 2954 | os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1)); | |
2884 | #endif /* CONFIG_IEEE80211R */ | 2955 | #endif /* CONFIG_IEEE80211R */ | |
2885 | } | 2956 | } | |
2886 | 2957 | |||
2887 | 2958 | |||
2888 | int wpa_sm_has_ptk(struct wpa_sm *sm) | 2959 | int wpa_sm_has_ptk(struct wpa_sm *sm) | |
2889 | { | 2960 | { | |
2890 | if (sm == NULL) | 2961 | if (sm == NULL) | |
2891 | return 0; | 2962 | return 0; | |
2892 | return sm->ptk_set; | 2963 | return sm->ptk_set; | |
@@ -2930,58 +3001,40 @@ int wpa_wnmsleep_install_key(struct wpa_ | @@ -2930,58 +3001,40 @@ int wpa_wnmsleep_install_key(struct wpa_ | |||
2930 | if (gd.gtk_len != buf[4]) { | 3001 | if (gd.gtk_len != buf[4]) { | |
2931 | wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d", | 3002 | wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d", | |
2932 | gd.gtk_len, buf[4]); | 3003 | gd.gtk_len, buf[4]); | |
2933 | return -1; | 3004 | return -1; | |
2934 | } | 3005 | } | |
2935 | gd.keyidx = keyinfo & 0x03; /* B0 - B1 */ | 3006 | gd.keyidx = keyinfo & 0x03; /* B0 - B1 */ | |
2936 | gd.tx = wpa_supplicant_gtk_tx_bit_workaround( | 3007 | gd.tx = wpa_supplicant_gtk_tx_bit_workaround( | |
2937 | sm, !!(keyinfo & WPA_KEY_INFO_TXRX)); | 3008 | sm, !!(keyinfo & WPA_KEY_INFO_TXRX)); | |
2938 | 3009 | |||
2939 | os_memcpy(gd.gtk, buf + 13, gd.gtk_len); | 3010 | os_memcpy(gd.gtk, buf + 13, gd.gtk_len); | |
2940 | 3011 | |||
2941 | wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", | 3012 | wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", | |
2942 | gd.gtk, gd.gtk_len); | 3013 | gd.gtk, gd.gtk_len); | |
2943 | if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { | 3014 | if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { | |
2944 | os_memset(&gd, 0, sizeof(gd)); | 3015 | os_memset(&gd, 0, sizeof(gd)); | |
2945 | wpa_printf(MSG_DEBUG, "Failed to install the GTK in " | 3016 | wpa_printf(MSG_DEBUG, "Failed to install the GTK in " | |
2946 | "WNM mode"); | 3017 | "WNM mode"); | |
2947 | return -1; | 3018 | return -1; | |
2948 | } | 3019 | } | |
2949 | os_memset(&gd, 0, sizeof(gd)); | 3020 | os_memset(&gd, 0, sizeof(gd)); | |
2950 | #ifdef CONFIG_IEEE80211W | 3021 | #ifdef CONFIG_IEEE80211W | |
2951 | } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { | 3022 | } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { | |
2952 | struct wpa_igtk_kde igd; | 3023 | const struct wpa_igtk_kde *igtk; | |
2953 | u16 keyidx; | |||
2954 | 3024 | |||
2955 | os_memset(&igd, 0, sizeof(igd)); | 3025 | igtk = (const struct wpa_igtk_kde *) (buf + 2); | |
2956 | keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); | 3026 | if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) | |
2957 | os_memcpy(igd.keyid, buf + 2, 2); | |||
2958 | os_memcpy(igd.pn, buf + 4, 6); | |||
2959 | ||||
2960 | keyidx = WPA_GET_LE16(igd.keyid); | |||
2961 | os_memcpy(igd.igtk, buf + 10, keylen); | |||
2962 | ||||
2963 | wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", | |||
2964 | igd.igtk, keylen); | |||
2965 | if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), | |||
2966 | broadcast_ether_addr, | |||
2967 | keyidx, 0, igd.pn, sizeof(igd.pn), | |||
2968 | igd.igtk, keylen) < 0) { | |||
2969 | wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " | |||
2970 | "WNM mode"); | |||
2971 | os_memset(&igd, 0, sizeof(igd)); | |||
2972 | return -1; | 3027 | return -1; | |
2973 | } | |||
2974 | os_memset(&igd, 0, sizeof(igd)); | |||
2975 | #endif /* CONFIG_IEEE80211W */ | 3028 | #endif /* CONFIG_IEEE80211W */ | |
2976 | } else { | 3029 | } else { | |
2977 | wpa_printf(MSG_DEBUG, "Unknown element id"); | 3030 | wpa_printf(MSG_DEBUG, "Unknown element id"); | |
2978 | return -1; | 3031 | return -1; | |
2979 | } | 3032 | } | |
2980 | 3033 | |||
2981 | return 0; | 3034 | return 0; | |
2982 | } | 3035 | } | |
2983 | #endif /* CONFIG_WNM */ | 3036 | #endif /* CONFIG_WNM */ | |
2984 | 3037 | |||
2985 | 3038 | |||
2986 | #ifdef CONFIG_PEERKEY | 3039 | #ifdef CONFIG_PEERKEY | |
2987 | int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr, | 3040 | int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr, |
--- src/external/bsd/wpa/dist/src/rsn_supp/wpa_ft.c 2016/11/21 16:42:49 1.1.1.6
+++ src/external/bsd/wpa/dist/src/rsn_supp/wpa_ft.c 2017/10/16 17:36:16 1.2
@@ -143,26 +143,27 @@ static u8 * wpa_ft_gen_req_ies(struct wp | @@ -143,26 +143,27 @@ static u8 * wpa_ft_gen_req_ies(struct wp | |||
143 | const u8 *kck, size_t kck_len, | 143 | const u8 *kck, size_t kck_len, | |
144 | const u8 *target_ap, | 144 | const u8 *target_ap, | |
145 | const u8 *ric_ies, size_t ric_ies_len, | 145 | const u8 *ric_ies, size_t ric_ies_len, | |
146 | const u8 *ap_mdie) | 146 | const u8 *ap_mdie) | |
147 | { | 147 | { | |
148 | size_t buf_len; | 148 | size_t buf_len; | |
149 | u8 *buf, *pos, *ftie_len, *ftie_pos; | 149 | u8 *buf, *pos, *ftie_len, *ftie_pos; | |
150 | struct rsn_mdie *mdie; | 150 | struct rsn_mdie *mdie; | |
151 | struct rsn_ftie *ftie; | 151 | struct rsn_ftie *ftie; | |
152 | struct rsn_ie_hdr *rsnie; | 152 | struct rsn_ie_hdr *rsnie; | |
153 | u16 capab; | 153 | u16 capab; | |
154 | 154 | |||
155 | sm->ft_completed = 0; | 155 | sm->ft_completed = 0; | |
156 | sm->ft_reassoc_completed = 0; | |||
156 | 157 | |||
157 | buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + | 158 | buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + | |
158 | 2 + sm->r0kh_id_len + ric_ies_len + 100; | 159 | 2 + sm->r0kh_id_len + ric_ies_len + 100; | |
159 | buf = os_zalloc(buf_len); | 160 | buf = os_zalloc(buf_len); | |
160 | if (buf == NULL) | 161 | if (buf == NULL) | |
161 | return NULL; | 162 | return NULL; | |
162 | pos = buf; | 163 | pos = buf; | |
163 | 164 | |||
164 | /* RSNIE[PMKR0Name/PMKR1Name] */ | 165 | /* RSNIE[PMKR0Name/PMKR1Name] */ | |
165 | rsnie = (struct rsn_ie_hdr *) pos; | 166 | rsnie = (struct rsn_ie_hdr *) pos; | |
166 | rsnie->elem_id = WLAN_EID_RSN; | 167 | rsnie->elem_id = WLAN_EID_RSN; | |
167 | WPA_PUT_LE16(rsnie->version, RSN_VERSION); | 168 | WPA_PUT_LE16(rsnie->version, RSN_VERSION); | |
168 | pos = (u8 *) (rsnie + 1); | 169 | pos = (u8 *) (rsnie + 1); | |
@@ -671,26 +672,31 @@ int wpa_ft_validate_reassoc_resp(struct | @@ -671,26 +672,31 @@ int wpa_ft_validate_reassoc_resp(struct | |||
671 | struct rsn_mdie *mdie; | 672 | struct rsn_mdie *mdie; | |
672 | struct rsn_ftie *ftie; | 673 | struct rsn_ftie *ftie; | |
673 | unsigned int count; | 674 | unsigned int count; | |
674 | u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; | 675 | u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; | |
675 | 676 | |||
676 | wpa_hexdump(MSG_DEBUG, "FT: Response IEs", ies, ies_len); | 677 | wpa_hexdump(MSG_DEBUG, "FT: Response IEs", ies, ies_len); | |
677 | 678 | |||
678 | if (!wpa_key_mgmt_ft(sm->key_mgmt)) { | 679 | if (!wpa_key_mgmt_ft(sm->key_mgmt)) { | |
679 | wpa_printf(MSG_DEBUG, "FT: Reject FT IEs since FT is not " | 680 | wpa_printf(MSG_DEBUG, "FT: Reject FT IEs since FT is not " | |
680 | "enabled for this connection"); | 681 | "enabled for this connection"); | |
681 | return -1; | 682 | return -1; | |
682 | } | 683 | } | |
683 | 684 | |||
685 | if (sm->ft_reassoc_completed) { | |||
686 | wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); | |||
687 | return 0; | |||
688 | } | |||
689 | ||||
684 | if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { | 690 | if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { | |
685 | wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); | 691 | wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); | |
686 | return -1; | 692 | return -1; | |
687 | } | 693 | } | |
688 | 694 | |||
689 | mdie = (struct rsn_mdie *) parse.mdie; | 695 | mdie = (struct rsn_mdie *) parse.mdie; | |
690 | if (mdie == NULL || parse.mdie_len < sizeof(*mdie) || | 696 | if (mdie == NULL || parse.mdie_len < sizeof(*mdie) || | |
691 | os_memcmp(mdie->mobility_domain, sm->mobility_domain, | 697 | os_memcmp(mdie->mobility_domain, sm->mobility_domain, | |
692 | MOBILITY_DOMAIN_ID_LEN) != 0) { | 698 | MOBILITY_DOMAIN_ID_LEN) != 0) { | |
693 | wpa_printf(MSG_DEBUG, "FT: Invalid MDIE"); | 699 | wpa_printf(MSG_DEBUG, "FT: Invalid MDIE"); | |
694 | return -1; | 700 | return -1; | |
695 | } | 701 | } | |
696 | 702 | |||
@@ -771,26 +777,28 @@ int wpa_ft_validate_reassoc_resp(struct | @@ -771,26 +777,28 @@ int wpa_ft_validate_reassoc_resp(struct | |||
771 | parse.ric, parse.ric_len, | 777 | parse.ric, parse.ric_len, | |
772 | mic) < 0) { | 778 | mic) < 0) { | |
773 | wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC"); | 779 | wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC"); | |
774 | return -1; | 780 | return -1; | |
775 | } | 781 | } | |
776 | 782 | |||
777 | if (os_memcmp_const(mic, ftie->mic, 16) != 0) { | 783 | if (os_memcmp_const(mic, ftie->mic, 16) != 0) { | |
778 | wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE"); | 784 | wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE"); | |
779 | wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC", ftie->mic, 16); | 785 | wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC", ftie->mic, 16); | |
780 | wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, 16); | 786 | wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, 16); | |
781 | return -1; | 787 | return -1; | |
782 | } | 788 | } | |
783 | 789 | |||
790 | sm->ft_reassoc_completed = 1; | |||
791 | ||||
784 | if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) | 792 | if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) | |
785 | return -1; | 793 | return -1; | |
786 | 794 | |||
787 | #ifdef CONFIG_IEEE80211W | 795 | #ifdef CONFIG_IEEE80211W | |
788 | if (wpa_ft_process_igtk_subelem(sm, parse.igtk, parse.igtk_len) < 0) | 796 | if (wpa_ft_process_igtk_subelem(sm, parse.igtk, parse.igtk_len) < 0) | |
789 | return -1; | 797 | return -1; | |
790 | #endif /* CONFIG_IEEE80211W */ | 798 | #endif /* CONFIG_IEEE80211W */ | |
791 | 799 | |||
792 | if (sm->set_ptk_after_assoc) { | 800 | if (sm->set_ptk_after_assoc) { | |
793 | wpa_printf(MSG_DEBUG, "FT: Try to set PTK again now that we " | 801 | wpa_printf(MSG_DEBUG, "FT: Try to set PTK again now that we " | |
794 | "are associated"); | 802 | "are associated"); | |
795 | if (wpa_ft_install_ptk(sm, src_addr) < 0) | 803 | if (wpa_ft_install_ptk(sm, src_addr) < 0) | |
796 | return -1; | 804 | return -1; |
--- src/external/bsd/wpa/dist/src/rsn_supp/wpa_i.h 2016/11/21 16:42:49 1.1.1.6
+++ src/external/bsd/wpa/dist/src/rsn_supp/wpa_i.h 2017/10/16 17:36:16 1.2
@@ -14,33 +14,38 @@ | @@ -14,33 +14,38 @@ | |||
14 | struct wpa_peerkey; | 14 | struct wpa_peerkey; | |
15 | struct wpa_tdls_peer; | 15 | struct wpa_tdls_peer; | |
16 | struct wpa_eapol_key; | 16 | struct wpa_eapol_key; | |
17 | 17 | |||
18 | /** | 18 | /** | |
19 | * struct wpa_sm - Internal WPA state machine data | 19 | * struct wpa_sm - Internal WPA state machine data | |
20 | */ | 20 | */ | |
21 | struct wpa_sm { | 21 | struct wpa_sm { | |
22 | u8 pmk[PMK_LEN_MAX]; | 22 | u8 pmk[PMK_LEN_MAX]; | |
23 | size_t pmk_len; | 23 | size_t pmk_len; | |
24 | struct wpa_ptk ptk, tptk; | 24 | struct wpa_ptk ptk, tptk; | |
25 | int ptk_set, tptk_set; | 25 | int ptk_set, tptk_set; | |
26 | unsigned int msg_3_of_4_ok:1; | 26 | unsigned int msg_3_of_4_ok:1; | |
27 | unsigned int tk_to_set:1; | |||
28 | u8 snonce[WPA_NONCE_LEN]; | 27 | u8 snonce[WPA_NONCE_LEN]; | |
29 | u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ | 28 | u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ | |
30 | int renew_snonce; | 29 | int renew_snonce; | |
31 | u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; | 30 | u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; | |
32 | int rx_replay_counter_set; | 31 | int rx_replay_counter_set; | |
33 | u8 request_counter[WPA_REPLAY_COUNTER_LEN]; | 32 | u8 request_counter[WPA_REPLAY_COUNTER_LEN]; | |
33 | struct wpa_gtk gtk; | |||
34 | struct wpa_gtk gtk_wnm_sleep; | |||
35 | #ifdef CONFIG_IEEE80211W | |||
36 | struct wpa_igtk igtk; | |||
37 | struct wpa_igtk igtk_wnm_sleep; | |||
38 | #endif /* CONFIG_IEEE80211W */ | |||
34 | 39 | |||
35 | struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ | 40 | struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ | |
36 | 41 | |||
37 | struct rsn_pmksa_cache *pmksa; /* PMKSA cache */ | 42 | struct rsn_pmksa_cache *pmksa; /* PMKSA cache */ | |
38 | struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */ | 43 | struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */ | |
39 | struct dl_list pmksa_candidates; | 44 | struct dl_list pmksa_candidates; | |
40 | 45 | |||
41 | struct l2_packet_data *l2_preauth; | 46 | struct l2_packet_data *l2_preauth; | |
42 | struct l2_packet_data *l2_preauth_br; | 47 | struct l2_packet_data *l2_preauth_br; | |
43 | struct l2_packet_data *l2_tdls; | 48 | struct l2_packet_data *l2_tdls; | |
44 | u8 preauth_bssid[ETH_ALEN]; /* current RSN pre-auth peer or | 49 | u8 preauth_bssid[ETH_ALEN]; /* current RSN pre-auth peer or | |
45 | * 00:00:00:00:00:00 if no pre-auth is | 50 | * 00:00:00:00:00:00 if no pre-auth is | |
46 | * in progress */ | 51 | * in progress */ | |
@@ -113,26 +118,27 @@ struct wpa_sm { | @@ -113,26 +118,27 @@ struct wpa_sm { | |||
113 | 118 | |||
114 | #ifdef CONFIG_IEEE80211R | 119 | #ifdef CONFIG_IEEE80211R | |
115 | u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */ | 120 | u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */ | |
116 | size_t xxkey_len; | 121 | size_t xxkey_len; | |
117 | u8 pmk_r0[PMK_LEN]; | 122 | u8 pmk_r0[PMK_LEN]; | |
118 | u8 pmk_r0_name[WPA_PMK_NAME_LEN]; | 123 | u8 pmk_r0_name[WPA_PMK_NAME_LEN]; | |
119 | u8 pmk_r1[PMK_LEN]; | 124 | u8 pmk_r1[PMK_LEN]; | |
120 | u8 pmk_r1_name[WPA_PMK_NAME_LEN]; | 125 | u8 pmk_r1_name[WPA_PMK_NAME_LEN]; | |
121 | u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; | 126 | u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; | |
122 | u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; | 127 | u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; | |
123 | size_t r0kh_id_len; | 128 | size_t r0kh_id_len; | |
124 | u8 r1kh_id[FT_R1KH_ID_LEN]; | 129 | u8 r1kh_id[FT_R1KH_ID_LEN]; | |
125 | int ft_completed; | 130 | int ft_completed; | |
131 | int ft_reassoc_completed; | |||
126 | int over_the_ds_in_progress; | 132 | int over_the_ds_in_progress; | |
127 | u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ | 133 | u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ | |
128 | int set_ptk_after_assoc; | 134 | int set_ptk_after_assoc; | |
129 | u8 mdie_ft_capab; /* FT Capability and Policy from target AP MDIE */ | 135 | u8 mdie_ft_capab; /* FT Capability and Policy from target AP MDIE */ | |
130 | u8 *assoc_resp_ies; /* MDIE and FTIE from (Re)Association Response */ | 136 | u8 *assoc_resp_ies; /* MDIE and FTIE from (Re)Association Response */ | |
131 | size_t assoc_resp_ies_len; | 137 | size_t assoc_resp_ies_len; | |
132 | #endif /* CONFIG_IEEE80211R */ | 138 | #endif /* CONFIG_IEEE80211R */ | |
133 | 139 | |||
134 | #ifdef CONFIG_P2P | 140 | #ifdef CONFIG_P2P | |
135 | u8 p2p_ip_addr[3 * 4]; | 141 | u8 p2p_ip_addr[3 * 4]; | |
136 | #endif /* CONFIG_P2P */ | 142 | #endif /* CONFIG_P2P */ | |
137 | 143 | |||
138 | #ifdef CONFIG_TESTING_OPTIONS | 144 | #ifdef CONFIG_TESTING_OPTIONS |
--- src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c 2016/11/21 20:15:17 1.3
+++ src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c 2017/10/16 17:36:16 1.4
@@ -250,27 +250,27 @@ static void ieee802_11_rx_wnmsleep_resp( | @@ -250,27 +250,27 @@ static void ieee802_11_rx_wnmsleep_resp( | |||
250 | * Action [1] | Dialog Token [1] | Key Data Len [2] | Key Data | | 250 | * Action [1] | Dialog Token [1] | Key Data Len [2] | Key Data | | |
251 | * WNM-Sleep Mode IE | TFS Response IE | 251 | * WNM-Sleep Mode IE | TFS Response IE | |
252 | */ | 252 | */ | |
253 | const u8 *pos = frm; /* point to payload after the action field */ | 253 | const u8 *pos = frm; /* point to payload after the action field */ | |
254 | u16 key_len_total; | 254 | u16 key_len_total; | |
255 | struct wnm_sleep_element *wnmsleep_ie = NULL; | 255 | struct wnm_sleep_element *wnmsleep_ie = NULL; | |
256 | /* multiple TFS Resp IE (assuming consecutive) */ | 256 | /* multiple TFS Resp IE (assuming consecutive) */ | |
257 | const u8 *tfsresp_ie_start = NULL; | 257 | const u8 *tfsresp_ie_start = NULL; | |
258 | const u8 *tfsresp_ie_end = NULL; | 258 | const u8 *tfsresp_ie_end = NULL; | |
259 | size_t left; | 259 | size_t left; | |
260 | 260 | |||
261 | if (!wpa_s->wnmsleep_used) { | 261 | if (!wpa_s->wnmsleep_used) { | |
262 | wpa_printf(MSG_DEBUG, | 262 | wpa_printf(MSG_DEBUG, | |
263 | "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association"); | 263 | "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested"); | |
264 | return; | 264 | return; | |
265 | } | 265 | } | |
266 | 266 | |||
267 | if (len < 3) | 267 | if (len < 3) | |
268 | return; | 268 | return; | |
269 | key_len_total = WPA_GET_LE16(frm + 1); | 269 | key_len_total = WPA_GET_LE16(frm + 1); | |
270 | 270 | |||
271 | wpa_printf(MSG_DEBUG, "WNM-Sleep Mode Response token=%u key_len_total=%d", | 271 | wpa_printf(MSG_DEBUG, "WNM-Sleep Mode Response token=%u key_len_total=%d", | |
272 | frm[0], key_len_total); | 272 | frm[0], key_len_total); | |
273 | left = len - 3; | 273 | left = len - 3; | |
274 | if (key_len_total > left) { | 274 | if (key_len_total > left) { | |
275 | wpa_printf(MSG_INFO, "WNM: Too short frame for Key Data field"); | 275 | wpa_printf(MSG_INFO, "WNM: Too short frame for Key Data field"); | |
276 | return; | 276 | return; | |
@@ -289,26 +289,28 @@ static void ieee802_11_rx_wnmsleep_resp( | @@ -289,26 +289,28 @@ static void ieee802_11_rx_wnmsleep_resp( | |||
289 | if (!tfsresp_ie_start) | 289 | if (!tfsresp_ie_start) | |
290 | tfsresp_ie_start = pos; | 290 | tfsresp_ie_start = pos; | |
291 | tfsresp_ie_end = pos; | 291 | tfsresp_ie_end = pos; | |
292 | } else | 292 | } else | |
293 | wpa_printf(MSG_DEBUG, "EID %d not recognized", *pos); | 293 | wpa_printf(MSG_DEBUG, "EID %d not recognized", *pos); | |
294 | pos += ie_len + 2; | 294 | pos += ie_len + 2; | |
295 | } | 295 | } | |
296 | 296 | |||
297 | if (!wnmsleep_ie) { | 297 | if (!wnmsleep_ie) { | |
298 | wpa_printf(MSG_DEBUG, "No WNM-Sleep IE found"); | 298 | wpa_printf(MSG_DEBUG, "No WNM-Sleep IE found"); | |
299 | return; | 299 | return; | |
300 | } | 300 | } | |
301 | 301 | |||
302 | wpa_s->wnmsleep_used = 0; | |||
303 | ||||
302 | if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || | 304 | if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || | |
303 | wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { | 305 | wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { | |
304 | wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " | 306 | wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " | |
305 | "frame (action=%d, intval=%d)", | 307 | "frame (action=%d, intval=%d)", | |
306 | wnmsleep_ie->action_type, wnmsleep_ie->intval); | 308 | wnmsleep_ie->action_type, wnmsleep_ie->intval); | |
307 | if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_ENTER) { | 309 | if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_ENTER) { | |
308 | wnm_sleep_mode_enter_success(wpa_s, tfsresp_ie_start, | 310 | wnm_sleep_mode_enter_success(wpa_s, tfsresp_ie_start, | |
309 | tfsresp_ie_end); | 311 | tfsresp_ie_end); | |
310 | } else if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT) { | 312 | } else if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT) { | |
311 | wnm_sleep_mode_exit_success(wpa_s, frm, key_len_total); | 313 | wnm_sleep_mode_exit_success(wpa_s, frm, key_len_total); | |
312 | } | 314 | } | |
313 | } else { | 315 | } else { | |
314 | wpa_printf(MSG_DEBUG, "Reject recv WNM-Sleep Response frame " | 316 | wpa_printf(MSG_DEBUG, "Reject recv WNM-Sleep Response frame " |