Mon Oct 16 17:36:16 2017 UTC ()
apply patches from upstream, namely from https://w1.fi/security/2017-1/ :
rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch	02-Oct-2017 16:19 	6.1K
rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch	02-Oct-2017 16:19 	7.7K
rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch	02-Oct-2017 16:19 	6.7K
rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
02-Oct-2017 16:19 	2.5K
rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
02-Oct-2017 16:19 	1.9K
rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
02-Oct-2017 16:19 	4.2K
rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch	02-Oct-2017 16:19 	1.6K
rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch	02-Oct-2017 16:19 	2.7K

for CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080
 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088

(see
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
for details)


(spz)
diff -r1.1.1.7 -r1.2 src/external/bsd/wpa/dist/src/ap/ieee802_11.c
diff -r1.1.1.7 -r1.2 src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c
diff -r1.9 -r1.10 src/external/bsd/wpa/dist/src/ap/wpa_auth.c
diff -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/ap/wpa_auth.h
diff -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/ap/wpa_auth_i.h
diff -r1.2 -r1.3 src/external/bsd/wpa/dist/src/common/wpa_common.h
diff -r1.1.1.5 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/tdls.c
diff -r1.1.1.8 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/wpa.c
diff -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/wpa_ft.c
diff -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/wpa_i.h
diff -r1.3 -r1.4 src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c
cvs diff -r1.1.1.7 -r1.2 src/external/bsd/wpa/dist/src/ap/ieee802_11.c (expand / switch to unified diff)

--- src/external/bsd/wpa/dist/src/ap/ieee802_11.c 2016/11/21 16:42:50 1.1.1.7
+++ src/external/bsd/wpa/dist/src/ap/ieee802_11.c 2017/10/16 17:36:16 1.2
@@ -1831,63 +1831,73 @@ static void send_deauth(struct hostapd_d @@ -1831,63 +1831,73 @@ static void send_deauth(struct hostapd_d
1831 reply.u.deauth.reason_code = host_to_le16(reason_code); 1831 reply.u.deauth.reason_code = host_to_le16(reason_code);
1832 1832
1833 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0) 1833 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0)
1834 wpa_printf(MSG_INFO, "Failed to send deauth: %s", 1834 wpa_printf(MSG_INFO, "Failed to send deauth: %s",
1835 strerror(errno)); 1835 strerror(errno));
1836} 1836}
1837 1837
1838 1838
1839static int add_associated_sta(struct hostapd_data *hapd, 1839static int add_associated_sta(struct hostapd_data *hapd,
1840 struct sta_info *sta) 1840 struct sta_info *sta)
1841{ 1841{
1842 struct ieee80211_ht_capabilities ht_cap; 1842 struct ieee80211_ht_capabilities ht_cap;
1843 struct ieee80211_vht_capabilities vht_cap; 1843 struct ieee80211_vht_capabilities vht_cap;
 1844 int set = 1;
1844 1845
1845 /* 1846 /*
1846 * Remove the STA entry to ensure the STA PS state gets cleared and 1847 * Remove the STA entry to ensure the STA PS state gets cleared and
1847 * configuration gets updated. This is relevant for cases, such as 1848 * configuration gets updated. This is relevant for cases, such as
1848 * FT-over-the-DS, where a station re-associates back to the same AP but 1849 * FT-over-the-DS, where a station re-associates back to the same AP but
1849 * skips the authentication flow, or if working with a driver that 1850 * skips the authentication flow, or if working with a driver that
1850 * does not support full AP client state. 1851 * does not support full AP client state.
 1852 *
 1853 * Skip this if the STA has already completed FT reassociation and the
 1854 * TK has been configured since the TX/RX PN must not be reset to 0 for
 1855 * the same key.
1851 */ 1856 */
1852 if (!sta->added_unassoc) 1857 if (!sta->added_unassoc &&
 1858 (!(sta->flags & WLAN_STA_AUTHORIZED) ||
 1859 !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
1853 hostapd_drv_sta_remove(hapd, sta->addr); 1860 hostapd_drv_sta_remove(hapd, sta->addr);
 1861 wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
 1862 set = 0;
 1863 }
1854 1864
1855#ifdef CONFIG_IEEE80211N 1865#ifdef CONFIG_IEEE80211N
1856 if (sta->flags & WLAN_STA_HT) 1866 if (sta->flags & WLAN_STA_HT)
1857 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap); 1867 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap);
1858#endif /* CONFIG_IEEE80211N */ 1868#endif /* CONFIG_IEEE80211N */
1859#ifdef CONFIG_IEEE80211AC 1869#ifdef CONFIG_IEEE80211AC
1860 if (sta->flags & WLAN_STA_VHT) 1870 if (sta->flags & WLAN_STA_VHT)
1861 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap); 1871 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap);
1862#endif /* CONFIG_IEEE80211AC */ 1872#endif /* CONFIG_IEEE80211AC */
1863 1873
1864 /* 1874 /*
1865 * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags 1875 * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags
1866 * will be set when the ACK frame for the (Re)Association Response frame 1876 * will be set when the ACK frame for the (Re)Association Response frame
1867 * is processed (TX status driver event). 1877 * is processed (TX status driver event).
1868 */ 1878 */
1869 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability, 1879 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability,
1870 sta->supported_rates, sta->supported_rates_len, 1880 sta->supported_rates, sta->supported_rates_len,
1871 sta->listen_interval, 1881 sta->listen_interval,
1872 sta->flags & WLAN_STA_HT ? &ht_cap : NULL, 1882 sta->flags & WLAN_STA_HT ? &ht_cap : NULL,
1873 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, 1883 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
1874 sta->flags | WLAN_STA_ASSOC, sta->qosinfo, 1884 sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
1875 sta->vht_opmode, sta->p2p_ie ? 1 : 0, 1885 sta->vht_opmode, sta->p2p_ie ? 1 : 0,
1876 sta->added_unassoc)) { 1886 set)) {
1877 hostapd_logger(hapd, sta->addr, 1887 hostapd_logger(hapd, sta->addr,
1878 HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, 1888 HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
1879 "Could not %s STA to kernel driver", 1889 "Could not %s STA to kernel driver",
1880 sta->added_unassoc ? "set" : "add"); 1890 set ? "set" : "add");
1881 1891
1882 if (sta->added_unassoc) { 1892 if (sta->added_unassoc) {
1883 hostapd_drv_sta_remove(hapd, sta->addr); 1893 hostapd_drv_sta_remove(hapd, sta->addr);
1884 sta->added_unassoc = 0; 1894 sta->added_unassoc = 0;
1885 } 1895 }
1886 1896
1887 return -1; 1897 return -1;
1888 } 1898 }
1889 1899
1890 sta->added_unassoc = 0; 1900 sta->added_unassoc = 0;
1891 1901
1892 return 0; 1902 return 0;
1893} 1903}
cvs diff -r1.1.1.7 -r1.2 src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c (expand / switch to unified diff)

--- src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c 2016/11/21 16:42:50 1.1.1.7
+++ src/external/bsd/wpa/dist/src/ap/wpa_auth_ft.c 2017/10/16 17:36:16 1.2
@@ -770,38 +770,47 @@ void wpa_ft_install_ptk(struct wpa_state @@ -770,38 +770,47 @@ void wpa_ft_install_ptk(struct wpa_state
770{ 770{
771 enum wpa_alg alg; 771 enum wpa_alg alg;
772 int klen; 772 int klen;
773 773
774 /* MLME-SETKEYS.request(PTK) */ 774 /* MLME-SETKEYS.request(PTK) */
775 alg = wpa_cipher_to_alg(sm->pairwise); 775 alg = wpa_cipher_to_alg(sm->pairwise);
776 klen = wpa_cipher_key_len(sm->pairwise); 776 klen = wpa_cipher_key_len(sm->pairwise);
777 if (!wpa_cipher_valid_pairwise(sm->pairwise)) { 777 if (!wpa_cipher_valid_pairwise(sm->pairwise)) {
778 wpa_printf(MSG_DEBUG, "FT: Unknown pairwise alg 0x%x - skip " 778 wpa_printf(MSG_DEBUG, "FT: Unknown pairwise alg 0x%x - skip "
779 "PTK configuration", sm->pairwise); 779 "PTK configuration", sm->pairwise);
780 return; 780 return;
781 } 781 }
782 782
 783 if (sm->tk_already_set) {
 784 /* Must avoid TK reconfiguration to prevent clearing of TX/RX
 785 * PN in the driver */
 786 wpa_printf(MSG_DEBUG,
 787 "FT: Do not re-install same PTK to the driver");
 788 return;
 789 }
 790
783 /* FIX: add STA entry to kernel/driver here? The set_key will fail 791 /* FIX: add STA entry to kernel/driver here? The set_key will fail
784 * most likely without this.. At the moment, STA entry is added only 792 * most likely without this.. At the moment, STA entry is added only
785 * after association has been completed. This function will be called 793 * after association has been completed. This function will be called
786 * again after association to get the PTK configured, but that could be 794 * again after association to get the PTK configured, but that could be
787 * optimized by adding the STA entry earlier. 795 * optimized by adding the STA entry earlier.
788 */ 796 */
789 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0, 797 if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0,
790 sm->PTK.tk, klen)) 798 sm->PTK.tk, klen))
791 return; 799 return;
792 800
793 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ 801 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
794 sm->pairwise_set = TRUE; 802 sm->pairwise_set = TRUE;
 803 sm->tk_already_set = TRUE;
795} 804}
796 805
797 806
798static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, 807static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
799 const u8 *ies, size_t ies_len, 808 const u8 *ies, size_t ies_len,
800 u8 **resp_ies, size_t *resp_ies_len) 809 u8 **resp_ies, size_t *resp_ies_len)
801{ 810{
802 struct rsn_mdie *mdie; 811 struct rsn_mdie *mdie;
803 struct rsn_ftie *ftie; 812 struct rsn_ftie *ftie;
804 u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN]; 813 u8 pmk_r1[PMK_LEN], pmk_r1_name[WPA_PMK_NAME_LEN];
805 u8 ptk_name[WPA_PMK_NAME_LEN]; 814 u8 ptk_name[WPA_PMK_NAME_LEN];
806 struct wpa_auth_config *conf; 815 struct wpa_auth_config *conf;
807 struct wpa_ft_ies parse; 816 struct wpa_ft_ies parse;
@@ -888,26 +897,27 @@ static int wpa_ft_process_auth_req(struc @@ -888,26 +897,27 @@ static int wpa_ft_process_auth_req(struc
888 wpa_hexdump(MSG_DEBUG, "FT: Received SNonce", 897 wpa_hexdump(MSG_DEBUG, "FT: Received SNonce",
889 sm->SNonce, WPA_NONCE_LEN); 898 sm->SNonce, WPA_NONCE_LEN);
890 wpa_hexdump(MSG_DEBUG, "FT: Generated ANonce", 899 wpa_hexdump(MSG_DEBUG, "FT: Generated ANonce",
891 sm->ANonce, WPA_NONCE_LEN); 900 sm->ANonce, WPA_NONCE_LEN);
892 901
893 if (wpa_pmk_r1_to_ptk(pmk_r1, sm->SNonce, sm->ANonce, sm->addr, 902 if (wpa_pmk_r1_to_ptk(pmk_r1, sm->SNonce, sm->ANonce, sm->addr,
894 sm->wpa_auth->addr, pmk_r1_name, 903 sm->wpa_auth->addr, pmk_r1_name,
895 &sm->PTK, ptk_name, sm->wpa_key_mgmt, 904 &sm->PTK, ptk_name, sm->wpa_key_mgmt,
896 pairwise) < 0) 905 pairwise) < 0)
897 return WLAN_STATUS_UNSPECIFIED_FAILURE; 906 return WLAN_STATUS_UNSPECIFIED_FAILURE;
898 907
899 sm->pairwise = pairwise; 908 sm->pairwise = pairwise;
900 sm->PTK_valid = TRUE; 909 sm->PTK_valid = TRUE;
 910 sm->tk_already_set = FALSE;
901 wpa_ft_install_ptk(sm); 911 wpa_ft_install_ptk(sm);
902 912
903 buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + 913 buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
904 2 + FT_R1KH_ID_LEN + 200; 914 2 + FT_R1KH_ID_LEN + 200;
905 *resp_ies = os_zalloc(buflen); 915 *resp_ies = os_zalloc(buflen);
906 if (*resp_ies == NULL) { 916 if (*resp_ies == NULL) {
907 return WLAN_STATUS_UNSPECIFIED_FAILURE; 917 return WLAN_STATUS_UNSPECIFIED_FAILURE;
908 } 918 }
909 919
910 pos = *resp_ies; 920 pos = *resp_ies;
911 end = *resp_ies + buflen; 921 end = *resp_ies + buflen;
912 922
913 ret = wpa_write_rsn_ie(conf, pos, end - pos, parse.rsn_pmkid); 923 ret = wpa_write_rsn_ie(conf, pos, end - pos, parse.rsn_pmkid);
cvs diff -r1.9 -r1.10 src/external/bsd/wpa/dist/src/ap/wpa_auth.c (expand / switch to unified diff)

--- src/external/bsd/wpa/dist/src/ap/wpa_auth.c 2016/11/21 20:15:17 1.9
+++ src/external/bsd/wpa/dist/src/ap/wpa_auth.c 2017/10/16 17:36:16 1.10
@@ -1735,26 +1735,29 @@ int wpa_auth_sm_event(struct wpa_state_m @@ -1735,26 +1735,29 @@ int wpa_auth_sm_event(struct wpa_state_m
1735 break; 1735 break;
1736 case WPA_ASSOC_FT: 1736 case WPA_ASSOC_FT:
1737#ifdef CONFIG_IEEE80211R 1737#ifdef CONFIG_IEEE80211R
1738 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration " 1738 wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
1739 "after association"); 1739 "after association");
1740 wpa_ft_install_ptk(sm); 1740 wpa_ft_install_ptk(sm);
1741 1741
1742 /* Using FT protocol, not WPA auth state machine */ 1742 /* Using FT protocol, not WPA auth state machine */
1743 sm->ft_completed = 1; 1743 sm->ft_completed = 1;
1744 return 0; 1744 return 0;
1745#else /* CONFIG_IEEE80211R */ 1745#else /* CONFIG_IEEE80211R */
1746 break; 1746 break;
1747#endif /* CONFIG_IEEE80211R */ 1747#endif /* CONFIG_IEEE80211R */
 1748 case WPA_DRV_STA_REMOVED:
 1749 sm->tk_already_set = FALSE;
 1750 return 0;
1748 } 1751 }
1749 1752
1750#ifdef CONFIG_IEEE80211R 1753#ifdef CONFIG_IEEE80211R
1751 sm->ft_completed = 0; 1754 sm->ft_completed = 0;
1752#endif /* CONFIG_IEEE80211R */ 1755#endif /* CONFIG_IEEE80211R */
1753 1756
1754#ifdef CONFIG_IEEE80211W 1757#ifdef CONFIG_IEEE80211W
1755 if (sm->mgmt_frame_prot && event == WPA_AUTH) 1758 if (sm->mgmt_frame_prot && event == WPA_AUTH)
1756 remove_ptk = 0; 1759 remove_ptk = 0;
1757#endif /* CONFIG_IEEE80211W */ 1760#endif /* CONFIG_IEEE80211W */
1758 1761
1759 if (remove_ptk) { 1762 if (remove_ptk) {
1760 sm->PTK_valid = FALSE; 1763 sm->PTK_valid = FALSE;
@@ -1888,26 +1891,41 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) @@ -1888,26 +1891,41 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
1888 sm->Disconnect = TRUE; 1891 sm->Disconnect = TRUE;
1889 return; 1892 return;
1890 } 1893 }
1891 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce, 1894 wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
1892 WPA_NONCE_LEN); 1895 WPA_NONCE_LEN);
1893 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more 1896 /* IEEE 802.11i does not clear TimeoutCtr here, but this is more
1894 * logical place than INITIALIZE since AUTHENTICATION2 can be 1897 * logical place than INITIALIZE since AUTHENTICATION2 can be
1895 * re-entered on ReAuthenticationRequest without going through 1898 * re-entered on ReAuthenticationRequest without going through
1896 * INITIALIZE. */ 1899 * INITIALIZE. */
1897 sm->TimeoutCtr = 0; 1900 sm->TimeoutCtr = 0;
1898} 1901}
1899 1902
1900 1903
 1904static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
 1905{
 1906 if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
 1907 wpa_printf(MSG_ERROR,
 1908 "WPA: Failed to get random data for ANonce");
 1909 sm->Disconnect = TRUE;
 1910 return -1;
 1911 }
 1912 wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
 1913 WPA_NONCE_LEN);
 1914 sm->TimeoutCtr = 0;
 1915 return 0;
 1916}
 1917
 1918
1901SM_STATE(WPA_PTK, INITPMK) 1919SM_STATE(WPA_PTK, INITPMK)
1902{ 1920{
1903 u8 msk[2 * PMK_LEN]; 1921 u8 msk[2 * PMK_LEN];
1904 size_t len = 2 * PMK_LEN; 1922 size_t len = 2 * PMK_LEN;
1905 1923
1906 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk); 1924 SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk);
1907#ifdef CONFIG_IEEE80211R 1925#ifdef CONFIG_IEEE80211R
1908 sm->xxkey_len = 0; 1926 sm->xxkey_len = 0;
1909#endif /* CONFIG_IEEE80211R */ 1927#endif /* CONFIG_IEEE80211R */
1910 if (sm->pmksa) { 1928 if (sm->pmksa) {
1911 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache"); 1929 wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache");
1912 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len); 1930 os_memcpy(sm->PMK, sm->pmksa->pmk, sm->pmksa->pmk_len);
1913 sm->pmk_len = sm->pmksa->pmk_len; 1931 sm->pmk_len = sm->pmksa->pmk_len;
@@ -2445,29 +2463,32 @@ SM_STEP(WPA_PTK) @@ -2445,29 +2463,32 @@ SM_STEP(WPA_PTK)
2445 SM_ENTER(WPA_PTK, INITIALIZE); 2463 SM_ENTER(WPA_PTK, INITIALIZE);
2446 else if (sm->Disconnect 2464 else if (sm->Disconnect
2447 /* || FIX: dot11RSNAConfigSALifetime timeout */) { 2465 /* || FIX: dot11RSNAConfigSALifetime timeout */) {
2448 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, 2466 wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
2449 "WPA_PTK: sm->Disconnect"); 2467 "WPA_PTK: sm->Disconnect");
2450 SM_ENTER(WPA_PTK, DISCONNECT); 2468 SM_ENTER(WPA_PTK, DISCONNECT);
2451 } 2469 }
2452 else if (sm->DeauthenticationRequest) 2470 else if (sm->DeauthenticationRequest)
2453 SM_ENTER(WPA_PTK, DISCONNECTED); 2471 SM_ENTER(WPA_PTK, DISCONNECTED);
2454 else if (sm->AuthenticationRequest) 2472 else if (sm->AuthenticationRequest)
2455 SM_ENTER(WPA_PTK, AUTHENTICATION); 2473 SM_ENTER(WPA_PTK, AUTHENTICATION);
2456 else if (sm->ReAuthenticationRequest) 2474 else if (sm->ReAuthenticationRequest)
2457 SM_ENTER(WPA_PTK, AUTHENTICATION2); 2475 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2458 else if (sm->PTKRequest) 2476 else if (sm->PTKRequest) {
2459 SM_ENTER(WPA_PTK, PTKSTART); 2477 if (wpa_auth_sm_ptk_update(sm) < 0)
2460 else switch (sm->wpa_ptk_state) { 2478 SM_ENTER(WPA_PTK, DISCONNECTED);
 2479 else
 2480 SM_ENTER(WPA_PTK, PTKSTART);
 2481 } else switch (sm->wpa_ptk_state) {
2461 case WPA_PTK_INITIALIZE: 2482 case WPA_PTK_INITIALIZE:
2462 break; 2483 break;
2463 case WPA_PTK_DISCONNECT: 2484 case WPA_PTK_DISCONNECT:
2464 SM_ENTER(WPA_PTK, DISCONNECTED); 2485 SM_ENTER(WPA_PTK, DISCONNECTED);
2465 break; 2486 break;
2466 case WPA_PTK_DISCONNECTED: 2487 case WPA_PTK_DISCONNECTED:
2467 SM_ENTER(WPA_PTK, INITIALIZE); 2488 SM_ENTER(WPA_PTK, INITIALIZE);
2468 break; 2489 break;
2469 case WPA_PTK_AUTHENTICATION: 2490 case WPA_PTK_AUTHENTICATION:
2470 SM_ENTER(WPA_PTK, AUTHENTICATION2); 2491 SM_ENTER(WPA_PTK, AUTHENTICATION2);
2471 break; 2492 break;
2472 case WPA_PTK_AUTHENTICATION2: 2493 case WPA_PTK_AUTHENTICATION2:
2473 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) && 2494 if (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) &&
@@ -3240,26 +3261,34 @@ int wpa_auth_sta_key_mgmt(struct wpa_sta @@ -3240,26 +3261,34 @@ int wpa_auth_sta_key_mgmt(struct wpa_sta
3240 return -1; 3261 return -1;
3241 return sm->wpa_key_mgmt; 3262 return sm->wpa_key_mgmt;
3242} 3263}
3243 3264
3244 3265
3245int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) 3266int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
3246{ 3267{
3247 if (sm == NULL) 3268 if (sm == NULL)
3248 return 0; 3269 return 0;
3249 return sm->wpa; 3270 return sm->wpa;
3250} 3271}
3251 3272
3252 3273
 3274int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
 3275{
 3276 if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
 3277 return 0;
 3278 return sm->tk_already_set;
 3279}
 3280
 3281
3253int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, 3282int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
3254 struct rsn_pmksa_cache_entry *entry) 3283 struct rsn_pmksa_cache_entry *entry)
3255{ 3284{
3256 if (sm == NULL || sm->pmksa != entry) 3285 if (sm == NULL || sm->pmksa != entry)
3257 return -1; 3286 return -1;
3258 sm->pmksa = NULL; 3287 sm->pmksa = NULL;
3259 return 0; 3288 return 0;
3260} 3289}
3261 3290
3262 3291
3263struct rsn_pmksa_cache_entry * 3292struct rsn_pmksa_cache_entry *
3264wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm) 3293wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm)
3265{ 3294{
cvs diff -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/ap/wpa_auth.h (expand / switch to unified diff)

--- src/external/bsd/wpa/dist/src/ap/wpa_auth.h 2016/11/21 16:42:50 1.1.1.6
+++ src/external/bsd/wpa/dist/src/ap/wpa_auth.h 2017/10/16 17:36:16 1.2
@@ -257,39 +257,40 @@ int wpa_validate_osen(struct wpa_authent @@ -257,39 +257,40 @@ int wpa_validate_osen(struct wpa_authent
257int wpa_auth_uses_mfp(struct wpa_state_machine *sm); 257int wpa_auth_uses_mfp(struct wpa_state_machine *sm);
258struct wpa_state_machine * 258struct wpa_state_machine *
259wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr, 259wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr,
260 const u8 *p2p_dev_addr); 260 const u8 *p2p_dev_addr);
261int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, 261int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
262 struct wpa_state_machine *sm); 262 struct wpa_state_machine *sm);
263void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm); 263void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm);
264void wpa_auth_sta_deinit(struct wpa_state_machine *sm); 264void wpa_auth_sta_deinit(struct wpa_state_machine *sm);
265void wpa_receive(struct wpa_authenticator *wpa_auth, 265void wpa_receive(struct wpa_authenticator *wpa_auth,
266 struct wpa_state_machine *sm, 266 struct wpa_state_machine *sm,
267 u8 *data, size_t data_len); 267 u8 *data, size_t data_len);
268enum wpa_event { 268enum wpa_event {
269 WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, 269 WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
270 WPA_REAUTH_EAPOL, WPA_ASSOC_FT 270 WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
271}; 271};
272void wpa_remove_ptk(struct wpa_state_machine *sm); 272void wpa_remove_ptk(struct wpa_state_machine *sm);
273int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); 273int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
274void wpa_auth_sm_notify(struct wpa_state_machine *sm); 274void wpa_auth_sm_notify(struct wpa_state_machine *sm);
275void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth); 275void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth);
276int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen); 276int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen);
277int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen); 277int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen);
278void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth); 278void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth);
279int wpa_auth_pairwise_set(struct wpa_state_machine *sm); 279int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
280int wpa_auth_get_pairwise(struct wpa_state_machine *sm); 280int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
281int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); 281int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
282int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); 282int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
 283int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
283int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, 284int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
284 struct rsn_pmksa_cache_entry *entry); 285 struct rsn_pmksa_cache_entry *entry);
285struct rsn_pmksa_cache_entry * 286struct rsn_pmksa_cache_entry *
286wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm); 287wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm);
287void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm); 288void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm);
288const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, 289const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth,
289 size_t *len); 290 size_t *len);
290int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, 291int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
291 unsigned int pmk_len, 292 unsigned int pmk_len,
292 int session_timeout, struct eapol_state_machine *eapol); 293 int session_timeout, struct eapol_state_machine *eapol);
293int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, 294int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth,
294 const u8 *pmk, size_t len, const u8 *sta_addr, 295 const u8 *pmk, size_t len, const u8 *sta_addr,
295 int session_timeout, 296 int session_timeout,
cvs diff -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/ap/wpa_auth_i.h (expand / switch to unified diff)

--- src/external/bsd/wpa/dist/src/ap/wpa_auth_i.h 2016/11/21 16:42:50 1.1.1.6
+++ src/external/bsd/wpa/dist/src/ap/wpa_auth_i.h 2017/10/16 17:36:16 1.2
@@ -55,26 +55,27 @@ struct wpa_state_machine { @@ -55,26 +55,27 @@ struct wpa_state_machine {
55 Boolean EAPOLKeyPairwise; 55 Boolean EAPOLKeyPairwise;
56 Boolean EAPOLKeyRequest; 56 Boolean EAPOLKeyRequest;
57 Boolean MICVerified; 57 Boolean MICVerified;
58 Boolean GUpdateStationKeys; 58 Boolean GUpdateStationKeys;
59 u8 ANonce[WPA_NONCE_LEN]; 59 u8 ANonce[WPA_NONCE_LEN];
60 u8 SNonce[WPA_NONCE_LEN]; 60 u8 SNonce[WPA_NONCE_LEN];
61 u8 alt_SNonce[WPA_NONCE_LEN]; 61 u8 alt_SNonce[WPA_NONCE_LEN];
62 u8 alt_replay_counter[WPA_REPLAY_COUNTER_LEN]; 62 u8 alt_replay_counter[WPA_REPLAY_COUNTER_LEN];
63 u8 PMK[PMK_LEN_MAX]; 63 u8 PMK[PMK_LEN_MAX];
64 unsigned int pmk_len; 64 unsigned int pmk_len;
65 struct wpa_ptk PTK; 65 struct wpa_ptk PTK;
66 Boolean PTK_valid; 66 Boolean PTK_valid;
67 Boolean pairwise_set; 67 Boolean pairwise_set;
 68 Boolean tk_already_set;
68 int keycount; 69 int keycount;
69 Boolean Pair; 70 Boolean Pair;
70 struct wpa_key_replay_counter { 71 struct wpa_key_replay_counter {
71 u8 counter[WPA_REPLAY_COUNTER_LEN]; 72 u8 counter[WPA_REPLAY_COUNTER_LEN];
72 Boolean valid; 73 Boolean valid;
73 } key_replay[RSNA_MAX_EAPOL_RETRIES], 74 } key_replay[RSNA_MAX_EAPOL_RETRIES],
74 prev_key_replay[RSNA_MAX_EAPOL_RETRIES]; 75 prev_key_replay[RSNA_MAX_EAPOL_RETRIES];
75 Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i */ 76 Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i */
76 Boolean PTKRequest; /* not in IEEE 802.11i state machine */ 77 Boolean PTKRequest; /* not in IEEE 802.11i state machine */
77 Boolean has_GTK; 78 Boolean has_GTK;
78 Boolean PtkGroupInit; /* init request for PTK Group state machine */ 79 Boolean PtkGroupInit; /* init request for PTK Group state machine */
79 80
80 u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */ 81 u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */
cvs diff -r1.2 -r1.3 src/external/bsd/wpa/dist/src/common/wpa_common.h (expand / switch to unified diff)

--- src/external/bsd/wpa/dist/src/common/wpa_common.h 2017/01/12 19:15:10 1.2
+++ src/external/bsd/wpa/dist/src/common/wpa_common.h 2017/10/16 17:36:16 1.3
@@ -208,28 +208,40 @@ struct wpa_eapol_key_192 { @@ -208,28 +208,40 @@ struct wpa_eapol_key_192 {
208#define WPA_TK_MAX_LEN 32 208#define WPA_TK_MAX_LEN 32
209 209
210/** 210/**
211 * struct wpa_ptk - WPA Pairwise Transient Key 211 * struct wpa_ptk - WPA Pairwise Transient Key
212 * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy 212 * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
213 */ 213 */
214struct wpa_ptk { 214struct wpa_ptk {
215 u8 kck[WPA_KCK_MAX_LEN]; /* EAPOL-Key Key Confirmation Key (KCK) */ 215 u8 kck[WPA_KCK_MAX_LEN]; /* EAPOL-Key Key Confirmation Key (KCK) */
216 u8 kek[WPA_KEK_MAX_LEN]; /* EAPOL-Key Key Encryption Key (KEK) */ 216 u8 kek[WPA_KEK_MAX_LEN]; /* EAPOL-Key Key Encryption Key (KEK) */
217 u8 tk[WPA_TK_MAX_LEN]; /* Temporal Key (TK) */ 217 u8 tk[WPA_TK_MAX_LEN]; /* Temporal Key (TK) */
218 size_t kck_len; 218 size_t kck_len;
219 size_t kek_len; 219 size_t kek_len;
220 size_t tk_len; 220 size_t tk_len;
 221 int installed; /* 1 if key has already been installed to driver */
221}; 222};
222 223
 224struct wpa_gtk {
 225 u8 gtk[WPA_GTK_MAX_LEN];
 226 size_t gtk_len;
 227};
 228
 229#ifdef CONFIG_IEEE80211W
 230struct wpa_igtk {
 231 u8 igtk[WPA_IGTK_MAX_LEN];
 232 size_t igtk_len;
 233};
 234#endif /* CONFIG_IEEE80211W */
223 235
224/* WPA IE version 1 236/* WPA IE version 1
225 * 00-50-f2:1 (OUI:OUI type) 237 * 00-50-f2:1 (OUI:OUI type)
226 * 0x01 0x00 (version; little endian) 238 * 0x01 0x00 (version; little endian)
227 * (all following fields are optional:) 239 * (all following fields are optional:)
228 * Group Suite Selector (4 octets) (default: TKIP) 240 * Group Suite Selector (4 octets) (default: TKIP)
229 * Pairwise Suite Count (2 octets, little endian) (default: 1) 241 * Pairwise Suite Count (2 octets, little endian) (default: 1)
230 * Pairwise Suite List (4 * n octets) (default: TKIP) 242 * Pairwise Suite List (4 * n octets) (default: TKIP)
231 * Authenticated Key Management Suite Count (2 octets, little endian) 243 * Authenticated Key Management Suite Count (2 octets, little endian)
232 * (default: 1) 244 * (default: 1)
233 * Authenticated Key Management Suite List (4 * n octets) 245 * Authenticated Key Management Suite List (4 * n octets)
234 * (default: unspec 802.1X) 246 * (default: unspec 802.1X)
235 * WPA Capabilities (2 octets, little endian) (default: 0) 247 * WPA Capabilities (2 octets, little endian) (default: 0)
cvs diff -r1.1.1.5 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/tdls.c (expand / switch to unified diff)

--- src/external/bsd/wpa/dist/src/rsn_supp/tdls.c 2016/11/21 16:42:49 1.1.1.5
+++ src/external/bsd/wpa/dist/src/rsn_supp/tdls.c 2017/10/16 17:36:16 1.2
@@ -102,26 +102,27 @@ struct wpa_tdls_peer { @@ -102,26 +102,27 @@ struct wpa_tdls_peer {
102 u8 rsnie_i[TDLS_MAX_IE_LEN]; /* Initiator RSN IE */ 102 u8 rsnie_i[TDLS_MAX_IE_LEN]; /* Initiator RSN IE */
103 size_t rsnie_i_len; 103 size_t rsnie_i_len;
104 u8 rsnie_p[TDLS_MAX_IE_LEN]; /* Peer RSN IE */ 104 u8 rsnie_p[TDLS_MAX_IE_LEN]; /* Peer RSN IE */
105 size_t rsnie_p_len; 105 size_t rsnie_p_len;
106 u32 lifetime; 106 u32 lifetime;
107 int cipher; /* Selected cipher (WPA_CIPHER_*) */ 107 int cipher; /* Selected cipher (WPA_CIPHER_*) */
108 u8 dtoken; 108 u8 dtoken;
109 109
110 struct tpk { 110 struct tpk {
111 u8 kck[16]; /* TPK-KCK */ 111 u8 kck[16]; /* TPK-KCK */
112 u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ 112 u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
113 } tpk; 113 } tpk;
114 int tpk_set; 114 int tpk_set;
 115 int tk_set; /* TPK-TK configured to the driver */
115 int tpk_success; 116 int tpk_success;
116 int tpk_in_progress; 117 int tpk_in_progress;
117 118
118 struct tpk_timer { 119 struct tpk_timer {
119 u8 dest[ETH_ALEN]; 120 u8 dest[ETH_ALEN];
120 int count; /* Retry Count */ 121 int count; /* Retry Count */
121 int timer; /* Timeout in milliseconds */ 122 int timer; /* Timeout in milliseconds */
122 u8 action_code; /* TDLS frame type */ 123 u8 action_code; /* TDLS frame type */
123 u8 dialog_token; 124 u8 dialog_token;
124 u16 status_code; 125 u16 status_code;
125 u32 peer_capab; 126 u32 peer_capab;
126 int buf_len; /* length of TPK message for retransmission */ 127 int buf_len; /* length of TPK message for retransmission */
127 u8 *buf; /* buffer for TPK message */ 128 u8 *buf; /* buffer for TPK message */
@@ -182,49 +183,66 @@ static int wpa_tdls_del_key(struct wpa_s @@ -182,49 +183,66 @@ static int wpa_tdls_del_key(struct wpa_s
182 return -1; 183 return -1;
183 } 184 }
184 185
185 return 0; 186 return 0;
186} 187}
187 188
188 189
189static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) 190static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
190{ 191{
191 u8 key_len; 192 u8 key_len;
192 u8 rsc[6]; 193 u8 rsc[6];
193 enum wpa_alg alg; 194 enum wpa_alg alg;
194 195
 196 if (peer->tk_set) {
 197 /*
 198 * This same TPK-TK has already been configured to the driver
 199 * and this new configuration attempt (likely due to an
 200 * unexpected retransmitted frame) would result in clearing
 201 * the TX/RX sequence number which can break security, so must
 202 * not allow that to happen.
 203 */
 204 wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
 205 " has already been configured to the driver - do not reconfigure",
 206 MAC2STR(peer->addr));
 207 return -1;
 208 }
 209
195 os_memset(rsc, 0, 6); 210 os_memset(rsc, 0, 6);
196 211
197 switch (peer->cipher) { 212 switch (peer->cipher) {
198 case WPA_CIPHER_CCMP: 213 case WPA_CIPHER_CCMP:
199 alg = WPA_ALG_CCMP; 214 alg = WPA_ALG_CCMP;
200 key_len = 16; 215 key_len = 16;
201 break; 216 break;
202 case WPA_CIPHER_NONE: 217 case WPA_CIPHER_NONE:
203 wpa_printf(MSG_DEBUG, "TDLS: Pairwise Cipher Suite: " 218 wpa_printf(MSG_DEBUG, "TDLS: Pairwise Cipher Suite: "
204 "NONE - do not use pairwise keys"); 219 "NONE - do not use pairwise keys");
205 return -1; 220 return -1;
206 default: 221 default:
207 wpa_printf(MSG_WARNING, "TDLS: Unsupported pairwise cipher %d", 222 wpa_printf(MSG_WARNING, "TDLS: Unsupported pairwise cipher %d",
208 sm->pairwise_cipher); 223 sm->pairwise_cipher);
209 return -1; 224 return -1;
210 } 225 }
211 226
 227 wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
 228 MAC2STR(peer->addr));
212 if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, 229 if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
213 rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { 230 rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
214 wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " 231 wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
215 "driver"); 232 "driver");
216 return -1; 233 return -1;
217 } 234 }
 235 peer->tk_set = 1;
218 return 0; 236 return 0;
219} 237}
220 238
221 239
222static int wpa_tdls_send_tpk_msg(struct wpa_sm *sm, const u8 *dst, 240static int wpa_tdls_send_tpk_msg(struct wpa_sm *sm, const u8 *dst,
223 u8 action_code, u8 dialog_token, 241 u8 action_code, u8 dialog_token,
224 u16 status_code, u32 peer_capab, 242 u16 status_code, u32 peer_capab,
225 int initiator, const u8 *buf, size_t len) 243 int initiator, const u8 *buf, size_t len)
226{ 244{
227 return wpa_sm_send_tdls_mgmt(sm, dst, action_code, dialog_token, 245 return wpa_sm_send_tdls_mgmt(sm, dst, action_code, dialog_token,
228 status_code, peer_capab, initiator, buf, 246 status_code, peer_capab, initiator, buf,
229 len); 247 len);
230} 248}
@@ -686,27 +704,27 @@ static void wpa_tdls_peer_clear(struct w @@ -686,27 +704,27 @@ static void wpa_tdls_peer_clear(struct w
686 peer->ht_capabilities = NULL; 704 peer->ht_capabilities = NULL;
687 os_free(peer->vht_capabilities); 705 os_free(peer->vht_capabilities);
688 peer->vht_capabilities = NULL; 706 peer->vht_capabilities = NULL;
689 os_free(peer->ext_capab); 707 os_free(peer->ext_capab);
690 peer->ext_capab = NULL; 708 peer->ext_capab = NULL;
691 os_free(peer->supp_channels); 709 os_free(peer->supp_channels);
692 peer->supp_channels = NULL; 710 peer->supp_channels = NULL;
693 os_free(peer->supp_oper_classes); 711 os_free(peer->supp_oper_classes);
694 peer->supp_oper_classes = NULL; 712 peer->supp_oper_classes = NULL;
695 peer->rsnie_i_len = peer->rsnie_p_len = 0; 713 peer->rsnie_i_len = peer->rsnie_p_len = 0;
696 peer->cipher = 0; 714 peer->cipher = 0;
697 peer->qos_info = 0; 715 peer->qos_info = 0;
698 peer->wmm_capable = 0; 716 peer->wmm_capable = 0;
699 peer->tpk_set = peer->tpk_success = 0; 717 peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
700 peer->chan_switch_enabled = 0; 718 peer->chan_switch_enabled = 0;
701 os_memset(&peer->tpk, 0, sizeof(peer->tpk)); 719 os_memset(&peer->tpk, 0, sizeof(peer->tpk));
702 os_memset(peer->inonce, 0, WPA_NONCE_LEN); 720 os_memset(peer->inonce, 0, WPA_NONCE_LEN);
703 os_memset(peer->rnonce, 0, WPA_NONCE_LEN); 721 os_memset(peer->rnonce, 0, WPA_NONCE_LEN);
704} 722}
705 723
706 724
707static void wpa_tdls_peer_free(struct wpa_sm *sm, struct wpa_tdls_peer *peer) 725static void wpa_tdls_peer_free(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
708{ 726{
709 wpa_tdls_peer_clear(sm, peer); 727 wpa_tdls_peer_clear(sm, peer);
710 wpa_tdls_peer_remove_from_list(sm, peer); 728 wpa_tdls_peer_remove_from_list(sm, peer);
711 os_free(peer); 729 os_free(peer);
712} 730}
@@ -1149,26 +1167,27 @@ skip_rsnie: @@ -1149,26 +1167,27 @@ skip_rsnie:
1149 pos = wpa_add_ie(pos, peer->rsnie_i, peer->rsnie_i_len); 1167 pos = wpa_add_ie(pos, peer->rsnie_i, peer->rsnie_i_len);
1150 1168
1151 ftie = (struct wpa_tdls_ftie *) pos; 1169 ftie = (struct wpa_tdls_ftie *) pos;
1152 ftie->ie_type = WLAN_EID_FAST_BSS_TRANSITION; 1170 ftie->ie_type = WLAN_EID_FAST_BSS_TRANSITION;
1153 ftie->ie_len = sizeof(struct wpa_tdls_ftie) - 2; 1171 ftie->ie_len = sizeof(struct wpa_tdls_ftie) - 2;
1154 1172
1155 if (os_get_random(peer->inonce, WPA_NONCE_LEN)) { 1173 if (os_get_random(peer->inonce, WPA_NONCE_LEN)) {
1156 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 1174 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1157 "TDLS: Failed to get random data for initiator Nonce"); 1175 "TDLS: Failed to get random data for initiator Nonce");
1158 os_free(rbuf); 1176 os_free(rbuf);
1159 wpa_tdls_peer_free(sm, peer); 1177 wpa_tdls_peer_free(sm, peer);
1160 return -1; 1178 return -1;
1161 } 1179 }
 1180 peer->tk_set = 0; /* A new nonce results in a new TK */
1162 wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", 1181 wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
1163 peer->inonce, WPA_NONCE_LEN); 1182 peer->inonce, WPA_NONCE_LEN);
1164 os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); 1183 os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
1165 1184
1166 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE for TPK Handshake M1", 1185 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE for TPK Handshake M1",
1167 (u8 *) ftie, sizeof(struct wpa_tdls_ftie)); 1186 (u8 *) ftie, sizeof(struct wpa_tdls_ftie));
1168 1187
1169 pos = (u8 *) (ftie + 1); 1188 pos = (u8 *) (ftie + 1);
1170 1189
1171#ifdef CONFIG_TDLS_TESTING 1190#ifdef CONFIG_TDLS_TESTING
1172 if (tdls_testing & TDLS_TESTING_LONG_FRAME) { 1191 if (tdls_testing & TDLS_TESTING_LONG_FRAME) {
1173 wpa_printf(MSG_DEBUG, "TDLS: Testing - add extra subelem to " 1192 wpa_printf(MSG_DEBUG, "TDLS: Testing - add extra subelem to "
1174 "FTIE"); 1193 "FTIE");
@@ -1741,26 +1760,39 @@ static int wpa_tdls_addset_peer(struct w @@ -1741,26 +1760,39 @@ static int wpa_tdls_addset_peer(struct w
1741 peer->capability, 1760 peer->capability,
1742 peer->supp_rates, peer->supp_rates_len, 1761 peer->supp_rates, peer->supp_rates_len,
1743 peer->ht_capabilities, 1762 peer->ht_capabilities,
1744 peer->vht_capabilities, 1763 peer->vht_capabilities,
1745 peer->qos_info, peer->wmm_capable, 1764 peer->qos_info, peer->wmm_capable,
1746 peer->ext_capab, peer->ext_capab_len, 1765 peer->ext_capab, peer->ext_capab_len,
1747 peer->supp_channels, 1766 peer->supp_channels,
1748 peer->supp_channels_len, 1767 peer->supp_channels_len,
1749 peer->supp_oper_classes, 1768 peer->supp_oper_classes,
1750 peer->supp_oper_classes_len); 1769 peer->supp_oper_classes_len);
1751} 1770}
1752 1771
1753 1772
 1773static int tdls_nonce_set(const u8 *nonce)
 1774{
 1775 int i;
 1776
 1777 for (i = 0; i < WPA_NONCE_LEN; i++) {
 1778 if (nonce[i])
 1779 return 1;
 1780 }
 1781
 1782 return 0;
 1783}
 1784
 1785
1754static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, 1786static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
1755 const u8 *buf, size_t len) 1787 const u8 *buf, size_t len)
1756{ 1788{
1757 struct wpa_tdls_peer *peer; 1789 struct wpa_tdls_peer *peer;
1758 struct wpa_eapol_ie_parse kde; 1790 struct wpa_eapol_ie_parse kde;
1759 struct wpa_ie_data ie; 1791 struct wpa_ie_data ie;
1760 int cipher; 1792 int cipher;
1761 const u8 *cpos; 1793 const u8 *cpos;
1762 struct wpa_tdls_ftie *ftie = NULL; 1794 struct wpa_tdls_ftie *ftie = NULL;
1763 struct wpa_tdls_timeoutie *timeoutie; 1795 struct wpa_tdls_timeoutie *timeoutie;
1764 struct wpa_tdls_lnkid *lnkid; 1796 struct wpa_tdls_lnkid *lnkid;
1765 u32 lifetime = 0; 1797 u32 lifetime = 0;
1766#if 0 1798#if 0
@@ -1994,42 +2026,44 @@ skip_rsn: @@ -1994,42 +2026,44 @@ skip_rsn:
1994 2026
1995 if (!wpa_tdls_get_privacy(sm)) { 2027 if (!wpa_tdls_get_privacy(sm)) {
1996 peer->rsnie_i_len = 0; 2028 peer->rsnie_i_len = 0;
1997 peer->rsnie_p_len = 0; 2029 peer->rsnie_p_len = 0;
1998 peer->cipher = WPA_CIPHER_NONE; 2030 peer->cipher = WPA_CIPHER_NONE;
1999 goto skip_rsn_check; 2031 goto skip_rsn_check;
2000 } 2032 }
2001 2033
2002 ftie = (struct wpa_tdls_ftie *) kde.ftie; 2034 ftie = (struct wpa_tdls_ftie *) kde.ftie;
2003 os_memcpy(peer->rsnie_i, kde.rsn_ie, kde.rsn_ie_len); 2035 os_memcpy(peer->rsnie_i, kde.rsn_ie, kde.rsn_ie_len);
2004 peer->rsnie_i_len = kde.rsn_ie_len; 2036 peer->rsnie_i_len = kde.rsn_ie_len;
2005 peer->cipher = cipher; 2037 peer->cipher = cipher;
2006 2038
2007 if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { 2039 if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
 2040 !tdls_nonce_set(peer->inonce)) {
2008 /* 2041 /*
2009 * There is no point in updating the RNonce for every obtained 2042 * There is no point in updating the RNonce for every obtained
2010 * TPK M1 frame (e.g., retransmission due to timeout) with the 2043 * TPK M1 frame (e.g., retransmission due to timeout) with the
2011 * same INonce (SNonce in FTIE). However, if the TPK M1 is 2044 * same INonce (SNonce in FTIE). However, if the TPK M1 is
2012 * retransmitted with a different INonce, update the RNonce 2045 * retransmitted with a different INonce, update the RNonce
2013 * since this is for a new TDLS session. 2046 * since this is for a new TDLS session.
2014 */ 2047 */
2015 wpa_printf(MSG_DEBUG, 2048 wpa_printf(MSG_DEBUG,
2016 "TDLS: New TPK M1 INonce - generate new RNonce"); 2049 "TDLS: New TPK M1 INonce - generate new RNonce");
2017 os_memcpy(peer->inonce, ftie->Snonce, WPA_NONCE_LEN); 2050 os_memcpy(peer->inonce, ftie->Snonce, WPA_NONCE_LEN);
2018 if (os_get_random(peer->rnonce, WPA_NONCE_LEN)) { 2051 if (os_get_random(peer->rnonce, WPA_NONCE_LEN)) {
2019 wpa_msg(sm->ctx->ctx, MSG_WARNING, 2052 wpa_msg(sm->ctx->ctx, MSG_WARNING,
2020 "TDLS: Failed to get random data for responder nonce"); 2053 "TDLS: Failed to get random data for responder nonce");
2021 goto error; 2054 goto error;
2022 } 2055 }
 2056 peer->tk_set = 0; /* A new nonce results in a new TK */
2023 } 2057 }
2024 2058
2025#if 0 2059#if 0
2026 /* get version info from RSNIE received from Peer */ 2060 /* get version info from RSNIE received from Peer */
2027 hdr = (struct rsn_ie_hdr *) kde.rsn_ie; 2061 hdr = (struct rsn_ie_hdr *) kde.rsn_ie;
2028 rsn_ver = WPA_GET_LE16(hdr->version); 2062 rsn_ver = WPA_GET_LE16(hdr->version);
2029 2063
2030 /* use min(peer's version, out version) */ 2064 /* use min(peer's version, out version) */
2031 if (rsn_ver > RSN_VERSION) 2065 if (rsn_ver > RSN_VERSION)
2032 rsn_ver = RSN_VERSION; 2066 rsn_ver = RSN_VERSION;
2033 2067
2034 hdr = (struct rsn_ie_hdr *) peer->rsnie_p; 2068 hdr = (struct rsn_ie_hdr *) peer->rsnie_p;
2035 2069
cvs diff -r1.1.1.8 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/wpa.c (expand / switch to unified diff)

--- src/external/bsd/wpa/dist/src/rsn_supp/wpa.c 2016/11/21 16:42:49 1.1.1.8
+++ src/external/bsd/wpa/dist/src/rsn_supp/wpa.c 2017/10/16 17:36:16 1.2
@@ -500,27 +500,26 @@ static void wpa_supplicant_process_1_of_ @@ -500,27 +500,26 @@ static void wpa_supplicant_process_1_of_
500 /* Calculate PTK which will be stored as a temporary PTK until it has 500 /* Calculate PTK which will be stored as a temporary PTK until it has
501 * been verified when processing message 3/4. */ 501 * been verified when processing message 3/4. */
502 ptk = &sm->tptk; 502 ptk = &sm->tptk;
503 wpa_derive_ptk(sm, src_addr, key, ptk); 503 wpa_derive_ptk(sm, src_addr, key, ptk);
504 if (sm->pairwise_cipher == WPA_CIPHER_TKIP) { 504 if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
505 u8 buf[8]; 505 u8 buf[8];
506 /* Supplicant: swap tx/rx Mic keys */ 506 /* Supplicant: swap tx/rx Mic keys */
507 os_memcpy(buf, &ptk->tk[16], 8); 507 os_memcpy(buf, &ptk->tk[16], 8);
508 os_memcpy(&ptk->tk[16], &ptk->tk[24], 8); 508 os_memcpy(&ptk->tk[16], &ptk->tk[24], 8);
509 os_memcpy(&ptk->tk[24], buf, 8); 509 os_memcpy(&ptk->tk[24], buf, 8);
510 os_memset(buf, 0, sizeof(buf)); 510 os_memset(buf, 0, sizeof(buf));
511 } 511 }
512 sm->tptk_set = 1; 512 sm->tptk_set = 1;
513 sm->tk_to_set = 1; 
514 513
515 kde = sm->assoc_wpa_ie; 514 kde = sm->assoc_wpa_ie;
516 kde_len = sm->assoc_wpa_ie_len; 515 kde_len = sm->assoc_wpa_ie_len;
517 516
518#ifdef CONFIG_P2P 517#ifdef CONFIG_P2P
519 if (sm->p2p) { 518 if (sm->p2p) {
520 kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1); 519 kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1);
521 if (kde_buf) { 520 if (kde_buf) {
522 u8 *pos; 521 u8 *pos;
523 wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE " 522 wpa_printf(MSG_DEBUG, "P2P: Add IP Address Request KDE "
524 "into EAPOL-Key 2/4"); 523 "into EAPOL-Key 2/4");
525 os_memcpy(kde_buf, kde, kde_len); 524 os_memcpy(kde_buf, kde, kde_len);
526 kde = kde_buf; 525 kde = kde_buf;
@@ -605,27 +604,27 @@ static void wpa_sm_rekey_ptk(void *eloop @@ -605,27 +604,27 @@ static void wpa_sm_rekey_ptk(void *eloop
605 struct wpa_sm *sm = eloop_ctx; 604 struct wpa_sm *sm = eloop_ctx;
606 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying"); 605 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Request PTK rekeying");
607 wpa_sm_key_request(sm, 0, 1); 606 wpa_sm_key_request(sm, 0, 1);
608} 607}
609 608
610 609
611static int wpa_supplicant_install_ptk(struct wpa_sm *sm, 610static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
612 const struct wpa_eapol_key *key) 611 const struct wpa_eapol_key *key)
613{ 612{
614 int keylen, rsclen; 613 int keylen, rsclen;
615 enum wpa_alg alg; 614 enum wpa_alg alg;
616 const u8 *key_rsc; 615 const u8 *key_rsc;
617 616
618 if (!sm->tk_to_set) { 617 if (sm->ptk.installed) {
619 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 618 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
620 "WPA: Do not re-install same PTK to the driver"); 619 "WPA: Do not re-install same PTK to the driver");
621 return 0; 620 return 0;
622 } 621 }
623 622
624 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 623 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
625 "WPA: Installing PTK to the driver"); 624 "WPA: Installing PTK to the driver");
626 625
627 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 626 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
628 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher " 627 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Pairwise Cipher "
629 "Suite: NONE - do not use pairwise keys"); 628 "Suite: NONE - do not use pairwise keys");
630 return 0; 629 return 0;
631 } 630 }
@@ -649,27 +648,27 @@ static int wpa_supplicant_install_ptk(st @@ -649,27 +648,27 @@ static int wpa_supplicant_install_ptk(st
649 } 648 }
650 649
651 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen, 650 if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
652 sm->ptk.tk, keylen) < 0) { 651 sm->ptk.tk, keylen) < 0) {
653 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 652 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
654 "WPA: Failed to set PTK to the " 653 "WPA: Failed to set PTK to the "
655 "driver (alg=%d keylen=%d bssid=" MACSTR ")", 654 "driver (alg=%d keylen=%d bssid=" MACSTR ")",
656 alg, keylen, MAC2STR(sm->bssid)); 655 alg, keylen, MAC2STR(sm->bssid));
657 return -1; 656 return -1;
658 } 657 }
659 658
660 /* TK is not needed anymore in supplicant */ 659 /* TK is not needed anymore in supplicant */
661 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); 660 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
662 sm->tk_to_set = 0; 661 sm->ptk.installed = 1;
663 662
664 if (sm->wpa_ptk_rekey) { 663 if (sm->wpa_ptk_rekey) {
665 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 664 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
666 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk, 665 eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
667 sm, NULL); 666 sm, NULL);
668 } 667 }
669 668
670 return 0; 669 return 0;
671} 670}
672 671
673 672
674static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm, 673static int wpa_supplicant_check_group_cipher(struct wpa_sm *sm,
675 int group_cipher, 674 int group_cipher,
@@ -699,31 +698,43 @@ static int wpa_supplicant_check_group_ci @@ -699,31 +698,43 @@ static int wpa_supplicant_check_group_ci
699} 698}
700 699
701 700
702struct wpa_gtk_data { 701struct wpa_gtk_data {
703 enum wpa_alg alg; 702 enum wpa_alg alg;
704 int tx, key_rsc_len, keyidx; 703 int tx, key_rsc_len, keyidx;
705 u8 gtk[32]; 704 u8 gtk[32];
706 int gtk_len; 705 int gtk_len;
707}; 706};
708 707
709 708
710static int wpa_supplicant_install_gtk(struct wpa_sm *sm, 709static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
711 const struct wpa_gtk_data *gd, 710 const struct wpa_gtk_data *gd,
712 const u8 *key_rsc) 711 const u8 *key_rsc, int wnm_sleep)
713{ 712{
714 const u8 *_gtk = gd->gtk; 713 const u8 *_gtk = gd->gtk;
715 u8 gtk_buf[32]; 714 u8 gtk_buf[32];
716 715
 716 /* Detect possible key reinstallation */
 717 if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
 718 os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
 719 (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
 720 os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
 721 sm->gtk_wnm_sleep.gtk_len) == 0)) {
 722 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
 723 "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
 724 gd->keyidx, gd->tx, gd->gtk_len);
 725 return 0;
 726 }
 727
717 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); 728 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
718 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 729 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
719 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", 730 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
720 gd->keyidx, gd->tx, gd->gtk_len); 731 gd->keyidx, gd->tx, gd->gtk_len);
721 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len); 732 wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
722 if (sm->group_cipher == WPA_CIPHER_TKIP) { 733 if (sm->group_cipher == WPA_CIPHER_TKIP) {
723 /* Swap Tx/Rx keys for Michael MIC */ 734 /* Swap Tx/Rx keys for Michael MIC */
724 os_memcpy(gtk_buf, gd->gtk, 16); 735 os_memcpy(gtk_buf, gd->gtk, 16);
725 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8); 736 os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
726 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8); 737 os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
727 _gtk = gtk_buf; 738 _gtk = gtk_buf;
728 } 739 }
729 if (sm->pairwise_cipher == WPA_CIPHER_NONE) { 740 if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
@@ -738,26 +749,35 @@ static int wpa_supplicant_install_gtk(st @@ -738,26 +749,35 @@ static int wpa_supplicant_install_gtk(st
738 } 749 }
739 } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr, 750 } else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr,
740 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len, 751 gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
741 _gtk, gd->gtk_len) < 0) { 752 _gtk, gd->gtk_len) < 0) {
742 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 753 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
743 "WPA: Failed to set GTK to " 754 "WPA: Failed to set GTK to "
744 "the driver (alg=%d keylen=%d keyidx=%d)", 755 "the driver (alg=%d keylen=%d keyidx=%d)",
745 gd->alg, gd->gtk_len, gd->keyidx); 756 gd->alg, gd->gtk_len, gd->keyidx);
746 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 757 os_memset(gtk_buf, 0, sizeof(gtk_buf));
747 return -1; 758 return -1;
748 } 759 }
749 os_memset(gtk_buf, 0, sizeof(gtk_buf)); 760 os_memset(gtk_buf, 0, sizeof(gtk_buf));
750 761
 762 if (wnm_sleep) {
 763 sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
 764 os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
 765 sm->gtk_wnm_sleep.gtk_len);
 766 } else {
 767 sm->gtk.gtk_len = gd->gtk_len;
 768 os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
 769 }
 770
751 return 0; 771 return 0;
752} 772}
753 773
754 774
755static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, 775static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
756 int tx) 776 int tx)
757{ 777{
758 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) { 778 if (tx && sm->pairwise_cipher != WPA_CIPHER_NONE) {
759 /* Ignore Tx bit for GTK if a pairwise key is used. One AP 779 /* Ignore Tx bit for GTK if a pairwise key is used. One AP
760 * seemed to set this bit (incorrectly, since Tx is only when 780 * seemed to set this bit (incorrectly, since Tx is only when
761 * doing Group Key only APs) and without this workaround, the 781 * doing Group Key only APs) and without this workaround, the
762 * data connection does not work because wpa_supplicant 782 * data connection does not work because wpa_supplicant
763 * configured non-zero keyidx to be used for unicast. */ 783 * configured non-zero keyidx to be used for unicast. */
@@ -830,74 +850,110 @@ static int wpa_supplicant_pairwise_gtk(s @@ -830,74 +850,110 @@ static int wpa_supplicant_pairwise_gtk(s
830 gtk_len -= 2; 850 gtk_len -= 2;
831 851
832 os_memcpy(gd.gtk, gtk, gtk_len); 852 os_memcpy(gd.gtk, gtk, gtk_len);
833 gd.gtk_len = gtk_len; 853 gd.gtk_len = gtk_len;
834 854
835 key_rsc = key->key_rsc; 855 key_rsc = key->key_rsc;
836 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) 856 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
837 key_rsc = null_rsc; 857 key_rsc = null_rsc;
838 858
839 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED && 859 if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
840 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 860 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
841 gtk_len, gtk_len, 861 gtk_len, gtk_len,
842 &gd.key_rsc_len, &gd.alg) || 862 &gd.key_rsc_len, &gd.alg) ||
843 wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { 863 wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
844 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 864 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
845 "RSN: Failed to install GTK"); 865 "RSN: Failed to install GTK");
846 os_memset(&gd, 0, sizeof(gd)); 866 os_memset(&gd, 0, sizeof(gd));
847 return -1; 867 return -1;
848 } 868 }
849 os_memset(&gd, 0, sizeof(gd)); 869 os_memset(&gd, 0, sizeof(gd));
850 870
851 wpa_supplicant_key_neg_complete(sm, sm->bssid, 871 wpa_supplicant_key_neg_complete(sm, sm->bssid,
852 key_info & WPA_KEY_INFO_SECURE); 872 key_info & WPA_KEY_INFO_SECURE);
853 return 0; 873 return 0;
854} 874}
855 875
856 876
 877#ifdef CONFIG_IEEE80211W
 878static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
 879 const struct wpa_igtk_kde *igtk,
 880 int wnm_sleep)
 881{
 882 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
 883 u16 keyidx = WPA_GET_LE16(igtk->keyid);
 884
 885 /* Detect possible key reinstallation */
 886 if ((sm->igtk.igtk_len == len &&
 887 os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
 888 (sm->igtk_wnm_sleep.igtk_len == len &&
 889 os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
 890 sm->igtk_wnm_sleep.igtk_len) == 0)) {
 891 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
 892 "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
 893 keyidx);
 894 return 0;
 895 }
 896
 897 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
 898 "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
 899 keyidx, MAC2STR(igtk->pn));
 900 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
 901 if (keyidx > 4095) {
 902 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
 903 "WPA: Invalid IGTK KeyID %d", keyidx);
 904 return -1;
 905 }
 906 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
 907 broadcast_ether_addr,
 908 keyidx, 0, igtk->pn, sizeof(igtk->pn),
 909 igtk->igtk, len) < 0) {
 910 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
 911 "WPA: Failed to configure IGTK to the driver");
 912 return -1;
 913 }
 914
 915 if (wnm_sleep) {
 916 sm->igtk_wnm_sleep.igtk_len = len;
 917 os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
 918 sm->igtk_wnm_sleep.igtk_len);
 919 } else {
 920 sm->igtk.igtk_len = len;
 921 os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
 922 }
 923
 924 return 0;
 925}
 926#endif /* CONFIG_IEEE80211W */
 927
 928
857static int ieee80211w_set_keys(struct wpa_sm *sm, 929static int ieee80211w_set_keys(struct wpa_sm *sm,
858 struct wpa_eapol_ie_parse *ie) 930 struct wpa_eapol_ie_parse *ie)
859{ 931{
860#ifdef CONFIG_IEEE80211W 932#ifdef CONFIG_IEEE80211W
861 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher)) 933 if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher))
862 return 0; 934 return 0;
863 935
864 if (ie->igtk) { 936 if (ie->igtk) {
865 size_t len; 937 size_t len;
866 const struct wpa_igtk_kde *igtk; 938 const struct wpa_igtk_kde *igtk;
867 u16 keyidx; 939
868 len = wpa_cipher_key_len(sm->mgmt_group_cipher); 940 len = wpa_cipher_key_len(sm->mgmt_group_cipher);
869 if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) 941 if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
870 return -1; 942 return -1;
 943
871 igtk = (const struct wpa_igtk_kde *) ie->igtk; 944 igtk = (const struct wpa_igtk_kde *) ie->igtk;
872 keyidx = WPA_GET_LE16(igtk->keyid); 945 if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
873 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " 
874 "pn %02x%02x%02x%02x%02x%02x", 
875 keyidx, MAC2STR(igtk->pn)); 
876 wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", 
877 igtk->igtk, len); 
878 if (keyidx > 4095) { 
879 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 
880 "WPA: Invalid IGTK KeyID %d", keyidx); 
881 return -1; 
882 } 
883 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), 
884 broadcast_ether_addr, 
885 keyidx, 0, igtk->pn, sizeof(igtk->pn), 
886 igtk->igtk, len) < 0) { 
887 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 
888 "WPA: Failed to configure IGTK to the driver"); 
889 return -1; 946 return -1;
890 } 
891 } 947 }
892 948
893 return 0; 949 return 0;
894#else /* CONFIG_IEEE80211W */ 950#else /* CONFIG_IEEE80211W */
895 return 0; 951 return 0;
896#endif /* CONFIG_IEEE80211W */ 952#endif /* CONFIG_IEEE80211W */
897} 953}
898 954
899 955
900static void wpa_report_ie_mismatch(struct wpa_sm *sm, 956static void wpa_report_ie_mismatch(struct wpa_sm *sm,
901 const char *reason, const u8 *src_addr, 957 const char *reason, const u8 *src_addr,
902 const u8 *wpa_ie, size_t wpa_ie_len, 958 const u8 *wpa_ie, size_t wpa_ie_len,
903 const u8 *rsn_ie, size_t rsn_ie_len) 959 const u8 *rsn_ie, size_t rsn_ie_len)
@@ -1526,27 +1582,27 @@ static void wpa_supplicant_process_1_of_ @@ -1526,27 +1582,27 @@ static void wpa_supplicant_process_1_of_
1526 key_data_len, 1582 key_data_len,
1527 key_info, ver, &gd); 1583 key_info, ver, &gd);
1528 } 1584 }
1529 1585
1530 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); 1586 wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1531 1587
1532 if (ret) 1588 if (ret)
1533 goto failed; 1589 goto failed;
1534 1590
1535 key_rsc = key->key_rsc; 1591 key_rsc = key->key_rsc;
1536 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) 1592 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
1537 key_rsc = null_rsc; 1593 key_rsc = null_rsc;
1538 1594
1539 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || 1595 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
1540 wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) 1596 wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
1541 goto failed; 1597 goto failed;
1542 os_memset(&gd, 0, sizeof(gd)); 1598 os_memset(&gd, 0, sizeof(gd));
1543 1599
1544 if (rekey) { 1600 if (rekey) {
1545 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying " 1601 wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
1546 "completed with " MACSTR " [GTK=%s]", 1602 "completed with " MACSTR " [GTK=%s]",
1547 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher)); 1603 MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
1548 wpa_sm_cancel_auth_timeout(sm); 1604 wpa_sm_cancel_auth_timeout(sm);
1549 wpa_sm_set_state(sm, WPA_COMPLETED); 1605 wpa_sm_set_state(sm, WPA_COMPLETED);
1550 } else { 1606 } else {
1551 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1607 wpa_supplicant_key_neg_complete(sm, sm->bssid,
1552 key_info & 1608 key_info &
@@ -2297,66 +2353,72 @@ void wpa_sm_deinit(struct wpa_sm *sm) @@ -2297,66 +2353,72 @@ void wpa_sm_deinit(struct wpa_sm *sm)
2297} 2353}
2298 2354
2299 2355
2300/** 2356/**
2301 * wpa_sm_notify_assoc - Notify WPA state machine about association 2357 * wpa_sm_notify_assoc - Notify WPA state machine about association
2302 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2358 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2303 * @bssid: The BSSID of the new association 2359 * @bssid: The BSSID of the new association
2304 * 2360 *
2305 * This function is called to let WPA state machine know that the connection 2361 * This function is called to let WPA state machine know that the connection
2306 * was established. 2362 * was established.
2307 */ 2363 */
2308void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) 2364void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
2309{ 2365{
2310 int clear_ptk = 1; 2366 int clear_keys = 1;
2311 2367
2312 if (sm == NULL) 2368 if (sm == NULL)
2313 return; 2369 return;
2314 2370
2315 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 2371 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
2316 "WPA: Association event - clear replay counter"); 2372 "WPA: Association event - clear replay counter");
2317 os_memcpy(sm->bssid, bssid, ETH_ALEN); 2373 os_memcpy(sm->bssid, bssid, ETH_ALEN);
2318 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); 2374 os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
2319 sm->rx_replay_counter_set = 0; 2375 sm->rx_replay_counter_set = 0;
2320 sm->renew_snonce = 1; 2376 sm->renew_snonce = 1;
2321 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0) 2377 if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
2322 rsn_preauth_deinit(sm); 2378 rsn_preauth_deinit(sm);
2323 2379
2324#ifdef CONFIG_IEEE80211R 2380#ifdef CONFIG_IEEE80211R
2325 if (wpa_ft_is_completed(sm)) { 2381 if (wpa_ft_is_completed(sm)) {
2326 /* 2382 /*
2327 * Clear portValid to kick EAPOL state machine to re-enter 2383 * Clear portValid to kick EAPOL state machine to re-enter
2328 * AUTHENTICATED state to get the EAPOL port Authorized. 2384 * AUTHENTICATED state to get the EAPOL port Authorized.
2329 */ 2385 */
2330 eapol_sm_notify_portValid(sm->eapol, FALSE); 2386 eapol_sm_notify_portValid(sm->eapol, FALSE);
2331 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1); 2387 wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
2332 2388
2333 /* Prepare for the next transition */ 2389 /* Prepare for the next transition */
2334 wpa_ft_prepare_auth_request(sm, NULL); 2390 wpa_ft_prepare_auth_request(sm, NULL);
2335 2391
2336 clear_ptk = 0; 2392 clear_keys = 0;
2337 } 2393 }
2338#endif /* CONFIG_IEEE80211R */ 2394#endif /* CONFIG_IEEE80211R */
2339 2395
2340 if (clear_ptk) { 2396 if (clear_keys) {
2341 /* 2397 /*
2342 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if 2398 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
2343 * this is not part of a Fast BSS Transition. 2399 * this is not part of a Fast BSS Transition.
2344 */ 2400 */
2345 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK"); 2401 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PTK");
2346 sm->ptk_set = 0; 2402 sm->ptk_set = 0;
2347 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2403 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2348 sm->tptk_set = 0; 2404 sm->tptk_set = 0;
2349 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2405 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
 2406 os_memset(&sm->gtk, 0, sizeof(sm->gtk));
 2407 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
 2408#ifdef CONFIG_IEEE80211W
 2409 os_memset(&sm->igtk, 0, sizeof(sm->igtk));
 2410 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
 2411#endif /* CONFIG_IEEE80211W */
2350 } 2412 }
2351 2413
2352#ifdef CONFIG_TDLS 2414#ifdef CONFIG_TDLS
2353 wpa_tdls_assoc(sm); 2415 wpa_tdls_assoc(sm);
2354#endif /* CONFIG_TDLS */ 2416#endif /* CONFIG_TDLS */
2355 2417
2356#ifdef CONFIG_P2P 2418#ifdef CONFIG_P2P
2357 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr)); 2419 os_memset(sm->p2p_ip_addr, 0, sizeof(sm->p2p_ip_addr));
2358#endif /* CONFIG_P2P */ 2420#endif /* CONFIG_P2P */
2359} 2421}
2360 2422
2361 2423
2362/** 2424/**
@@ -2368,26 +2430,29 @@ void wpa_sm_notify_assoc(struct wpa_sm * @@ -2368,26 +2430,29 @@ void wpa_sm_notify_assoc(struct wpa_sm *
2368 */ 2430 */
2369void wpa_sm_notify_disassoc(struct wpa_sm *sm) 2431void wpa_sm_notify_disassoc(struct wpa_sm *sm)
2370{ 2432{
2371 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL); 2433 eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
2372 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 2434 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
2373 peerkey_deinit(sm); 2435 peerkey_deinit(sm);
2374 rsn_preauth_deinit(sm); 2436 rsn_preauth_deinit(sm);
2375 pmksa_cache_clear_current(sm); 2437 pmksa_cache_clear_current(sm);
2376 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE) 2438 if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
2377 sm->dot11RSNA4WayHandshakeFailures++; 2439 sm->dot11RSNA4WayHandshakeFailures++;
2378#ifdef CONFIG_TDLS 2440#ifdef CONFIG_TDLS
2379 wpa_tdls_disassoc(sm); 2441 wpa_tdls_disassoc(sm);
2380#endif /* CONFIG_TDLS */ 2442#endif /* CONFIG_TDLS */
 2443#ifdef CONFIG_IEEE80211R
 2444 sm->ft_reassoc_completed = 0;
 2445#endif /* CONFIG_IEEE80211R */
2381 2446
2382 /* Keys are not needed in the WPA state machine anymore */ 2447 /* Keys are not needed in the WPA state machine anymore */
2383 wpa_sm_drop_sa(sm); 2448 wpa_sm_drop_sa(sm);
2384 2449
2385 sm->msg_3_of_4_ok = 0; 2450 sm->msg_3_of_4_ok = 0;
2386} 2451}
2387 2452
2388 2453
2389/** 2454/**
2390 * wpa_sm_set_pmk - Set PMK 2455 * wpa_sm_set_pmk - Set PMK
2391 * @sm: Pointer to WPA state machine data from wpa_sm_init() 2456 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2392 * @pmk: The new PMK 2457 * @pmk: The new PMK
2393 * @pmk_len: The length of the new PMK in bytes 2458 * @pmk_len: The length of the new PMK in bytes
@@ -2867,26 +2932,32 @@ int wpa_sm_pmksa_cache_list(struct wpa_s @@ -2867,26 +2932,32 @@ int wpa_sm_pmksa_cache_list(struct wpa_s
2867{ 2932{
2868 return pmksa_cache_list(sm->pmksa, buf, len); 2933 return pmksa_cache_list(sm->pmksa, buf, len);
2869} 2934}
2870 2935
2871 2936
2872void wpa_sm_drop_sa(struct wpa_sm *sm) 2937void wpa_sm_drop_sa(struct wpa_sm *sm)
2873{ 2938{
2874 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK"); 2939 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
2875 sm->ptk_set = 0; 2940 sm->ptk_set = 0;
2876 sm->tptk_set = 0; 2941 sm->tptk_set = 0;
2877 os_memset(sm->pmk, 0, sizeof(sm->pmk)); 2942 os_memset(sm->pmk, 0, sizeof(sm->pmk));
2878 os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 2943 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
2879 os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 2944 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
 2945 os_memset(&sm->gtk, 0, sizeof(sm->gtk));
 2946 os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
 2947#ifdef CONFIG_IEEE80211W
 2948 os_memset(&sm->igtk, 0, sizeof(sm->igtk));
 2949 os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
 2950#endif /* CONFIG_IEEE80211W */
2880#ifdef CONFIG_IEEE80211R 2951#ifdef CONFIG_IEEE80211R
2881 os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); 2952 os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
2882 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); 2953 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
2883 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1)); 2954 os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
2884#endif /* CONFIG_IEEE80211R */ 2955#endif /* CONFIG_IEEE80211R */
2885} 2956}
2886 2957
2887 2958
2888int wpa_sm_has_ptk(struct wpa_sm *sm) 2959int wpa_sm_has_ptk(struct wpa_sm *sm)
2889{ 2960{
2890 if (sm == NULL) 2961 if (sm == NULL)
2891 return 0; 2962 return 0;
2892 return sm->ptk_set; 2963 return sm->ptk_set;
@@ -2930,58 +3001,40 @@ int wpa_wnmsleep_install_key(struct wpa_ @@ -2930,58 +3001,40 @@ int wpa_wnmsleep_install_key(struct wpa_
2930 if (gd.gtk_len != buf[4]) { 3001 if (gd.gtk_len != buf[4]) {
2931 wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d", 3002 wpa_printf(MSG_DEBUG, "GTK len mismatch len %d vs %d",
2932 gd.gtk_len, buf[4]); 3003 gd.gtk_len, buf[4]);
2933 return -1; 3004 return -1;
2934 } 3005 }
2935 gd.keyidx = keyinfo & 0x03; /* B0 - B1 */ 3006 gd.keyidx = keyinfo & 0x03; /* B0 - B1 */
2936 gd.tx = wpa_supplicant_gtk_tx_bit_workaround( 3007 gd.tx = wpa_supplicant_gtk_tx_bit_workaround(
2937 sm, !!(keyinfo & WPA_KEY_INFO_TXRX)); 3008 sm, !!(keyinfo & WPA_KEY_INFO_TXRX));
2938 3009
2939 os_memcpy(gd.gtk, buf + 13, gd.gtk_len); 3010 os_memcpy(gd.gtk, buf + 13, gd.gtk_len);
2940 3011
2941 wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", 3012 wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
2942 gd.gtk, gd.gtk_len); 3013 gd.gtk, gd.gtk_len);
2943 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { 3014 if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
2944 os_memset(&gd, 0, sizeof(gd)); 3015 os_memset(&gd, 0, sizeof(gd));
2945 wpa_printf(MSG_DEBUG, "Failed to install the GTK in " 3016 wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
2946 "WNM mode"); 3017 "WNM mode");
2947 return -1; 3018 return -1;
2948 } 3019 }
2949 os_memset(&gd, 0, sizeof(gd)); 3020 os_memset(&gd, 0, sizeof(gd));
2950#ifdef CONFIG_IEEE80211W 3021#ifdef CONFIG_IEEE80211W
2951 } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { 3022 } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
2952 struct wpa_igtk_kde igd; 3023 const struct wpa_igtk_kde *igtk;
2953 u16 keyidx; 
2954 3024
2955 os_memset(&igd, 0, sizeof(igd)); 3025 igtk = (const struct wpa_igtk_kde *) (buf + 2);
2956 keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); 3026 if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
2957 os_memcpy(igd.keyid, buf + 2, 2); 
2958 os_memcpy(igd.pn, buf + 4, 6); 
2959 
2960 keyidx = WPA_GET_LE16(igd.keyid); 
2961 os_memcpy(igd.igtk, buf + 10, keylen); 
2962 
2963 wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", 
2964 igd.igtk, keylen); 
2965 if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), 
2966 broadcast_ether_addr, 
2967 keyidx, 0, igd.pn, sizeof(igd.pn), 
2968 igd.igtk, keylen) < 0) { 
2969 wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " 
2970 "WNM mode"); 
2971 os_memset(&igd, 0, sizeof(igd)); 
2972 return -1; 3027 return -1;
2973 } 
2974 os_memset(&igd, 0, sizeof(igd)); 
2975#endif /* CONFIG_IEEE80211W */ 3028#endif /* CONFIG_IEEE80211W */
2976 } else { 3029 } else {
2977 wpa_printf(MSG_DEBUG, "Unknown element id"); 3030 wpa_printf(MSG_DEBUG, "Unknown element id");
2978 return -1; 3031 return -1;
2979 } 3032 }
2980 3033
2981 return 0; 3034 return 0;
2982} 3035}
2983#endif /* CONFIG_WNM */ 3036#endif /* CONFIG_WNM */
2984 3037
2985 3038
2986#ifdef CONFIG_PEERKEY 3039#ifdef CONFIG_PEERKEY
2987int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr, 3040int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
cvs diff -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/wpa_ft.c (expand / switch to unified diff)

--- src/external/bsd/wpa/dist/src/rsn_supp/wpa_ft.c 2016/11/21 16:42:49 1.1.1.6
+++ src/external/bsd/wpa/dist/src/rsn_supp/wpa_ft.c 2017/10/16 17:36:16 1.2
@@ -143,26 +143,27 @@ static u8 * wpa_ft_gen_req_ies(struct wp @@ -143,26 +143,27 @@ static u8 * wpa_ft_gen_req_ies(struct wp
143 const u8 *kck, size_t kck_len, 143 const u8 *kck, size_t kck_len,
144 const u8 *target_ap, 144 const u8 *target_ap,
145 const u8 *ric_ies, size_t ric_ies_len, 145 const u8 *ric_ies, size_t ric_ies_len,
146 const u8 *ap_mdie) 146 const u8 *ap_mdie)
147{ 147{
148 size_t buf_len; 148 size_t buf_len;
149 u8 *buf, *pos, *ftie_len, *ftie_pos; 149 u8 *buf, *pos, *ftie_len, *ftie_pos;
150 struct rsn_mdie *mdie; 150 struct rsn_mdie *mdie;
151 struct rsn_ftie *ftie; 151 struct rsn_ftie *ftie;
152 struct rsn_ie_hdr *rsnie; 152 struct rsn_ie_hdr *rsnie;
153 u16 capab; 153 u16 capab;
154 154
155 sm->ft_completed = 0; 155 sm->ft_completed = 0;
 156 sm->ft_reassoc_completed = 0;
156 157
157 buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + 158 buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
158 2 + sm->r0kh_id_len + ric_ies_len + 100; 159 2 + sm->r0kh_id_len + ric_ies_len + 100;
159 buf = os_zalloc(buf_len); 160 buf = os_zalloc(buf_len);
160 if (buf == NULL) 161 if (buf == NULL)
161 return NULL; 162 return NULL;
162 pos = buf; 163 pos = buf;
163 164
164 /* RSNIE[PMKR0Name/PMKR1Name] */ 165 /* RSNIE[PMKR0Name/PMKR1Name] */
165 rsnie = (struct rsn_ie_hdr *) pos; 166 rsnie = (struct rsn_ie_hdr *) pos;
166 rsnie->elem_id = WLAN_EID_RSN; 167 rsnie->elem_id = WLAN_EID_RSN;
167 WPA_PUT_LE16(rsnie->version, RSN_VERSION); 168 WPA_PUT_LE16(rsnie->version, RSN_VERSION);
168 pos = (u8 *) (rsnie + 1); 169 pos = (u8 *) (rsnie + 1);
@@ -671,26 +672,31 @@ int wpa_ft_validate_reassoc_resp(struct  @@ -671,26 +672,31 @@ int wpa_ft_validate_reassoc_resp(struct
671 struct rsn_mdie *mdie; 672 struct rsn_mdie *mdie;
672 struct rsn_ftie *ftie; 673 struct rsn_ftie *ftie;
673 unsigned int count; 674 unsigned int count;
674 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN]; 675 u8 mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
675 676
676 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", ies, ies_len); 677 wpa_hexdump(MSG_DEBUG, "FT: Response IEs", ies, ies_len);
677 678
678 if (!wpa_key_mgmt_ft(sm->key_mgmt)) { 679 if (!wpa_key_mgmt_ft(sm->key_mgmt)) {
679 wpa_printf(MSG_DEBUG, "FT: Reject FT IEs since FT is not " 680 wpa_printf(MSG_DEBUG, "FT: Reject FT IEs since FT is not "
680 "enabled for this connection"); 681 "enabled for this connection");
681 return -1; 682 return -1;
682 } 683 }
683 684
 685 if (sm->ft_reassoc_completed) {
 686 wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
 687 return 0;
 688 }
 689
684 if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { 690 if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
685 wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); 691 wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
686 return -1; 692 return -1;
687 } 693 }
688 694
689 mdie = (struct rsn_mdie *) parse.mdie; 695 mdie = (struct rsn_mdie *) parse.mdie;
690 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) || 696 if (mdie == NULL || parse.mdie_len < sizeof(*mdie) ||
691 os_memcmp(mdie->mobility_domain, sm->mobility_domain, 697 os_memcmp(mdie->mobility_domain, sm->mobility_domain,
692 MOBILITY_DOMAIN_ID_LEN) != 0) { 698 MOBILITY_DOMAIN_ID_LEN) != 0) {
693 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE"); 699 wpa_printf(MSG_DEBUG, "FT: Invalid MDIE");
694 return -1; 700 return -1;
695 } 701 }
696 702
@@ -771,26 +777,28 @@ int wpa_ft_validate_reassoc_resp(struct  @@ -771,26 +777,28 @@ int wpa_ft_validate_reassoc_resp(struct
771 parse.ric, parse.ric_len, 777 parse.ric, parse.ric_len,
772 mic) < 0) { 778 mic) < 0) {
773 wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC"); 779 wpa_printf(MSG_DEBUG, "FT: Failed to calculate MIC");
774 return -1; 780 return -1;
775 } 781 }
776 782
777 if (os_memcmp_const(mic, ftie->mic, 16) != 0) { 783 if (os_memcmp_const(mic, ftie->mic, 16) != 0) {
778 wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE"); 784 wpa_printf(MSG_DEBUG, "FT: Invalid MIC in FTIE");
779 wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC", ftie->mic, 16); 785 wpa_hexdump(MSG_MSGDUMP, "FT: Received MIC", ftie->mic, 16);
780 wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, 16); 786 wpa_hexdump(MSG_MSGDUMP, "FT: Calculated MIC", mic, 16);
781 return -1; 787 return -1;
782 } 788 }
783 789
 790 sm->ft_reassoc_completed = 1;
 791
784 if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) 792 if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
785 return -1; 793 return -1;
786 794
787#ifdef CONFIG_IEEE80211W 795#ifdef CONFIG_IEEE80211W
788 if (wpa_ft_process_igtk_subelem(sm, parse.igtk, parse.igtk_len) < 0) 796 if (wpa_ft_process_igtk_subelem(sm, parse.igtk, parse.igtk_len) < 0)
789 return -1; 797 return -1;
790#endif /* CONFIG_IEEE80211W */ 798#endif /* CONFIG_IEEE80211W */
791 799
792 if (sm->set_ptk_after_assoc) { 800 if (sm->set_ptk_after_assoc) {
793 wpa_printf(MSG_DEBUG, "FT: Try to set PTK again now that we " 801 wpa_printf(MSG_DEBUG, "FT: Try to set PTK again now that we "
794 "are associated"); 802 "are associated");
795 if (wpa_ft_install_ptk(sm, src_addr) < 0) 803 if (wpa_ft_install_ptk(sm, src_addr) < 0)
796 return -1; 804 return -1;
cvs diff -r1.1.1.6 -r1.2 src/external/bsd/wpa/dist/src/rsn_supp/wpa_i.h (expand / switch to unified diff)

--- src/external/bsd/wpa/dist/src/rsn_supp/wpa_i.h 2016/11/21 16:42:49 1.1.1.6
+++ src/external/bsd/wpa/dist/src/rsn_supp/wpa_i.h 2017/10/16 17:36:16 1.2
@@ -14,33 +14,38 @@ @@ -14,33 +14,38 @@
14struct wpa_peerkey; 14struct wpa_peerkey;
15struct wpa_tdls_peer; 15struct wpa_tdls_peer;
16struct wpa_eapol_key; 16struct wpa_eapol_key;
17 17
18/** 18/**
19 * struct wpa_sm - Internal WPA state machine data 19 * struct wpa_sm - Internal WPA state machine data
20 */ 20 */
21struct wpa_sm { 21struct wpa_sm {
22 u8 pmk[PMK_LEN_MAX]; 22 u8 pmk[PMK_LEN_MAX];
23 size_t pmk_len; 23 size_t pmk_len;
24 struct wpa_ptk ptk, tptk; 24 struct wpa_ptk ptk, tptk;
25 int ptk_set, tptk_set; 25 int ptk_set, tptk_set;
26 unsigned int msg_3_of_4_ok:1; 26 unsigned int msg_3_of_4_ok:1;
27 unsigned int tk_to_set:1; 
28 u8 snonce[WPA_NONCE_LEN]; 27 u8 snonce[WPA_NONCE_LEN];
29 u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ 28 u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
30 int renew_snonce; 29 int renew_snonce;
31 u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; 30 u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
32 int rx_replay_counter_set; 31 int rx_replay_counter_set;
33 u8 request_counter[WPA_REPLAY_COUNTER_LEN]; 32 u8 request_counter[WPA_REPLAY_COUNTER_LEN];
 33 struct wpa_gtk gtk;
 34 struct wpa_gtk gtk_wnm_sleep;
 35#ifdef CONFIG_IEEE80211W
 36 struct wpa_igtk igtk;
 37 struct wpa_igtk igtk_wnm_sleep;
 38#endif /* CONFIG_IEEE80211W */
34 39
35 struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ 40 struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
36 41
37 struct rsn_pmksa_cache *pmksa; /* PMKSA cache */ 42 struct rsn_pmksa_cache *pmksa; /* PMKSA cache */
38 struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */ 43 struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */
39 struct dl_list pmksa_candidates; 44 struct dl_list pmksa_candidates;
40 45
41 struct l2_packet_data *l2_preauth; 46 struct l2_packet_data *l2_preauth;
42 struct l2_packet_data *l2_preauth_br; 47 struct l2_packet_data *l2_preauth_br;
43 struct l2_packet_data *l2_tdls; 48 struct l2_packet_data *l2_tdls;
44 u8 preauth_bssid[ETH_ALEN]; /* current RSN pre-auth peer or 49 u8 preauth_bssid[ETH_ALEN]; /* current RSN pre-auth peer or
45 * 00:00:00:00:00:00 if no pre-auth is 50 * 00:00:00:00:00:00 if no pre-auth is
46 * in progress */ 51 * in progress */
@@ -113,26 +118,27 @@ struct wpa_sm { @@ -113,26 +118,27 @@ struct wpa_sm {
113 118
114#ifdef CONFIG_IEEE80211R 119#ifdef CONFIG_IEEE80211R
115 u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */ 120 u8 xxkey[PMK_LEN]; /* PSK or the second 256 bits of MSK */
116 size_t xxkey_len; 121 size_t xxkey_len;
117 u8 pmk_r0[PMK_LEN]; 122 u8 pmk_r0[PMK_LEN];
118 u8 pmk_r0_name[WPA_PMK_NAME_LEN]; 123 u8 pmk_r0_name[WPA_PMK_NAME_LEN];
119 u8 pmk_r1[PMK_LEN]; 124 u8 pmk_r1[PMK_LEN];
120 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 125 u8 pmk_r1_name[WPA_PMK_NAME_LEN];
121 u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; 126 u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
122 u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; 127 u8 r0kh_id[FT_R0KH_ID_MAX_LEN];
123 size_t r0kh_id_len; 128 size_t r0kh_id_len;
124 u8 r1kh_id[FT_R1KH_ID_LEN]; 129 u8 r1kh_id[FT_R1KH_ID_LEN];
125 int ft_completed; 130 int ft_completed;
 131 int ft_reassoc_completed;
126 int over_the_ds_in_progress; 132 int over_the_ds_in_progress;
127 u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ 133 u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
128 int set_ptk_after_assoc; 134 int set_ptk_after_assoc;
129 u8 mdie_ft_capab; /* FT Capability and Policy from target AP MDIE */ 135 u8 mdie_ft_capab; /* FT Capability and Policy from target AP MDIE */
130 u8 *assoc_resp_ies; /* MDIE and FTIE from (Re)Association Response */ 136 u8 *assoc_resp_ies; /* MDIE and FTIE from (Re)Association Response */
131 size_t assoc_resp_ies_len; 137 size_t assoc_resp_ies_len;
132#endif /* CONFIG_IEEE80211R */ 138#endif /* CONFIG_IEEE80211R */
133 139
134#ifdef CONFIG_P2P 140#ifdef CONFIG_P2P
135 u8 p2p_ip_addr[3 * 4]; 141 u8 p2p_ip_addr[3 * 4];
136#endif /* CONFIG_P2P */ 142#endif /* CONFIG_P2P */
137 143
138#ifdef CONFIG_TESTING_OPTIONS 144#ifdef CONFIG_TESTING_OPTIONS
cvs diff -r1.3 -r1.4 src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c (expand / switch to unified diff)

--- src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c 2016/11/21 20:15:17 1.3
+++ src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c 2017/10/16 17:36:16 1.4
@@ -250,27 +250,27 @@ static void ieee802_11_rx_wnmsleep_resp( @@ -250,27 +250,27 @@ static void ieee802_11_rx_wnmsleep_resp(
250 * Action [1] | Dialog Token [1] | Key Data Len [2] | Key Data | 250 * Action [1] | Dialog Token [1] | Key Data Len [2] | Key Data |
251 * WNM-Sleep Mode IE | TFS Response IE 251 * WNM-Sleep Mode IE | TFS Response IE
252 */ 252 */
253 const u8 *pos = frm; /* point to payload after the action field */ 253 const u8 *pos = frm; /* point to payload after the action field */
254 u16 key_len_total; 254 u16 key_len_total;
255 struct wnm_sleep_element *wnmsleep_ie = NULL; 255 struct wnm_sleep_element *wnmsleep_ie = NULL;
256 /* multiple TFS Resp IE (assuming consecutive) */ 256 /* multiple TFS Resp IE (assuming consecutive) */
257 const u8 *tfsresp_ie_start = NULL; 257 const u8 *tfsresp_ie_start = NULL;
258 const u8 *tfsresp_ie_end = NULL; 258 const u8 *tfsresp_ie_end = NULL;
259 size_t left; 259 size_t left;
260 260
261 if (!wpa_s->wnmsleep_used) { 261 if (!wpa_s->wnmsleep_used) {
262 wpa_printf(MSG_DEBUG, 262 wpa_printf(MSG_DEBUG,
263 "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association"); 263 "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
264 return; 264 return;
265 } 265 }
266 266
267 if (len < 3) 267 if (len < 3)
268 return; 268 return;
269 key_len_total = WPA_GET_LE16(frm + 1); 269 key_len_total = WPA_GET_LE16(frm + 1);
270 270
271 wpa_printf(MSG_DEBUG, "WNM-Sleep Mode Response token=%u key_len_total=%d", 271 wpa_printf(MSG_DEBUG, "WNM-Sleep Mode Response token=%u key_len_total=%d",
272 frm[0], key_len_total); 272 frm[0], key_len_total);
273 left = len - 3; 273 left = len - 3;
274 if (key_len_total > left) { 274 if (key_len_total > left) {
275 wpa_printf(MSG_INFO, "WNM: Too short frame for Key Data field"); 275 wpa_printf(MSG_INFO, "WNM: Too short frame for Key Data field");
276 return; 276 return;
@@ -289,26 +289,28 @@ static void ieee802_11_rx_wnmsleep_resp( @@ -289,26 +289,28 @@ static void ieee802_11_rx_wnmsleep_resp(
289 if (!tfsresp_ie_start) 289 if (!tfsresp_ie_start)
290 tfsresp_ie_start = pos; 290 tfsresp_ie_start = pos;
291 tfsresp_ie_end = pos; 291 tfsresp_ie_end = pos;
292 } else 292 } else
293 wpa_printf(MSG_DEBUG, "EID %d not recognized", *pos); 293 wpa_printf(MSG_DEBUG, "EID %d not recognized", *pos);
294 pos += ie_len + 2; 294 pos += ie_len + 2;
295 } 295 }
296 296
297 if (!wnmsleep_ie) { 297 if (!wnmsleep_ie) {
298 wpa_printf(MSG_DEBUG, "No WNM-Sleep IE found"); 298 wpa_printf(MSG_DEBUG, "No WNM-Sleep IE found");
299 return; 299 return;
300 } 300 }
301 301
 302 wpa_s->wnmsleep_used = 0;
 303
302 if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || 304 if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
303 wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { 305 wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
304 wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " 306 wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
305 "frame (action=%d, intval=%d)", 307 "frame (action=%d, intval=%d)",
306 wnmsleep_ie->action_type, wnmsleep_ie->intval); 308 wnmsleep_ie->action_type, wnmsleep_ie->intval);
307 if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_ENTER) { 309 if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_ENTER) {
308 wnm_sleep_mode_enter_success(wpa_s, tfsresp_ie_start, 310 wnm_sleep_mode_enter_success(wpa_s, tfsresp_ie_start,
309 tfsresp_ie_end); 311 tfsresp_ie_end);
310 } else if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT) { 312 } else if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT) {
311 wnm_sleep_mode_exit_success(wpa_s, frm, key_len_total); 313 wnm_sleep_mode_exit_success(wpa_s, frm, key_len_total);
312 } 314 }
313 } else { 315 } else {
314 wpa_printf(MSG_DEBUG, "Reject recv WNM-Sleep Response frame " 316 wpa_printf(MSG_DEBUG, "Reject recv WNM-Sleep Response frame "