svn commit: r336499 - head/contrib/wpa/src/ap

Cy Schubert cy at FreeBSD.org
Thu Jul 19 19:04:32 UTC 2018


Author: cy
Date: Thu Jul 19 19:04:30 2018
New Revision: 336499
URL: https://svnweb.freebsd.org/changeset/base/336499

Log:
  MFV: r336485
  
  Address: hostapd: Avoid key reinstallation in FT handshake
  
  Obtained from:	https://w1.fi/security/2017-1/\
  		rebased-v2.6-0001-hostapd-Avoid-key-\
  		reinstallation-in-FT-handshake.patch
  X-MFC-with:	r336203

Modified:
  head/contrib/wpa/src/ap/ieee802_11.c
  head/contrib/wpa/src/ap/wpa_auth.c
  head/contrib/wpa/src/ap/wpa_auth.h
Directory Properties:
  head/contrib/wpa/   (props changed)

Modified: head/contrib/wpa/src/ap/ieee802_11.c
==============================================================================
--- head/contrib/wpa/src/ap/ieee802_11.c	Thu Jul 19 19:03:18 2018	(r336498)
+++ head/contrib/wpa/src/ap/ieee802_11.c	Thu Jul 19 19:04:30 2018	(r336499)
@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hap
 {
 	struct ieee80211_ht_capabilities ht_cap;
 	struct ieee80211_vht_capabilities vht_cap;
+	int set = 1;
 
 	/*
 	 * Remove the STA entry to ensure the STA PS state gets cleared and
@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hap
 	 * FT-over-the-DS, where a station re-associates back to the same AP but
 	 * skips the authentication flow, or if working with a driver that
 	 * does not support full AP client state.
+	 *
+	 * Skip this if the STA has already completed FT reassociation and the
+	 * TK has been configured since the TX/RX PN must not be reset to 0 for
+	 * the same key.
 	 */
-	if (!sta->added_unassoc)
+	if (!sta->added_unassoc &&
+	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
+	     !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
 		hostapd_drv_sta_remove(hapd, sta->addr);
+		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
+		set = 0;
+	}
 
 #ifdef CONFIG_IEEE80211N
 	if (sta->flags & WLAN_STA_HT)
@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hap
 			    sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
 			    sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
 			    sta->vht_opmode, sta->p2p_ie ? 1 : 0,
-			    sta->added_unassoc)) {
+			    set)) {
 		hostapd_logger(hapd, sta->addr,
 			       HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
 			       "Could not %s STA to kernel driver",
-			       sta->added_unassoc ? "set" : "add");
+			       set ? "set" : "add");
 
 		if (sta->added_unassoc) {
 			hostapd_drv_sta_remove(hapd, sta->addr);

Modified: head/contrib/wpa/src/ap/wpa_auth.c
==============================================================================
--- head/contrib/wpa/src/ap/wpa_auth.c	Thu Jul 19 19:03:18 2018	(r336498)
+++ head/contrib/wpa/src/ap/wpa_auth.c	Thu Jul 19 19:04:30 2018	(r336499)
@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, en
 #else /* CONFIG_IEEE80211R */
 		break;
 #endif /* CONFIG_IEEE80211R */
+	case WPA_DRV_STA_REMOVED:
+		sm->tk_already_set = FALSE;
+		return 0;
 	}
 
 #ifdef CONFIG_IEEE80211R

Modified: head/contrib/wpa/src/ap/wpa_auth.h
==============================================================================
--- head/contrib/wpa/src/ap/wpa_auth.h	Thu Jul 19 19:03:18 2018	(r336498)
+++ head/contrib/wpa/src/ap/wpa_auth.h	Thu Jul 19 19:04:30 2018	(r336499)
@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
 		 u8 *data, size_t data_len);
 enum wpa_event {
 	WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
-	WPA_REAUTH_EAPOL, WPA_ASSOC_FT
+	WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
 };
 void wpa_remove_ptk(struct wpa_state_machine *sm);
 int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);


More information about the svn-src-all mailing list