Home Explore Help
Register Sign In
wareck
/
openwrt_lede
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 488fc98adf
Branches Tags
openwrt_lede
/
package
/
network
/
services
/
hostapd
/
patches
/
007-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch

007-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch 6.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173 
  1. From: Jouni Malinen <j@w1.fi>
    2. 

  2. Date: Sun, 1 Oct 2017 12:12:24 +0300
    3. 

  3. Subject: [PATCH] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
    4. 

  4.  Mode cases
    5. 

  5. 

  6. This extends the protection to track last configured GTK/IGTK value
    7. 

  7. separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
    8. 

  8. corner case where these two different mechanisms may get used when the
    9. 

  9. GTK/IGTK has changed and tracking a single value is not sufficient to
    10. 

  10. detect a possible key reconfiguration.
    11. 

  11. 

  12. Signed-off-by: Jouni Malinen <j@w1.fi>
    13. 

  13. ---
    14. 

  14. 

  15. --- a/src/rsn_supp/wpa.c
    16. 

  16. +++ b/src/rsn_supp/wpa.c
    17. 

  17. @@ -780,14 +780,17 @@ struct wpa_gtk_data {
    18. 

  18.  
    19. 

  19.  static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
    20. 

  20.  				      const struct wpa_gtk_data *gd,
    21. 

  21. -				      const u8 *key_rsc)
    22. 

  22. +				      const u8 *key_rsc, int wnm_sleep)
    23. 

  23.  {
    24. 

  24.  	const u8 *_gtk = gd->gtk;
    25. 

  25.  	u8 gtk_buf[32];
    26. 

  26.  
    27. 

  27.  	/* Detect possible key reinstallation */
    28. 

  28. -	if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
    29. 

  29. -	    os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
    30. 

  30. +	if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
    31. 

  31. +	     os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
    32. 

  32. +	    (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
    33. 

  33. +	     os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
    34. 

  34. +		       sm->gtk_wnm_sleep.gtk_len) == 0)) {
    35. 

  35.  		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
    36. 

  36.  			"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
    37. 

  37.  			gd->keyidx, gd->tx, gd->gtk_len);
    38. 

  38. @@ -828,8 +831,14 @@ static int wpa_supplicant_install_gtk(st
    39. 

  39.  	}
    40. 

  40.  	os_memset(gtk_buf, 0, sizeof(gtk_buf));
    41. 

  41.  
    42. 

  42. -	sm->gtk.gtk_len = gd->gtk_len;
    43. 

  43. -	os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
    44. 

  44. +	if (wnm_sleep) {
    45. 

  45. +		sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
    46. 

  46. +		os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
    47. 

  47. +			  sm->gtk_wnm_sleep.gtk_len);
    48. 

  48. +	} else {
    49. 

  49. +		sm->gtk.gtk_len = gd->gtk_len;
    50. 

  50. +		os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
    51. 

  51. +	}
    52. 

  52.  
    53. 

  53.  	return 0;
    54. 

  54.  }
    55. 

  55. @@ -923,7 +932,7 @@ static int wpa_supplicant_pairwise_gtk(s
    56. 

  56.  	    (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
    57. 

  57.  					       gtk_len, gtk_len,
    58. 

  58.  					       &gd.key_rsc_len, &gd.alg) ||
    59. 

  59. -	     wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
    60. 

  60. +	     wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
    61. 

  61.  		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
    62. 

  62.  			"RSN: Failed to install GTK");
    63. 

  63.  		os_memset(&gd, 0, sizeof(gd));
    64. 

  64. @@ -939,14 +948,18 @@ static int wpa_supplicant_pairwise_gtk(s
    65. 

  65.  
    66. 

  66.  #ifdef CONFIG_IEEE80211W
    67. 

  67.  static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
    68. 

  68. -				       const struct wpa_igtk_kde *igtk)
    69. 

  69. +				       const struct wpa_igtk_kde *igtk,
    70. 

  70. +				       int wnm_sleep)
    71. 

  71.  {
    72. 

  72.  	size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
    73. 

  73.  	u16 keyidx = WPA_GET_LE16(igtk->keyid);
    74. 

  74.  
    75. 

  75.  	/* Detect possible key reinstallation */
    76. 

  76. -	if (sm->igtk.igtk_len == len &&
    77. 

  77. -	    os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
    78. 

  78. +	if ((sm->igtk.igtk_len == len &&
    79. 

  79. +	     os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
    80. 

  80. +	    (sm->igtk_wnm_sleep.igtk_len == len &&
    81. 

  81. +	     os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
    82. 

  82. +		       sm->igtk_wnm_sleep.igtk_len) == 0)) {
    83. 

  83.  		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
    84. 

  84.  			"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
    85. 

  85.  			keyidx);
    86. 

  86. @@ -971,8 +984,14 @@ static int wpa_supplicant_install_igtk(s
    87. 

  87.  		return -1;
    88. 

  88.  	}
    89. 

  89.  
    90. 

  90. -	sm->igtk.igtk_len = len;
    91. 

  91. -	os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
    92. 

  92. +	if (wnm_sleep) {
    93. 

  93. +		sm->igtk_wnm_sleep.igtk_len = len;
    94. 

  94. +		os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
    95. 

  95. +			  sm->igtk_wnm_sleep.igtk_len);
    96. 

  96. +	} else {
    97. 

  97. +		sm->igtk.igtk_len = len;
    98. 

  98. +		os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
    99. 

  99. +	}
    100. 

  100.  
    101. 

  101.  	return 0;
    102. 

  102.  }
    103. 

  103. @@ -995,7 +1014,7 @@ static int ieee80211w_set_keys(struct wp
    104. 

  104.  			return -1;
    105. 

  105.  
    106. 

  106.  		igtk = (const struct wpa_igtk_kde *) ie->igtk;
    107. 

  107. -		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
    108. 

  108. +		if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
    109. 

  109.  			return -1;
    110. 

  110.  	}
    111. 

  111.  
    112. 

  112. @@ -1641,7 +1660,7 @@ static void wpa_supplicant_process_1_of_
    113. 

  113.  	if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
    114. 

  114.  		key_rsc = null_rsc;
    115. 

  115.  
    116. 

  116. -	if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
    117. 

  117. +	if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
    118. 

  118.  	    wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
    119. 

  119.  		goto failed;
    120. 

  120.  	os_memset(&gd, 0, sizeof(gd));
    121. 

  121. @@ -2540,8 +2559,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *
    122. 

  122.  		sm->tptk_set = 0;
    123. 

  123.  		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
    124. 

  124.  		os_memset(&sm->gtk, 0, sizeof(sm->gtk));
    125. 

  125. +		os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
    126. 

  126.  #ifdef CONFIG_IEEE80211W
    127. 

  127.  		os_memset(&sm->igtk, 0, sizeof(sm->igtk));
    128. 

  128. +		os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
    129. 

  129.  #endif /* CONFIG_IEEE80211W */
    130. 

  130.  	}
    131. 

  131.  
    132. 

  132. @@ -3095,8 +3116,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
    133. 

  133.  	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
    134. 

  134.  	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
    135. 

  135.  	os_memset(&sm->gtk, 0, sizeof(sm->gtk));
    136. 

  136. +	os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
    137. 

  137.  #ifdef CONFIG_IEEE80211W
    138. 

  138.  	os_memset(&sm->igtk, 0, sizeof(sm->igtk));
    139. 

  139. +	os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
    140. 

  140.  #endif /* CONFIG_IEEE80211W */
    141. 

  141.  #ifdef CONFIG_IEEE80211R
    142. 

  142.  	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
    143. 

  143. @@ -3161,7 +3184,7 @@ int wpa_wnmsleep_install_key(struct wpa_
    144. 

  144.  
    145. 

  145.  		wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
    146. 

  146.  				gd.gtk, gd.gtk_len);
    147. 

  147. -		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
    148. 

  148. +		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
    149. 

  149.  			os_memset(&gd, 0, sizeof(gd));
    150. 

  150.  			wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
    151. 

  151.  				   "WNM mode");
    152. 

  152. @@ -3173,7 +3196,7 @@ int wpa_wnmsleep_install_key(struct wpa_
    153. 

  153.  		const struct wpa_igtk_kde *igtk;
    154. 

  154.  
    155. 

  155.  		igtk = (const struct wpa_igtk_kde *) (buf + 2);
    156. 

  156. -		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
    157. 

  157. +		if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
    158. 

  158.  			return -1;
    159. 

  159.  #endif /* CONFIG_IEEE80211W */
    160. 

  160.  	} else {
    161. 

  161. --- a/src/rsn_supp/wpa_i.h
    162. 

  162. +++ b/src/rsn_supp/wpa_i.h
    163. 

  163. @@ -32,8 +32,10 @@ struct wpa_sm {
    164. 

  164.  	int rx_replay_counter_set;
    165. 

  165.  	u8 request_counter[WPA_REPLAY_COUNTER_LEN];
    166. 

  166.  	struct wpa_gtk gtk;
    167. 

  167. +	struct wpa_gtk gtk_wnm_sleep;
    168. 

  168.  #ifdef CONFIG_IEEE80211W
    169. 

  169.  	struct wpa_igtk igtk;
    170. 

  170. +	struct wpa_igtk igtk_wnm_sleep;
    171. 

  171.  #endif /* CONFIG_IEEE80211W */
    172. 

  172.  
    173. 

  173.  	struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
    174.