Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

WPS: Set EAPOL workarounds dynamically based on association

Previously, the shorter startWhen value was used based on build
parameters (i.e., if WPS was enabled). This is not really ideal and the
knowledge of WPS use can be provided to the EAPOL state machine to allow
this (and similar WPS workarounds) to be done only when the association
is for the purpose of WPS.

Reduce the default startWhen value from 3 to 2 seconds for non-WPS case
since WPS builds have likely received most testing for the past years
with the 1 second value and there is no strong justification for forcing
the longer 3 second wait should a frame be lost or something else
require the EAPOL-Start to initiate operation after a connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 10 years ago
parent
8511a0f67b
commit
b08d5fa793
3 changed files with 16 additions and 7 deletions
Split View Show Diff Stats
  1. 10 7
      src/eapol_supp/eapol_supp_sm.c
  2. 5 0
      src/eapol_supp/eapol_supp_sm.h
  3. 1 0
      wpa_supplicant/wpa_supplicant.c

+ 10 - 7
src/eapol_supp/eapol_supp_sm.c
View File 

@@ -255,12 +255,14 @@ SM_STATE(SUPP_PAE, CONNECTING)
 
 		 * delay authentication. Use a short timeout to send the first
 
 		 * EAPOL-Start if Authenticator does not start authentication.
 
 		 */
 
-#ifdef CONFIG_WPS
 
-		/* Reduce latency on starting WPS negotiation. */
 
-		sm->startWhen = 1;
 
-#else /* CONFIG_WPS */
 
-		sm->startWhen = 3;
 
-#endif /* CONFIG_WPS */
 
+		if (sm->conf.wps) {
 
+			/* Reduce latency on starting WPS negotiation. */
 
+			wpa_printf(MSG_DEBUG,
 
+				   "EAPOL: Using shorter startWhen for WPS");
 
+			sm->startWhen = 1;
 
+		} else {
 
+			sm->startWhen = 2;
 
+		}
 
 	}
 
 	eapol_enable_timer_tick(sm);
 
 	sm->eapolEap = FALSE;
 
@@ -1242,7 +1244,7 @@ int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf,
 
 		return 0;
 
 	}
 
 #ifdef CONFIG_WPS
 
-	if (sm->conf.workaround &&
 
+	if (sm->conf.wps && sm->conf.workaround &&
 
 	    plen < len - sizeof(*hdr) &&
 
 	    hdr->type == IEEE802_1X_TYPE_EAP_PACKET &&
 
 	    len - sizeof(*hdr) > sizeof(struct eap_hdr)) {
 
@@ -1491,6 +1493,7 @@ void eapol_sm_notify_config(struct eapol_sm *sm,
 
 	sm->conf.required_keys = conf->required_keys;
 
 	sm->conf.fast_reauth = conf->fast_reauth;
 
 	sm->conf.workaround = conf->workaround;
 
+	sm->conf.wps = conf->wps;
 
 #ifdef CONFIG_EAP_PROXY
 
 	if (sm->use_eap_proxy) {
 
 		/* Using EAP Proxy, so skip EAP state machine update */

+ 5 - 0
src/eapol_supp/eapol_supp_sm.h
View File 

@@ -58,6 +58,11 @@ struct eapol_config {
 
 	 * external_sim - Use external processing for SIM/USIM operations
 
 	 */
 
 	int external_sim;
 
+
 
+	/**
 
+	 * wps - Whether this connection is used for WPS
 
+	 */
 
+	int wps;
 
 };
 
 
 struct eapol_sm;

+ 1 - 0
wpa_supplicant/wpa_supplicant.c
View File 

@@ -297,6 +297,7 @@ void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
 
 		wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
 
 		wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
 
 	eapol_conf.external_sim = wpa_s->conf->external_sim;
 
+	eapol_conf.wps = wpa_s->key_mgmt == WPA_KEY_MGMT_WPS;
 
 	eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
 
 #endif /* IEEE8021X_EAPOL */