rpm/hostapd
SHA256
1
0
Fork 0
forked from pool/hostapd
Code Pull Requests Activity

Accepting request 656165 from home:mnhauke:network

Browse Source 
- Update to version 2.7
  * fixed WPA packet number reuse with replayed messages and key
    reinstallation
    [http://w1.fi/security/2017-1/] (CVE-2017-13082)
  * added support for FILS (IEEE 802.11ai) shared key authentication
  * added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
    and transition mode defined by WFA)
  * added support for DPP (Wi-Fi Device Provisioning Protocol)
  * FT:
    - added local generation of PMK-R0/PMK-R1 for FT-PSK
      (ft_psk_generate_local=1)
    - replaced inter-AP protocol with a cleaner design that is more
      easily extensible; this breaks backward compatibility and requires
      all APs in the ESS to be updated at the same time to maintain FT
      functionality
    - added support for wildcard R0KH/R1KH
    - replaced r0_key_lifetime (minutes) parameter with
      ft_r0_key_lifetime (seconds)
    - fixed wpa_psk_file use for FT-PSK
    - fixed FT-SAE PMKID matching
    - added expiration to PMK-R0 and PMK-R1 cache
    - added IEEE VLAN support (including tagged VLANs)
    - added support for SHA384 based AKM
  * SAE
    - fixed some PMKSA caching cases with SAE
    - added support for configuring SAE password separately of the
      WPA2 PSK/passphrase
    - added option to require MFP for SAE associations
      (sae_require_pmf=1)
    - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection

OBS-URL: https://build.opensuse.org/request/show/656165
OBS-URL: https://build.opensuse.org/package/show/Base:System/hostapd?expand=0&rev=45
This commit is contained in:
Karol Babioch 2018-12-17 08:48:14 +00:00 committed by Git OBS Bridge
parent 24d8d87c79
commit 4f037ffde3
15 changed files with 174 additions and 1097 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hostapd-2.6.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:01526b90c1d23bec4b0f052039cc4456c2fd19347b4d830d1d58a0a6aea7117d
size 1822341

57
hostapd-2.6-defconfig.patch → hostapd-2.7-defconfig.patch
View File

@ -1,15 +1,8 @@
--- hostapd/defconfig.orig 2016-10-02 19:51:11.000000000 +0100
+++ hostapd/defconfig 2016-10-04 11:15:48.548609106 +0100
@@ -31,7 +31,7 @@
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
-#CONFIG_LIBNL32=y
+CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
@@ -42,7 +42,7 @@
diff --git a/hostapd/defconfig b/hostapd/defconfig
index 77a894d..8ccb8cb 100644
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -42,7 +42,7 @@ CONFIG_LIBNL32=y
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
@ -18,7 +11,7 @@
# IEEE 802.11F/IAPP
CONFIG_IAPP=y
@@ -81,53 +81,53 @@
@@ -78,31 +78,31 @@ CONFIG_EAP_GTC=y
CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
@ -59,10 +52,8 @@
# EAP-FAST for the integrated EAP server
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
-#CONFIG_EAP_FAST=y
+CONFIG_EAP_FAST=y
@@ -111,20 +111,20 @@ CONFIG_EAP_TTLS=y
#CONFIG_EAP_FAST=y
# Wi-Fi Protected Setup (WPS)
-#CONFIG_WPS=y
@ -88,14 +79,7 @@
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
@@ -135,27 +135,27 @@
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
-#CONFIG_RADIUS_SERVER=y
+CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
@@ -138,21 +138,21 @@ CONFIG_PKCS12=y
CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
@ -120,9 +104,9 @@
-#CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211AC=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
@@ -183,7 +183,7 @@
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
@@ -189,11 +189,11 @@ CONFIG_IPV6=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
@ -131,9 +115,14 @@
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
@@ -257,16 +257,16 @@
# gnutls = GnuTLS
-#CONFIG_VLAN_NETLINK=y
+CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
@@ -264,16 +264,16 @@ CONFIG_IPV6=y
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
-#CONFIG_TLS=openssl
+CONFIG_TLS=openssl
@ -149,9 +138,9 @@
-#CONFIG_TLSV12=y
+CONFIG_TLSV12=y
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
@@ -287,19 +287,19 @@
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
@@ -298,19 +298,19 @@ CONFIG_IPV6=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
@ -176,7 +165,7 @@
# Testing options
# This can be used to enable some testing options (see also the example
@@ -331,12 +331,12 @@
@@ -342,12 +342,12 @@ CONFIG_IPV6=y
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#

3
hostapd-2.7.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:21b0dda3cc3abe75849437f6b9746da461f88f0ea49dd621216936f87440a141
size 2101166

7
hostapd-2.7.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlwEQ5wACgkQK270Mu/IlfpX/gCeKuTFVjKy3P5J0fwW5twOccCZ
p90An2HZ+1jz75dIAN8m2HVaGGsceGhp
=DDIo
-----END PGP SIGNATURE-----

69
hostapd.changes
View File

@ -1,3 +1,72 @@
-------------------------------------------------------------------
Fri Dec 7 20:46:47 UTC 2018 - mardnh@gmx.de
- Update to version 2.7
* fixed WPA packet number reuse with replayed messages and key
reinstallation
[http://w1.fi/security/2017-1/] (CVE-2017-13082)
* added support for FILS (IEEE 802.11ai) shared key authentication
* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
and transition mode defined by WFA)
* added support for DPP (Wi-Fi Device Provisioning Protocol)
* FT:
- added local generation of PMK-R0/PMK-R1 for FT-PSK
(ft_psk_generate_local=1)
- replaced inter-AP protocol with a cleaner design that is more
easily extensible; this breaks backward compatibility and requires
all APs in the ESS to be updated at the same time to maintain FT
functionality
- added support for wildcard R0KH/R1KH
- replaced r0_key_lifetime (minutes) parameter with
ft_r0_key_lifetime (seconds)
- fixed wpa_psk_file use for FT-PSK
- fixed FT-SAE PMKID matching
- added expiration to PMK-R0 and PMK-R1 cache
- added IEEE VLAN support (including tagged VLANs)
- added support for SHA384 based AKM
* SAE
- fixed some PMKSA caching cases with SAE
- added support for configuring SAE password separately of the
WPA2 PSK/passphrase
- added option to require MFP for SAE associations
(sae_require_pmf=1)
- fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
for SAE;
note: this is not backwards compatible, i.e., both the AP and
station side implementations will need to be update at the same
time to maintain interoperability
- added support for Password Identifier
* hostapd_cli: added support for command history and completion
* added support for requesting beacon report
* large number of other fixes, cleanup, and extensions
* added option to configure EAPOL-Key retry limits
(wpa_group_update_count and wpa_pairwise_update_count)
* removed all PeerKey functionality
* fixed nl80211 AP mode configuration regression with Linux 4.15 and
newer
* added support for using wolfSSL cryptographic library
* fixed some 20/40 MHz coexistence cases where the BSS could drop to
20 MHz even when 40 MHz would be allowed
* Hotspot 2.0
- added support for setting Venue URL ANQP-element (venue_url)
- added support for advertising Hotspot 2.0 operator icons
- added support for Roaming Consortium Selection element
- added support for Terms and Conditions
- added support for OSEN connection in a shared RSN BSS
* added support for using OpenSSL 1.1.1
* added EAP-pwd server support for salted passwords
- Remove not longer needed patches (fixed upstream)
* rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
* rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
* rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
* rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
* rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
* rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
* rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
* rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
- Verify source signature
-------------------------------------------------------------------
Fri Oct 19 10:32:25 UTC 2018 - Karol Babioch <kbabioch@suse.com>

36
hostapd.keyring Normal file
View File

@ -0,0 +1,36 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com
mQGiBDoydw4RBAC9vfqCsU+dgrxUSdGf70zrEAIBxcjeqHusovztR65XOWE0ccjmQS2TVgJM
+OzYg9FJG7DuLQZDwhR10BZKJfG97fNyZVBCoO90bEcTufn96oceJlz/MHmy99+i6wYdIKYz
vmaxcC1QPhENr1scgin9nMiW1MTPJ7sSgjDqd0QPVwCgmaZUpzhKRusR5E/MmgI2kz73Ui0D
/03lVNypkQTbuBp1q71YqT9qjO8+5kXU5QXJhel0qUgJHcu3rdnIVaiANw1qauMM0DtnRKOt
caZntn03sFNnaJRx0JlmLa/cMP0nm1kPnR6Q3Cruz7InJnJZDXGsGH/ku4OcYLUJ8UgqzaO0
J5o66j7pxQQDo1UAs4PQaoYq/ECbA/9B6b3TzuHdqUgS/g2AYTc5MU+i92ydrBv2g9SPuH78
m/X4YicGR1HF7yNiJ/hiVa/axBUHpXE4vW0Bndj1bN4sctFeGGezGRaLiiggZkBBNnL8nF5e
ZebLvPrv4kr8Cchz+lGF5UFNVyLWwi/I5CSUqUtSXOD1Q9WcXoqJcrE2brQXSm91bmkgTWFs
aW5lbiA8akB3MS5maT6IXwQTEQIAHwUCReBvUQIbIwYLCQgHAwIEFQIIAwMWAgECHgECF4AA
CgkQK270Mu/Ilfq/HgCeMavvxAxc9CYwPkbEyFBWNk+Tx3sAn1G23zGdkLx1pTSmKijWJqyO
Oh2iiGIEExECACICGyMGCwkIBwMCBBUCCAMDFgIBAh4BAheABQJGWwf0AhkBAAoJECtu9DLv
yJX6bhgAn3dFmq4Fg3o2tFVvkfU0io0SHztXAJ9QPJ5IrKNW4Pwr1OesEr6VODKRerQZSm91
bmkgTWFsaW5lbiA8am1Aa2lyLm51PohfBBMRAgAfBQJGWwebAhsjBgsJCAcDAgQVAggDAxYC
AQIeAQIXgAAKCRArbvQy78iV+gZgAJ0Uniuc9gpS8LleYtQrT/cNr/OU5ACfVy5Gqqzal+Mg
8aB6mxKR5B2ende0IEpvdW5pIE1hbGluZW4gPGptQGptLmVwaXRlc3QuZmk+iFcEExECABcF
Ajoydw4FCwcKAwQDFQMCAxYCAQIXgAAKCRArbvQy78iV+o0vAJ4sY07fmnqzR8fMKKju1hhq
kIdeWACeIiA1F2f70GZ8tRRv3sMxP63VFZq0IkpvdW5pIE1hbGluZW4gPGprbWFsaW5lQGNj
Lmh1dC5maT6IVwQTEQIAFwUCOjJ9SQULBwoDBAMVAwIDFgIBAheAAAoJECtu9DLvyJX6mZkA
njfcQtXqkg98YlGv8/kjANhneTb5AJ0bsG6IC8k8gW/B6gtS8SElpE0gb7kCDQQ6MndbEAgA
vKm7+dJttqvYYbOeBjA/l3poNHR4h7rk7VT2LoCak0pYUkvECQXbpUfIWGAxh2084wf5LIkB
TnCEmWfs0ESBqi2zZXX+rWhlEyIWZCIdPdEWC1wmKDBQfFywTmi1Ucu0jMLD13WyEZE/b/Qs
zI2XE1FY8Dm0CkaU4ntCWYXP/wlJmO+rHKUWOYnw10/TTq+bjAN1uRSNQBXN3fOegWIXZ4XL
iZ/kEEvl7I969r6Vc2B6Evp09J0PYsJqj7UR3qfrdXLnahKLmlk/LaV5EgdGNDIzj8hpzQ5I
PaJt4I+UCszA3EAsQlUx46lVK5lugbNkZtmFTAbv0yBuBPYRCvDGvwADBQf+KTqLfJRmwCXK
L4LUhL52ulsjpxbZgvFAlycn9TJ88ywDuhb3/HM9eooNqPu24CokHlscHeyyRInL9pA9932Z
dzqkmWzXX7DsQfYPo7Vgvrzlxis6+j4u3yAV4JIcRf3lm4RYOyo+K3fowSPRe7iv8D8mPCYr
x/L8tsOgaIqXN0u6nFJ+RpOfMNBLmawB0hirfUFnf6e6aSH4IJm3O+2BVszP8/X4jFqePmCC
ZBB+rp89/vdakF1AuCRi+kDJ7CKInqqAJP+qxzAk34RUr0MbocaS1CPj0/bALyAWS2bWuoby
ImFaUk82cYlZroqFR1IT1UHXKTuTK69VRw8AvmR/JohGBBgRAgAGBQI6MndbAAoJECtu9DLv
yJX60QgAn1hLZt3rfOZJyXlCtgKXUOeBL8Z+AKCGIt+Y3Lcw/0nycz4hNec00UvDTQ==
=X3Kw
-----END PGP PUBLIC KEY BLOCK-----

87
hostapd.spec
View File

@ -12,35 +12,29 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: hostapd
BuildRequires: libnl3-devel
BuildRequires: openssl-devel
BuildRequires: pkg-config
BuildRequires: sqlite3-devel
BuildRequires: pkgconfig(libnl-3.0) >= 3.0
BuildRequires: pkgconfig(systemd)
Version: 2.7
Release: 0
Summary: Turns Your WLAN Card into a WPA capable Access Point
License: GPL-2.0-only OR BSD-3-Clause
Group: Hardware/Wifi
Version: 2.6
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: http://w1.fi/
Source: http://w1.fi/releases/hostapd-%{version}.tar.gz
Source1: hostapd.service
Patch0: hostapd-2.6-defconfig.patch
Patch1: rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
Patch2: rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
Patch3: rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
Patch4: rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
Patch5: rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
Patch6: rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
Patch7: rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
Patch8: rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
URL: https://w1.fi/
Source: https://w1.fi/releases/hostapd-%{version}.tar.gz
Source1: https://w1.fi/releases/hostapd-%{version}.tar.gz.asc
# https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x2B6EF432EFC895FA#/%%{name}.keyring
Source2: %{name}.keyring
Source3: hostapd.service
Patch0: hostapd-2.7-defconfig.patch
BuildRequires: libnl3-devel
BuildRequires: openssl-devel
BuildRequires: pkgconfig
BuildRequires: sqlite3-devel
BuildRequires: pkgconfig(libnl-3.0) >= 3.0
BuildRequires: pkgconfig(systemd)
%{?systemd_requires}
%description
@ -51,44 +45,35 @@ RADIUS authentication server. Currently, hostapd supports HostAP,
madwifi, and prism54 drivers. It also supports wired IEEE 802.1X
authentication via any ethernet driver.
%prep
%setup -q -n hostapd-%{version}
%patch0
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%setup -q
%patch0 -p1
cd hostapd
cp defconfig .config
%build
cd hostapd
CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE $(getconf LFS_CFLAGS)" CC="%{__cc}" make %{?_smp_mflags} V=1
CFLAGS="%{optflags} -D_GNU_SOURCE $(getconf LFS_CFLAGS)" CC="gcc" make %{?_smp_mflags} V=1
%install
cd hostapd
mkdir -p %{buildroot}/%{_sbindir}
mkdir %{buildroot}/etc
mkdir -p %{buildroot}/%{_mandir}/man8
install -d %{buildroot}/%{_sbindir}
install -d %{buildroot}%{_sysconfdir}
install -d %{buildroot}/%{_mandir}/man8
install -m 755 hostapd %{buildroot}/%{_sbindir}
ln -s /usr/sbin/service %{buildroot}/%{_sbindir}/rchostapd
ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rchostapd
install -m 755 hostapd_cli %{buildroot}/%{_sbindir}
install -m 600 hostapd.conf %{buildroot}/etc
install -m 644 hostapd.accept %{buildroot}/etc
install -m 644 hostapd.deny %{buildroot}/etc
install -m 600 hostapd.eap_user %{buildroot}/etc
install -m 600 hostapd.radius_clients %{buildroot}/etc
install -m 644 hostapd.sim_db %{buildroot}/etc
install -m 644 hostapd.vlan %{buildroot}/etc
install -m 600 hostapd.wpa_psk %{buildroot}/etc
install -m 600 hostapd.conf %{buildroot}%{_sysconfdir}
install -m 644 hostapd.accept %{buildroot}%{_sysconfdir}
install -m 644 hostapd.deny %{buildroot}%{_sysconfdir}
install -m 600 hostapd.eap_user %{buildroot}%{_sysconfdir}
install -m 600 hostapd.radius_clients %{buildroot}%{_sysconfdir}
install -m 644 hostapd.sim_db %{buildroot}%{_sysconfdir}
install -m 644 hostapd.vlan %{buildroot}%{_sysconfdir}
install -m 600 hostapd.wpa_psk %{buildroot}%{_sysconfdir}
install -m 644 hostapd.8 %{buildroot}/%{_mandir}/man8
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/hostapd.service
install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/hostapd.service
%pre
%service_add_pre hostapd.service
@ -103,11 +88,11 @@ install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/hostapd.service
%service_del_postun hostapd.service
%files
%defattr(-,root,root)
%config(noreplace) /etc/hostapd.*
%config(noreplace) %{_sysconfdir}/hostapd.*
%{_sbindir}/*
%doc hostapd/ChangeLog COPYING hostapd/README hostapd/wired.conf hostapd/hostapd.conf
%doc %{_mandir}/man8/*
%license COPYING
%doc hostapd/ChangeLog hostapd/README hostapd/wired.conf hostapd/hostapd.conf
%{_mandir}/man8/*
%{_unitdir}/hostapd.service
%changelog

44
rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
View File

@ -1,44 +0,0 @@
From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Date: Sun, 15 Jul 2018 01:25:53 +0200
Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data
Ignore unauthenticated encrypted EAPOL-Key data in supplicant
processing. When using WPA2, these are frames that have the Encrypted
flag set, but not the MIC flag.
When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
not the MIC flag, had their data field decrypted without first verifying
the MIC. In case the data field was encrypted using RC4 (i.e., when
negotiating TKIP as the pairwise cipher), this meant that
unauthenticated but decrypted data would then be processed. An adversary
could abuse this as a decryption oracle to recover sensitive information
in the data field of EAPOL-Key messages (e.g., the group key).
(CVE-2018-14526)
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
---
src/rsn_supp/wpa.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff -upr wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c wpa_supplicant-2.6/src/rsn_supp/wpa.c
--- wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c 2016-10-02 21:51:11.000000000 +0300
+++ wpa_supplicant-2.6/src/rsn_supp/wpa.c 2018-08-08 16:55:11.506831029 +0300
@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c
if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
+ /*
+ * Only decrypt the Key Data field if the frame's authenticity
+ * was verified. When using AES-SIV (FILS), the MIC flag is not
+ * set, so this check should only be performed if mic_len != 0
+ * which is the case in this code branch.
+ */
+ if (!(key_info & WPA_KEY_INFO_MIC)) {
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
+ goto out;
+ }
if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
&key_data_len))
goto out;

174
rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
View File

@ -1,174 +0,0 @@
From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Date: Fri, 14 Jul 2017 15:15:35 +0200
Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
Do not reinstall TK to the driver during Reassociation Response frame
processing if the first attempt of setting the TK succeeded. This avoids
issues related to clearing the TX/RX PN that could result in reusing
same PN values for transmitted frames (e.g., due to CCM nonce reuse and
also hitting replay protection on the receiver) and accepting replayed
frames on RX side.
This issue was introduced by the commit
0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
authenticator') which allowed wpa_ft_install_ptk() to be called multiple
times with the same PTK. While the second configuration attempt is
needed with some drivers, it must be done only if the first attempt
failed.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
---
src/ap/ieee802_11.c | 16 +++++++++++++---
src/ap/wpa_auth.c | 11 +++++++++++
src/ap/wpa_auth.h | 3 ++-
src/ap/wpa_auth_ft.c | 10 ++++++++++
src/ap/wpa_auth_i.h | 1 +
5 files changed, 37 insertions(+), 4 deletions(-)
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 4e04169..333035f 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
{
struct ieee80211_ht_capabilities ht_cap;
struct ieee80211_vht_capabilities vht_cap;
+ int set = 1;
/*
* Remove the STA entry to ensure the STA PS state gets cleared and
@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
* FT-over-the-DS, where a station re-associates back to the same AP but
* skips the authentication flow, or if working with a driver that
* does not support full AP client state.
+ *
+ * Skip this if the STA has already completed FT reassociation and the
+ * TK has been configured since the TX/RX PN must not be reset to 0 for
+ * the same key.
*/
- if (!sta->added_unassoc)
+ if (!sta->added_unassoc &&
+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
hostapd_drv_sta_remove(hapd, sta->addr);
+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
+ set = 0;
+ }
#ifdef CONFIG_IEEE80211N
if (sta->flags & WLAN_STA_HT)
@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
sta->vht_opmode, sta->p2p_ie ? 1 : 0,
- sta->added_unassoc)) {
+ set)) {
hostapd_logger(hapd, sta->addr,
HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
"Could not %s STA to kernel driver",
- sta->added_unassoc ? "set" : "add");
+ set ? "set" : "add");
if (sta->added_unassoc) {
hostapd_drv_sta_remove(hapd, sta->addr);
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 3587086..707971d 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
#else /* CONFIG_IEEE80211R */
break;
#endif /* CONFIG_IEEE80211R */
+ case WPA_DRV_STA_REMOVED:
+ sm->tk_already_set = FALSE;
+ return 0;
}
#ifdef CONFIG_IEEE80211R
@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
}
+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
+{
+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
+ return 0;
+ return sm->tk_already_set;
+}
+
+
int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
struct rsn_pmksa_cache_entry *entry)
{
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 0de8d97..97461b0 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
u8 *data, size_t data_len);
enum wpa_event {
WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
};
void wpa_remove_ptk(struct wpa_state_machine *sm);
int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
struct rsn_pmksa_cache_entry *entry);
struct rsn_pmksa_cache_entry *
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 42242a5..e63b99a 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
return;
}
+ if (sm->tk_already_set) {
+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
+ * PN in the driver */
+ wpa_printf(MSG_DEBUG,
+ "FT: Do not re-install same PTK to the driver");
+ return;
+ }
+
/* FIX: add STA entry to kernel/driver here? The set_key will fail
* most likely without this.. At the moment, STA entry is added only
* after association has been completed. This function will be called
@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
sm->pairwise_set = TRUE;
+ sm->tk_already_set = TRUE;
}
@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
sm->pairwise = pairwise;
sm->PTK_valid = TRUE;
+ sm->tk_already_set = FALSE;
wpa_ft_install_ptk(sm);
buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index 72b7eb3..7fd8f05 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -65,6 +65,7 @@ struct wpa_state_machine {
struct wpa_ptk PTK;
Boolean PTK_valid;
Boolean pairwise_set;
+ Boolean tk_already_set;
int keycount;
Boolean Pair;
struct wpa_key_replay_counter {
--
2.7.4

250
rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
View File

@ -1,250 +0,0 @@
From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Date: Wed, 12 Jul 2017 16:03:24 +0200
Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
Track the current GTK and IGTK that is in use and when receiving a
(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
not install the given key if it is already in use. This prevents an
attacker from trying to trick the client into resetting or lowering the
sequence counter associated to the group key.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
---
src/common/wpa_common.h | 11 +++++
src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
src/rsn_supp/wpa_i.h | 4 ++
3 files changed, 87 insertions(+), 44 deletions(-)
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index af1d0f0..d200285 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -217,6 +217,17 @@ struct wpa_ptk {
size_t tk_len;
};
+struct wpa_gtk {
+ u8 gtk[WPA_GTK_MAX_LEN];
+ size_t gtk_len;
+};
+
+#ifdef CONFIG_IEEE80211W
+struct wpa_igtk {
+ u8 igtk[WPA_IGTK_MAX_LEN];
+ size_t igtk_len;
+};
+#endif /* CONFIG_IEEE80211W */
/* WPA IE version 1
* 00-50-f2:1 (OUI:OUI type)
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 3c47879..95bd7be 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
const u8 *_gtk = gd->gtk;
u8 gtk_buf[32];
+ /* Detect possible key reinstallation */
+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
+ gd->keyidx, gd->tx, gd->gtk_len);
+ return 0;
+ }
+
wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
}
os_memset(gtk_buf, 0, sizeof(gtk_buf));
+ sm->gtk.gtk_len = gd->gtk_len;
+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
+
return 0;
}
@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
}
+#ifdef CONFIG_IEEE80211W
+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+ const struct wpa_igtk_kde *igtk)
+{
+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
+
+ /* Detect possible key reinstallation */
+ if (sm->igtk.igtk_len == len &&
+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
+ keyidx);
+ return 0;
+ }
+
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
+ keyidx, MAC2STR(igtk->pn));
+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
+ if (keyidx > 4095) {
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: Invalid IGTK KeyID %d", keyidx);
+ return -1;
+ }
+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+ broadcast_ether_addr,
+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
+ igtk->igtk, len) < 0) {
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: Failed to configure IGTK to the driver");
+ return -1;
+ }
+
+ sm->igtk.igtk_len = len;
+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
+
+ return 0;
+}
+#endif /* CONFIG_IEEE80211W */
+
+
static int ieee80211w_set_keys(struct wpa_sm *sm,
struct wpa_eapol_ie_parse *ie)
{
@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
if (ie->igtk) {
size_t len;
const struct wpa_igtk_kde *igtk;
- u16 keyidx;
+
len = wpa_cipher_key_len(sm->mgmt_group_cipher);
if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
return -1;
+
igtk = (const struct wpa_igtk_kde *) ie->igtk;
- keyidx = WPA_GET_LE16(igtk->keyid);
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
- "pn %02x%02x%02x%02x%02x%02x",
- keyidx, MAC2STR(igtk->pn));
- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
- igtk->igtk, len);
- if (keyidx > 4095) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- "WPA: Invalid IGTK KeyID %d", keyidx);
- return -1;
- }
- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
- broadcast_ether_addr,
- keyidx, 0, igtk->pn, sizeof(igtk->pn),
- igtk->igtk, len) < 0) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- "WPA: Failed to configure IGTK to the driver");
+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
return -1;
- }
}
return 0;
@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
*/
void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
{
- int clear_ptk = 1;
+ int clear_keys = 1;
if (sm == NULL)
return;
@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
/* Prepare for the next transition */
wpa_ft_prepare_auth_request(sm, NULL);
- clear_ptk = 0;
+ clear_keys = 0;
}
#endif /* CONFIG_IEEE80211R */
- if (clear_ptk) {
+ if (clear_keys) {
/*
* IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
* this is not part of a Fast BSS Transition.
@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
sm->tptk_set = 0;
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
+#ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
+#endif /* CONFIG_IEEE80211W */
}
#ifdef CONFIG_TDLS
@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
os_memset(sm->pmk, 0, sizeof(sm->pmk));
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
+#ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
+#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_IEEE80211R
os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
os_memset(&gd, 0, sizeof(gd));
#ifdef CONFIG_IEEE80211W
} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
- struct wpa_igtk_kde igd;
- u16 keyidx;
-
- os_memset(&igd, 0, sizeof(igd));
- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
- os_memcpy(igd.keyid, buf + 2, 2);
- os_memcpy(igd.pn, buf + 4, 6);
-
- keyidx = WPA_GET_LE16(igd.keyid);
- os_memcpy(igd.igtk, buf + 10, keylen);
-
- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
- igd.igtk, keylen);
- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
- broadcast_ether_addr,
- keyidx, 0, igd.pn, sizeof(igd.pn),
- igd.igtk, keylen) < 0) {
- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
- "WNM mode");
- os_memset(&igd, 0, sizeof(igd));
+ const struct wpa_igtk_kde *igtk;
+
+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
return -1;
- }
- os_memset(&igd, 0, sizeof(igd));
#endif /* CONFIG_IEEE80211W */
} else {
wpa_printf(MSG_DEBUG, "Unknown element id");
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index f653ba6..afc9e37 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -31,6 +31,10 @@ struct wpa_sm {
u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
int rx_replay_counter_set;
u8 request_counter[WPA_REPLAY_COUNTER_LEN];
+ struct wpa_gtk gtk;
+#ifdef CONFIG_IEEE80211W
+ struct wpa_igtk igtk;
+#endif /* CONFIG_IEEE80211W */
struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
--
2.7.4

184
rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
View File

@ -1,184 +0,0 @@
From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 1 Oct 2017 12:12:24 +0300
Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
Mode cases
This extends the protection to track last configured GTK/IGTK value
separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
corner case where these two different mechanisms may get used when the
GTK/IGTK has changed and tracking a single value is not sufficient to
detect a possible key reconfiguration.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
src/rsn_supp/wpa_i.h | 2 ++
2 files changed, 40 insertions(+), 15 deletions(-)
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 95bd7be..7a2c68d 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -709,14 +709,17 @@ struct wpa_gtk_data {
static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
const struct wpa_gtk_data *gd,
- const u8 *key_rsc)
+ const u8 *key_rsc, int wnm_sleep)
{
const u8 *_gtk = gd->gtk;
u8 gtk_buf[32];
/* Detect possible key reinstallation */
- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
gd->keyidx, gd->tx, gd->gtk_len);
@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
}
os_memset(gtk_buf, 0, sizeof(gtk_buf));
- sm->gtk.gtk_len = gd->gtk_len;
- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
+ if (wnm_sleep) {
+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
+ sm->gtk_wnm_sleep.gtk_len);
+ } else {
+ sm->gtk.gtk_len = gd->gtk_len;
+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
+ }
return 0;
}
@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
(wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
gtk_len, gtk_len,
&gd.key_rsc_len, &gd.alg) ||
- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"RSN: Failed to install GTK");
os_memset(&gd, 0, sizeof(gd));
@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
#ifdef CONFIG_IEEE80211W
static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
- const struct wpa_igtk_kde *igtk)
+ const struct wpa_igtk_kde *igtk,
+ int wnm_sleep)
{
size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
u16 keyidx = WPA_GET_LE16(igtk->keyid);
/* Detect possible key reinstallation */
- if (sm->igtk.igtk_len == len &&
- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
+ if ((sm->igtk.igtk_len == len &&
+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
+ (sm->igtk_wnm_sleep.igtk_len == len &&
+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
keyidx);
@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
return -1;
}
- sm->igtk.igtk_len = len;
- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
+ if (wnm_sleep) {
+ sm->igtk_wnm_sleep.igtk_len = len;
+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
+ sm->igtk_wnm_sleep.igtk_len);
+ } else {
+ sm->igtk.igtk_len = len;
+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
+ }
return 0;
}
@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
return -1;
igtk = (const struct wpa_igtk_kde *) ie->igtk;
- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
return -1;
}
@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
key_rsc = null_rsc;
- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
goto failed;
os_memset(&gd, 0, sizeof(gd));
@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
sm->tptk_set = 0;
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
os_memset(&sm->gtk, 0, sizeof(sm->gtk));
+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
#ifdef CONFIG_IEEE80211W
os_memset(&sm->igtk, 0, sizeof(sm->igtk));
+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
#endif /* CONFIG_IEEE80211W */
}
@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
os_memset(&sm->gtk, 0, sizeof(sm->gtk));
+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
#ifdef CONFIG_IEEE80211W
os_memset(&sm->igtk, 0, sizeof(sm->igtk));
+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_IEEE80211R
os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
gd.gtk, gd.gtk_len);
- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
os_memset(&gd, 0, sizeof(gd));
wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
"WNM mode");
@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
const struct wpa_igtk_kde *igtk;
igtk = (const struct wpa_igtk_kde *) (buf + 2);
- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
return -1;
#endif /* CONFIG_IEEE80211W */
} else {
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index afc9e37..9a54631 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -32,8 +32,10 @@ struct wpa_sm {
int rx_replay_counter_set;
u8 request_counter[WPA_REPLAY_COUNTER_LEN];
struct wpa_gtk gtk;
+ struct wpa_gtk gtk_wnm_sleep;
#ifdef CONFIG_IEEE80211W
struct wpa_igtk igtk;
+ struct wpa_igtk igtk_wnm_sleep;
#endif /* CONFIG_IEEE80211W */
struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
--
2.7.4

79
rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
View File

@ -1,79 +0,0 @@
From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Date: Fri, 29 Sep 2017 04:22:51 +0200
Subject: [PATCH 4/8] Prevent installation of an all-zero TK
Properly track whether a PTK has already been installed to the driver
and the TK part cleared from memory. This prevents an attacker from
trying to trick the client into installing an all-zero TK.
This fixes the earlier fix in commit
ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
driver in EAPOL-Key 3/4 retry case') which did not take into account
possibility of an extra message 1/4 showing up between retries of
message 3/4.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
---
src/common/wpa_common.h | 1 +
src/rsn_supp/wpa.c | 5 ++---
src/rsn_supp/wpa_i.h | 1 -
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index d200285..1021ccb 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -215,6 +215,7 @@ struct wpa_ptk {
size_t kck_len;
size_t kek_len;
size_t tk_len;
+ int installed; /* 1 if key has already been installed to driver */
};
struct wpa_gtk {
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 7a2c68d..0550a41 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
os_memset(buf, 0, sizeof(buf));
}
sm->tptk_set = 1;
- sm->tk_to_set = 1;
kde = sm->assoc_wpa_ie;
kde_len = sm->assoc_wpa_ie_len;
@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
enum wpa_alg alg;
const u8 *key_rsc;
- if (!sm->tk_to_set) {
+ if (sm->ptk.installed) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"WPA: Do not re-install same PTK to the driver");
return 0;
@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
/* TK is not needed anymore in supplicant */
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
- sm->tk_to_set = 0;
+ sm->ptk.installed = 1;
if (sm->wpa_ptk_rekey) {
eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index 9a54631..41f371f 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -24,7 +24,6 @@ struct wpa_sm {
struct wpa_ptk ptk, tptk;
int ptk_set, tptk_set;
unsigned int msg_3_of_4_ok:1;
- unsigned int tk_to_set:1;
u8 snonce[WPA_NONCE_LEN];
u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
int renew_snonce;
--
2.7.4

64
rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
View File

@ -1,64 +0,0 @@
From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 1 Oct 2017 12:32:57 +0300
Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
The Authenticator state machine path for PTK rekeying ended up bypassing
the AUTHENTICATION2 state where a new ANonce is generated when going
directly to the PTKSTART state since there is no need to try to
determine the PMK again in such a case. This is far from ideal since the
new PTK would depend on a new nonce only from the supplicant.
Fix this by generating a new ANonce when moving to the PTKSTART state
for the purpose of starting new 4-way handshake to rekey PTK.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 707971d..bf10cc1 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
}
+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
+{
+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
+ wpa_printf(MSG_ERROR,
+ "WPA: Failed to get random data for ANonce");
+ sm->Disconnect = TRUE;
+ return -1;
+ }
+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
+ WPA_NONCE_LEN);
+ sm->TimeoutCtr = 0;
+ return 0;
+}
+
+
SM_STATE(WPA_PTK, INITPMK)
{
u8 msk[2 * PMK_LEN];
@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
SM_ENTER(WPA_PTK, AUTHENTICATION);
else if (sm->ReAuthenticationRequest)
SM_ENTER(WPA_PTK, AUTHENTICATION2);
- else if (sm->PTKRequest)
- SM_ENTER(WPA_PTK, PTKSTART);
- else switch (sm->wpa_ptk_state) {
+ else if (sm->PTKRequest) {
+ if (wpa_auth_sm_ptk_update(sm) < 0)
+ SM_ENTER(WPA_PTK, DISCONNECTED);
+ else
+ SM_ENTER(WPA_PTK, PTKSTART);
+ } else switch (sm->wpa_ptk_state) {
case WPA_PTK_INITIALIZE:
break;
case WPA_PTK_DISCONNECT:
--
2.7.4

132
rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
View File

@ -1,132 +0,0 @@
From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Fri, 22 Sep 2017 11:03:15 +0300
Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
Do not try to reconfigure the same TPK-TK to the driver after it has
been successfully configured. This is an explicit check to avoid issues
related to resetting the TX/RX packet number. There was already a check
for this for TPK M2 (retries of that message are ignored completely), so
that behavior does not get modified.
For TPK M3, the TPK-TK could have been reconfigured, but that was
followed by immediate teardown of the link due to an issue in updating
the STA entry. Furthermore, for TDLS with any real security (i.e.,
ignoring open/WEP), the TPK message exchange is protected on the AP path
and simple replay attacks are not feasible.
As an additional corner case, make sure the local nonce gets updated if
the peer uses a very unlikely "random nonce" of all zeros.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
1 file changed, 36 insertions(+), 2 deletions(-)
diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
index e424168..9eb9738 100644
--- a/src/rsn_supp/tdls.c
+++ b/src/rsn_supp/tdls.c
@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
} tpk;
int tpk_set;
+ int tk_set; /* TPK-TK configured to the driver */
int tpk_success;
int tpk_in_progress;
@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
u8 rsc[6];
enum wpa_alg alg;
+ if (peer->tk_set) {
+ /*
+ * This same TPK-TK has already been configured to the driver
+ * and this new configuration attempt (likely due to an
+ * unexpected retransmitted frame) would result in clearing
+ * the TX/RX sequence number which can break security, so must
+ * not allow that to happen.
+ */
+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
+ " has already been configured to the driver - do not reconfigure",
+ MAC2STR(peer->addr));
+ return -1;
+ }
+
os_memset(rsc, 0, 6);
switch (peer->cipher) {
@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
return -1;
}
+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
+ MAC2STR(peer->addr));
if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
"driver");
return -1;
}
+ peer->tk_set = 1;
return 0;
}
@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
peer->cipher = 0;
peer->qos_info = 0;
peer->wmm_capable = 0;
- peer->tpk_set = peer->tpk_success = 0;
+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
peer->chan_switch_enabled = 0;
os_memset(&peer->tpk, 0, sizeof(peer->tpk));
os_memset(peer->inonce, 0, WPA_NONCE_LEN);
@@ -1159,6 +1177,7 @@ skip_rsnie:
wpa_tdls_peer_free(sm, peer);
return -1;
}
+ peer->tk_set = 0; /* A new nonce results in a new TK */
wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
peer->inonce, WPA_NONCE_LEN);
os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
}
+static int tdls_nonce_set(const u8 *nonce)
+{
+ int i;
+
+ for (i = 0; i < WPA_NONCE_LEN; i++) {
+ if (nonce[i])
+ return 1;
+ }
+
+ return 0;
+}
+
+
static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
const u8 *buf, size_t len)
{
@@ -2004,7 +2036,8 @@ skip_rsn:
peer->rsnie_i_len = kde.rsn_ie_len;
peer->cipher = cipher;
- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
+ !tdls_nonce_set(peer->inonce)) {
/*
* There is no point in updating the RNonce for every obtained
* TPK M1 frame (e.g., retransmission due to timeout) with the
@@ -2020,6 +2053,7 @@ skip_rsn:
"TDLS: Failed to get random data for responder nonce");
goto error;
}
+ peer->tk_set = 0; /* A new nonce results in a new TK */
}
#if 0
--
2.7.4

82
rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
View File

@ -1,82 +0,0 @@
From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Fri, 22 Sep 2017 12:06:37 +0300
Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
The driver is expected to not report a second association event without
the station having explicitly request a new association. As such, this
case should not be reachable. However, since reconfiguring the same
pairwise or group keys to the driver could result in nonce reuse issues,
be extra careful here and do an additional state check to avoid this
even if the local driver ends up somehow accepting an unexpected
Reassociation Response frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/rsn_supp/wpa.c | 3 +++
src/rsn_supp/wpa_ft.c | 8 ++++++++
src/rsn_supp/wpa_i.h | 1 +
3 files changed, 12 insertions(+)
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 0550a41..2a53c6f 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
#ifdef CONFIG_TDLS
wpa_tdls_disassoc(sm);
#endif /* CONFIG_TDLS */
+#ifdef CONFIG_IEEE80211R
+ sm->ft_reassoc_completed = 0;
+#endif /* CONFIG_IEEE80211R */
/* Keys are not needed in the WPA state machine anymore */
wpa_sm_drop_sa(sm);
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 205793e..d45bb45 100644
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
u16 capab;
sm->ft_completed = 0;
+ sm->ft_reassoc_completed = 0;
buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
2 + sm->r0kh_id_len + ric_ies_len + 100;
@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
return -1;
}
+ if (sm->ft_reassoc_completed) {
+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
+ return 0;
+ }
+
if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
return -1;
@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
return -1;
}
+ sm->ft_reassoc_completed = 1;
+
if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
return -1;
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index 41f371f..56f88dc 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -128,6 +128,7 @@ struct wpa_sm {
size_t r0kh_id_len;
u8 r1kh_id[FT_R1KH_ID_LEN];
int ft_completed;
+ int ft_reassoc_completed;
int over_the_ds_in_progress;
u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
int set_ptk_after_assoc;
--
2.7.4