rpm/wpa_supplicant
SHA256
1
0
Fork 0
forked from pool/wpa_supplicant
Code Pull Requests Activity

Accepting request 745943 from hardware

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/745943
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wpa_supplicant?expand=0&rev=76
This commit is contained in:
Dominique Leuenberger
2019-11-11 11:57:37 +00:00
committed by Git OBS Bridge
parent 890dcf38d2 097b103e9e
commit c399e0d733
20 changed files with 203 additions and 1387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
View File

@@ -1,174 +0,0 @@
From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Date: Fri, 14 Jul 2017 15:15:35 +0200
Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
Do not reinstall TK to the driver during Reassociation Response frame
processing if the first attempt of setting the TK succeeded. This avoids
issues related to clearing the TX/RX PN that could result in reusing
same PN values for transmitted frames (e.g., due to CCM nonce reuse and
also hitting replay protection on the receiver) and accepting replayed
frames on RX side.
This issue was introduced by the commit
0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
authenticator') which allowed wpa_ft_install_ptk() to be called multiple
times with the same PTK. While the second configuration attempt is
needed with some drivers, it must be done only if the first attempt
failed.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
---
src/ap/ieee802_11.c | 16 +++++++++++++---
src/ap/wpa_auth.c | 11 +++++++++++
src/ap/wpa_auth.h | 3 ++-
src/ap/wpa_auth_ft.c | 10 ++++++++++
src/ap/wpa_auth_i.h | 1 +
5 files changed, 37 insertions(+), 4 deletions(-)
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 4e04169..333035f 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
{
struct ieee80211_ht_capabilities ht_cap;
struct ieee80211_vht_capabilities vht_cap;
+ int set = 1;
/*
* Remove the STA entry to ensure the STA PS state gets cleared and
@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
* FT-over-the-DS, where a station re-associates back to the same AP but
* skips the authentication flow, or if working with a driver that
* does not support full AP client state.
+ *
+ * Skip this if the STA has already completed FT reassociation and the
+ * TK has been configured since the TX/RX PN must not be reset to 0 for
+ * the same key.
*/
- if (!sta->added_unassoc)
+ if (!sta->added_unassoc &&
+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
hostapd_drv_sta_remove(hapd, sta->addr);
+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
+ set = 0;
+ }
#ifdef CONFIG_IEEE80211N
if (sta->flags & WLAN_STA_HT)
@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
sta->vht_opmode, sta->p2p_ie ? 1 : 0,
- sta->added_unassoc)) {
+ set)) {
hostapd_logger(hapd, sta->addr,
HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
"Could not %s STA to kernel driver",
- sta->added_unassoc ? "set" : "add");
+ set ? "set" : "add");
if (sta->added_unassoc) {
hostapd_drv_sta_remove(hapd, sta->addr);
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 3587086..707971d 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
#else /* CONFIG_IEEE80211R */
break;
#endif /* CONFIG_IEEE80211R */
+ case WPA_DRV_STA_REMOVED:
+ sm->tk_already_set = FALSE;
+ return 0;
}
#ifdef CONFIG_IEEE80211R
@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
}
+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
+{
+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
+ return 0;
+ return sm->tk_already_set;
+}
+
+
int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
struct rsn_pmksa_cache_entry *entry)
{
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 0de8d97..97461b0 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
u8 *data, size_t data_len);
enum wpa_event {
WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
};
void wpa_remove_ptk(struct wpa_state_machine *sm);
int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
struct rsn_pmksa_cache_entry *entry);
struct rsn_pmksa_cache_entry *
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 42242a5..e63b99a 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
return;
}
+ if (sm->tk_already_set) {
+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
+ * PN in the driver */
+ wpa_printf(MSG_DEBUG,
+ "FT: Do not re-install same PTK to the driver");
+ return;
+ }
+
/* FIX: add STA entry to kernel/driver here? The set_key will fail
* most likely without this.. At the moment, STA entry is added only
* after association has been completed. This function will be called
@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
sm->pairwise_set = TRUE;
+ sm->tk_already_set = TRUE;
}
@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
sm->pairwise = pairwise;
sm->PTK_valid = TRUE;
+ sm->tk_already_set = FALSE;
wpa_ft_install_ptk(sm);
buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index 72b7eb3..7fd8f05 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -65,6 +65,7 @@ struct wpa_state_machine {
struct wpa_ptk PTK;
Boolean PTK_valid;
Boolean pairwise_set;
+ Boolean tk_already_set;
int keycount;
Boolean Pair;
struct wpa_key_replay_counter {
--
2.7.4

250
rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
View File

@@ -1,250 +0,0 @@
From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Date: Wed, 12 Jul 2017 16:03:24 +0200
Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
Track the current GTK and IGTK that is in use and when receiving a
(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
not install the given key if it is already in use. This prevents an
attacker from trying to trick the client into resetting or lowering the
sequence counter associated to the group key.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
---
src/common/wpa_common.h | 11 +++++
src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
src/rsn_supp/wpa_i.h | 4 ++
3 files changed, 87 insertions(+), 44 deletions(-)
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index af1d0f0..d200285 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -217,6 +217,17 @@ struct wpa_ptk {
size_t tk_len;
};
+struct wpa_gtk {
+ u8 gtk[WPA_GTK_MAX_LEN];
+ size_t gtk_len;
+};
+
+#ifdef CONFIG_IEEE80211W
+struct wpa_igtk {
+ u8 igtk[WPA_IGTK_MAX_LEN];
+ size_t igtk_len;
+};
+#endif /* CONFIG_IEEE80211W */
/* WPA IE version 1
* 00-50-f2:1 (OUI:OUI type)
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 3c47879..95bd7be 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
const u8 *_gtk = gd->gtk;
u8 gtk_buf[32];
+ /* Detect possible key reinstallation */
+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
+ gd->keyidx, gd->tx, gd->gtk_len);
+ return 0;
+ }
+
wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
}
os_memset(gtk_buf, 0, sizeof(gtk_buf));
+ sm->gtk.gtk_len = gd->gtk_len;
+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
+
return 0;
}
@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
}
+#ifdef CONFIG_IEEE80211W
+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+ const struct wpa_igtk_kde *igtk)
+{
+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
+
+ /* Detect possible key reinstallation */
+ if (sm->igtk.igtk_len == len &&
+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
+ keyidx);
+ return 0;
+ }
+
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
+ keyidx, MAC2STR(igtk->pn));
+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
+ if (keyidx > 4095) {
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: Invalid IGTK KeyID %d", keyidx);
+ return -1;
+ }
+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+ broadcast_ether_addr,
+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
+ igtk->igtk, len) < 0) {
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: Failed to configure IGTK to the driver");
+ return -1;
+ }
+
+ sm->igtk.igtk_len = len;
+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
+
+ return 0;
+}
+#endif /* CONFIG_IEEE80211W */
+
+
static int ieee80211w_set_keys(struct wpa_sm *sm,
struct wpa_eapol_ie_parse *ie)
{
@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
if (ie->igtk) {
size_t len;
const struct wpa_igtk_kde *igtk;
- u16 keyidx;
+
len = wpa_cipher_key_len(sm->mgmt_group_cipher);
if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
return -1;
+
igtk = (const struct wpa_igtk_kde *) ie->igtk;
- keyidx = WPA_GET_LE16(igtk->keyid);
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
- "pn %02x%02x%02x%02x%02x%02x",
- keyidx, MAC2STR(igtk->pn));
- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
- igtk->igtk, len);
- if (keyidx > 4095) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- "WPA: Invalid IGTK KeyID %d", keyidx);
- return -1;
- }
- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
- broadcast_ether_addr,
- keyidx, 0, igtk->pn, sizeof(igtk->pn),
- igtk->igtk, len) < 0) {
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- "WPA: Failed to configure IGTK to the driver");
+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
return -1;
- }
}
return 0;
@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
*/
void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
{
- int clear_ptk = 1;
+ int clear_keys = 1;
if (sm == NULL)
return;
@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
/* Prepare for the next transition */
wpa_ft_prepare_auth_request(sm, NULL);
- clear_ptk = 0;
+ clear_keys = 0;
}
#endif /* CONFIG_IEEE80211R */
- if (clear_ptk) {
+ if (clear_keys) {
/*
* IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
* this is not part of a Fast BSS Transition.
@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
sm->tptk_set = 0;
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
+#ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
+#endif /* CONFIG_IEEE80211W */
}
#ifdef CONFIG_TDLS
@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
os_memset(sm->pmk, 0, sizeof(sm->pmk));
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
+#ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
+#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_IEEE80211R
os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
os_memset(&gd, 0, sizeof(gd));
#ifdef CONFIG_IEEE80211W
} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
- struct wpa_igtk_kde igd;
- u16 keyidx;
-
- os_memset(&igd, 0, sizeof(igd));
- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
- os_memcpy(igd.keyid, buf + 2, 2);
- os_memcpy(igd.pn, buf + 4, 6);
-
- keyidx = WPA_GET_LE16(igd.keyid);
- os_memcpy(igd.igtk, buf + 10, keylen);
-
- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
- igd.igtk, keylen);
- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
- broadcast_ether_addr,
- keyidx, 0, igd.pn, sizeof(igd.pn),
- igd.igtk, keylen) < 0) {
- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
- "WNM mode");
- os_memset(&igd, 0, sizeof(igd));
+ const struct wpa_igtk_kde *igtk;
+
+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
return -1;
- }
- os_memset(&igd, 0, sizeof(igd));
#endif /* CONFIG_IEEE80211W */
} else {
wpa_printf(MSG_DEBUG, "Unknown element id");
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index f653ba6..afc9e37 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -31,6 +31,10 @@ struct wpa_sm {
u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
int rx_replay_counter_set;
u8 request_counter[WPA_REPLAY_COUNTER_LEN];
+ struct wpa_gtk gtk;
+#ifdef CONFIG_IEEE80211W
+ struct wpa_igtk igtk;
+#endif /* CONFIG_IEEE80211W */
struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
--
2.7.4

184
rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
View File

@@ -1,184 +0,0 @@
From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 1 Oct 2017 12:12:24 +0300
Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
Mode cases
This extends the protection to track last configured GTK/IGTK value
separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
corner case where these two different mechanisms may get used when the
GTK/IGTK has changed and tracking a single value is not sufficient to
detect a possible key reconfiguration.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
src/rsn_supp/wpa_i.h | 2 ++
2 files changed, 40 insertions(+), 15 deletions(-)
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 95bd7be..7a2c68d 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -709,14 +709,17 @@ struct wpa_gtk_data {
static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
const struct wpa_gtk_data *gd,
- const u8 *key_rsc)
+ const u8 *key_rsc, int wnm_sleep)
{
const u8 *_gtk = gd->gtk;
u8 gtk_buf[32];
/* Detect possible key reinstallation */
- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
gd->keyidx, gd->tx, gd->gtk_len);
@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
}
os_memset(gtk_buf, 0, sizeof(gtk_buf));
- sm->gtk.gtk_len = gd->gtk_len;
- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
+ if (wnm_sleep) {
+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
+ sm->gtk_wnm_sleep.gtk_len);
+ } else {
+ sm->gtk.gtk_len = gd->gtk_len;
+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
+ }
return 0;
}
@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
(wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
gtk_len, gtk_len,
&gd.key_rsc_len, &gd.alg) ||
- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"RSN: Failed to install GTK");
os_memset(&gd, 0, sizeof(gd));
@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
#ifdef CONFIG_IEEE80211W
static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
- const struct wpa_igtk_kde *igtk)
+ const struct wpa_igtk_kde *igtk,
+ int wnm_sleep)
{
size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
u16 keyidx = WPA_GET_LE16(igtk->keyid);
/* Detect possible key reinstallation */
- if (sm->igtk.igtk_len == len &&
- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
+ if ((sm->igtk.igtk_len == len &&
+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
+ (sm->igtk_wnm_sleep.igtk_len == len &&
+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
keyidx);
@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
return -1;
}
- sm->igtk.igtk_len = len;
- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
+ if (wnm_sleep) {
+ sm->igtk_wnm_sleep.igtk_len = len;
+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
+ sm->igtk_wnm_sleep.igtk_len);
+ } else {
+ sm->igtk.igtk_len = len;
+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
+ }
return 0;
}
@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
return -1;
igtk = (const struct wpa_igtk_kde *) ie->igtk;
- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
return -1;
}
@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
key_rsc = null_rsc;
- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
goto failed;
os_memset(&gd, 0, sizeof(gd));
@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
sm->tptk_set = 0;
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
os_memset(&sm->gtk, 0, sizeof(sm->gtk));
+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
#ifdef CONFIG_IEEE80211W
os_memset(&sm->igtk, 0, sizeof(sm->igtk));
+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
#endif /* CONFIG_IEEE80211W */
}
@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
os_memset(&sm->gtk, 0, sizeof(sm->gtk));
+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
#ifdef CONFIG_IEEE80211W
os_memset(&sm->igtk, 0, sizeof(sm->igtk));
+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_IEEE80211R
os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
gd.gtk, gd.gtk_len);
- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
os_memset(&gd, 0, sizeof(gd));
wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
"WNM mode");
@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
const struct wpa_igtk_kde *igtk;
igtk = (const struct wpa_igtk_kde *) (buf + 2);
- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
return -1;
#endif /* CONFIG_IEEE80211W */
} else {
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index afc9e37..9a54631 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -32,8 +32,10 @@ struct wpa_sm {
int rx_replay_counter_set;
u8 request_counter[WPA_REPLAY_COUNTER_LEN];
struct wpa_gtk gtk;
+ struct wpa_gtk gtk_wnm_sleep;
#ifdef CONFIG_IEEE80211W
struct wpa_igtk igtk;
+ struct wpa_igtk igtk_wnm_sleep;
#endif /* CONFIG_IEEE80211W */
struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
--
2.7.4

79
rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
View File

@@ -1,79 +0,0 @@
From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Date: Fri, 29 Sep 2017 04:22:51 +0200
Subject: [PATCH 4/8] Prevent installation of an all-zero TK
Properly track whether a PTK has already been installed to the driver
and the TK part cleared from memory. This prevents an attacker from
trying to trick the client into installing an all-zero TK.
This fixes the earlier fix in commit
ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
driver in EAPOL-Key 3/4 retry case') which did not take into account
possibility of an extra message 1/4 showing up between retries of
message 3/4.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
---
src/common/wpa_common.h | 1 +
src/rsn_supp/wpa.c | 5 ++---
src/rsn_supp/wpa_i.h | 1 -
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index d200285..1021ccb 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -215,6 +215,7 @@ struct wpa_ptk {
size_t kck_len;
size_t kek_len;
size_t tk_len;
+ int installed; /* 1 if key has already been installed to driver */
};
struct wpa_gtk {
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 7a2c68d..0550a41 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
os_memset(buf, 0, sizeof(buf));
}
sm->tptk_set = 1;
- sm->tk_to_set = 1;
kde = sm->assoc_wpa_ie;
kde_len = sm->assoc_wpa_ie_len;
@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
enum wpa_alg alg;
const u8 *key_rsc;
- if (!sm->tk_to_set) {
+ if (sm->ptk.installed) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"WPA: Do not re-install same PTK to the driver");
return 0;
@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
/* TK is not needed anymore in supplicant */
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
- sm->tk_to_set = 0;
+ sm->ptk.installed = 1;
if (sm->wpa_ptk_rekey) {
eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index 9a54631..41f371f 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -24,7 +24,6 @@ struct wpa_sm {
struct wpa_ptk ptk, tptk;
int ptk_set, tptk_set;
unsigned int msg_3_of_4_ok:1;
- unsigned int tk_to_set:1;
u8 snonce[WPA_NONCE_LEN];
u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
int renew_snonce;
--
2.7.4

64
rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
View File

@@ -1,64 +0,0 @@
From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 1 Oct 2017 12:32:57 +0300
Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
The Authenticator state machine path for PTK rekeying ended up bypassing
the AUTHENTICATION2 state where a new ANonce is generated when going
directly to the PTKSTART state since there is no need to try to
determine the PMK again in such a case. This is far from ideal since the
new PTK would depend on a new nonce only from the supplicant.
Fix this by generating a new ANonce when moving to the PTKSTART state
for the purpose of starting new 4-way handshake to rekey PTK.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 707971d..bf10cc1 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
}
+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
+{
+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
+ wpa_printf(MSG_ERROR,
+ "WPA: Failed to get random data for ANonce");
+ sm->Disconnect = TRUE;
+ return -1;
+ }
+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
+ WPA_NONCE_LEN);
+ sm->TimeoutCtr = 0;
+ return 0;
+}
+
+
SM_STATE(WPA_PTK, INITPMK)
{
u8 msk[2 * PMK_LEN];
@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
SM_ENTER(WPA_PTK, AUTHENTICATION);
else if (sm->ReAuthenticationRequest)
SM_ENTER(WPA_PTK, AUTHENTICATION2);
- else if (sm->PTKRequest)
- SM_ENTER(WPA_PTK, PTKSTART);
- else switch (sm->wpa_ptk_state) {
+ else if (sm->PTKRequest) {
+ if (wpa_auth_sm_ptk_update(sm) < 0)
+ SM_ENTER(WPA_PTK, DISCONNECTED);
+ else
+ SM_ENTER(WPA_PTK, PTKSTART);
+ } else switch (sm->wpa_ptk_state) {
case WPA_PTK_INITIALIZE:
break;
case WPA_PTK_DISCONNECT:
--
2.7.4

132
rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
View File

@@ -1,132 +0,0 @@
From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Fri, 22 Sep 2017 11:03:15 +0300
Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
Do not try to reconfigure the same TPK-TK to the driver after it has
been successfully configured. This is an explicit check to avoid issues
related to resetting the TX/RX packet number. There was already a check
for this for TPK M2 (retries of that message are ignored completely), so
that behavior does not get modified.
For TPK M3, the TPK-TK could have been reconfigured, but that was
followed by immediate teardown of the link due to an issue in updating
the STA entry. Furthermore, for TDLS with any real security (i.e.,
ignoring open/WEP), the TPK message exchange is protected on the AP path
and simple replay attacks are not feasible.
As an additional corner case, make sure the local nonce gets updated if
the peer uses a very unlikely "random nonce" of all zeros.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
1 file changed, 36 insertions(+), 2 deletions(-)
diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
index e424168..9eb9738 100644
--- a/src/rsn_supp/tdls.c
+++ b/src/rsn_supp/tdls.c
@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
} tpk;
int tpk_set;
+ int tk_set; /* TPK-TK configured to the driver */
int tpk_success;
int tpk_in_progress;
@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
u8 rsc[6];
enum wpa_alg alg;
+ if (peer->tk_set) {
+ /*
+ * This same TPK-TK has already been configured to the driver
+ * and this new configuration attempt (likely due to an
+ * unexpected retransmitted frame) would result in clearing
+ * the TX/RX sequence number which can break security, so must
+ * not allow that to happen.
+ */
+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
+ " has already been configured to the driver - do not reconfigure",
+ MAC2STR(peer->addr));
+ return -1;
+ }
+
os_memset(rsc, 0, 6);
switch (peer->cipher) {
@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
return -1;
}
+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
+ MAC2STR(peer->addr));
if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
"driver");
return -1;
}
+ peer->tk_set = 1;
return 0;
}
@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
peer->cipher = 0;
peer->qos_info = 0;
peer->wmm_capable = 0;
- peer->tpk_set = peer->tpk_success = 0;
+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
peer->chan_switch_enabled = 0;
os_memset(&peer->tpk, 0, sizeof(peer->tpk));
os_memset(peer->inonce, 0, WPA_NONCE_LEN);
@@ -1159,6 +1177,7 @@ skip_rsnie:
wpa_tdls_peer_free(sm, peer);
return -1;
}
+ peer->tk_set = 0; /* A new nonce results in a new TK */
wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
peer->inonce, WPA_NONCE_LEN);
os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
}
+static int tdls_nonce_set(const u8 *nonce)
+{
+ int i;
+
+ for (i = 0; i < WPA_NONCE_LEN; i++) {
+ if (nonce[i])
+ return 1;
+ }
+
+ return 0;
+}
+
+
static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
const u8 *buf, size_t len)
{
@@ -2004,7 +2036,8 @@ skip_rsn:
peer->rsnie_i_len = kde.rsn_ie_len;
peer->cipher = cipher;
- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
+ !tdls_nonce_set(peer->inonce)) {
/*
* There is no point in updating the RNonce for every obtained
* TPK M1 frame (e.g., retransmission due to timeout) with the
@@ -2020,6 +2053,7 @@ skip_rsn:
"TDLS: Failed to get random data for responder nonce");
goto error;
}
+ peer->tk_set = 0; /* A new nonce results in a new TK */
}
#if 0
--
2.7.4

43
rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
View File

@@ -1,43 +0,0 @@
From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Fri, 22 Sep 2017 11:25:02 +0300
Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
request
Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
Mode Response if WNM-Sleep Mode has not been used') started ignoring the
response when no WNM-Sleep Mode Request had been used during the
association. This can be made tighter by clearing the used flag when
successfully processing a response. This adds an additional layer of
protection against unexpected retransmissions of the response frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
wpa_supplicant/wnm_sta.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
index 1b3409c..67a07ff 100644
--- a/wpa_supplicant/wnm_sta.c
+++ b/wpa_supplicant/wnm_sta.c
@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
if (!wpa_s->wnmsleep_used) {
wpa_printf(MSG_DEBUG,
- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
+ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
return;
}
@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
return;
}
+ wpa_s->wnmsleep_used = 0;
+
if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
--
2.7.4

82
rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
View File

@@ -1,82 +0,0 @@
From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Fri, 22 Sep 2017 12:06:37 +0300
Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
The driver is expected to not report a second association event without
the station having explicitly request a new association. As such, this
case should not be reachable. However, since reconfiguring the same
pairwise or group keys to the driver could result in nonce reuse issues,
be extra careful here and do an additional state check to avoid this
even if the local driver ends up somehow accepting an unexpected
Reassociation Response frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/rsn_supp/wpa.c | 3 +++
src/rsn_supp/wpa_ft.c | 8 ++++++++
src/rsn_supp/wpa_i.h | 1 +
3 files changed, 12 insertions(+)
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 0550a41..2a53c6f 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
#ifdef CONFIG_TDLS
wpa_tdls_disassoc(sm);
#endif /* CONFIG_TDLS */
+#ifdef CONFIG_IEEE80211R
+ sm->ft_reassoc_completed = 0;
+#endif /* CONFIG_IEEE80211R */
/* Keys are not needed in the WPA state machine anymore */
wpa_sm_drop_sa(sm);
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 205793e..d45bb45 100644
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
u16 capab;
sm->ft_completed = 0;
+ sm->ft_reassoc_completed = 0;
buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
2 + sm->r0kh_id_len + ric_ies_len + 100;
@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
return -1;
}
+ if (sm->ft_reassoc_completed) {
+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
+ return 0;
+ }
+
if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
return -1;
@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
return -1;
}
+ sm->ft_reassoc_completed = 1;
+
if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
return -1;
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index 41f371f..56f88dc 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -128,6 +128,7 @@ struct wpa_sm {
size_t r0kh_id_len;
u8 r1kh_id[FT_R1KH_ID_LEN];
int ft_completed;
+ int ft_reassoc_completed;
int over_the_ds_in_progress;
u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
int set_ptk_after_assoc;
--
2.7.4

44
rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
View File

@@ -1,44 +0,0 @@
From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Date: Sun, 15 Jul 2018 01:25:53 +0200
Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data
Ignore unauthenticated encrypted EAPOL-Key data in supplicant
processing. When using WPA2, these are frames that have the Encrypted
flag set, but not the MIC flag.
When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
not the MIC flag, had their data field decrypted without first verifying
the MIC. In case the data field was encrypted using RC4 (i.e., when
negotiating TKIP as the pairwise cipher), this meant that
unauthenticated but decrypted data would then be processed. An adversary
could abuse this as a decryption oracle to recover sensitive information
in the data field of EAPOL-Key messages (e.g., the group key).
(CVE-2018-14526)
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
---
src/rsn_supp/wpa.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff -upr wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c wpa_supplicant-2.6/src/rsn_supp/wpa.c
--- wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c 2016-10-02 21:51:11.000000000 +0300
+++ wpa_supplicant-2.6/src/rsn_supp/wpa.c 2018-08-08 16:55:11.506831029 +0300
@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c
if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
+ /*
+ * Only decrypt the Key Data field if the frame's authenticity
+ * was verified. When using AES-SIV (FILS), the MIC flag is not
+ * set, so this check should only be performed if mic_len != 0
+ * which is the case in this code branch.
+ */
+ if (!(key_info & WPA_KEY_INFO_MIC)) {
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
+ goto out;
+ }
if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
&key_data_len))
goto out;

3
wpa_supplicant-2.6.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450
size 2753524

3
wpa_supplicant-2.9.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17
size 3231785

71
wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch
View File

@@ -1,71 +0,0 @@
commit 89971d8b1e328a2f79699c953625d1671fd40384
Author: Jouni Malinen <j@w1.fi>
Date: Mon Jul 17 12:06:17 2017 +0300
OpenSSL: Clear default_passwd_cb more thoroughly
Previously, the pointer to strdup passwd was left in OpenSSL library
default_passwd_cb_userdata and even the default_passwd_cb was left set
on an error path. To avoid unexpected behavior if something were to
manage to use there pointers, clear them explicitly once done with
loading of the private key.
Signed-off-by: Jouni Malinen <j@w1.fi>
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index c790b53ea..903c38cff 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2775,6 +2775,19 @@ static int tls_connection_engine_private_key(struct tls_connection *conn)
}
+static void tls_clear_default_passwd_cb(SSL_CTX *ssl_ctx, SSL *ssl)
+{
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ if (ssl) {
+ SSL_set_default_passwd_cb(ssl, NULL);
+ SSL_set_default_passwd_cb_userdata(ssl, NULL);
+ }
+#endif /* >= 1.1.0f && !LibreSSL */
+ SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
+ SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, NULL);
+}
+
+
static int tls_connection_private_key(struct tls_data *data,
struct tls_connection *conn,
const char *private_key,
@@ -2891,14 +2904,12 @@ static int tls_connection_private_key(struct tls_data *data,
if (!ok) {
tls_show_errors(MSG_INFO, __func__,
"Failed to load private key");
+ tls_clear_default_passwd_cb(ssl_ctx, conn->ssl);
os_free(passwd);
return -1;
}
ERR_clear_error();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- SSL_set_default_passwd_cb(conn->ssl, NULL);
-#endif /* >= 1.1.0f && !LibreSSL */
- SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
+ tls_clear_default_passwd_cb(ssl_ctx, conn->ssl);
os_free(passwd);
if (!SSL_check_private_key(conn->ssl)) {
@@ -2941,13 +2952,14 @@ static int tls_global_private_key(struct tls_data *data,
tls_read_pkcs12(data, NULL, private_key, passwd)) {
tls_show_errors(MSG_INFO, __func__,
"Failed to load private key");
+ tls_clear_default_passwd_cb(ssl_ctx, NULL);
os_free(passwd);
ERR_clear_error();
return -1;
}
+ tls_clear_default_passwd_cb(ssl_ctx, NULL);
os_free(passwd);
ERR_clear_error();
- SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
if (!SSL_CTX_check_private_key(ssl_ctx)) {
tls_show_errors(MSG_INFO, __func__,

43
wpa_supplicant-bnc-1099835-fix-private-key-password.patch
View File

@@ -1,43 +0,0 @@
commit f665c93e1d28fbab3d9127a8c3985cc32940824f
Author: Beniamino Galvani <bgalvani@redhat.com>
Date: Sun Jul 9 11:14:10 2017 +0200
OpenSSL: Fix private key password handling with OpenSSL >= 1.1.0f
Since OpenSSL version 1.1.0f, SSL_use_PrivateKey_file() uses the
callback from the SSL object instead of the one from the CTX, so let's
set the callback on both SSL and CTX. Note that
SSL_set_default_passwd_cb*() is available only in 1.1.0.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index fd94eaf46..c790b53ea 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2796,6 +2796,15 @@ static int tls_connection_private_key(struct tls_data *data,
} else
passwd = NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ /*
+ * In OpenSSL >= 1.1.0f SSL_use_PrivateKey_file() uses the callback
+ * from the SSL object. See OpenSSL commit d61461a75253.
+ */
+ SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb);
+ SSL_set_default_passwd_cb_userdata(conn->ssl, passwd);
+#endif /* >= 1.1.0f && !LibreSSL */
+ /* Keep these for OpenSSL < 1.1.0f */
SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
@@ -2886,6 +2895,9 @@ static int tls_connection_private_key(struct tls_data *data,
return -1;
}
ERR_clear_error();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ SSL_set_default_passwd_cb(conn->ssl, NULL);
+#endif /* >= 1.1.0f && !LibreSSL */
SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
os_free(passwd);

24
wpa_supplicant-getrandom.patch
View File

@@ -1,5 +1,7 @@
--- wpa_supplicant-2.4.orig/src/utils/os_unix.c
+++ wpa_supplicant-2.4/src/utils/os_unix.c
Index: wpa_supplicant-2.9/src/utils/os_unix.c
===================================================================
--- wpa_supplicant-2.9.orig/src/utils/os_unix.c
+++ wpa_supplicant-2.9/src/utils/os_unix.c
@@ -6,11 +6,15 @@
* See README for more details.
*/
@@ -17,28 +19,28 @@
#ifdef ANDROID
#include <sys/capability.h>
#include <sys/prctl.h>
@@ -223,6 +227,10 @@ void os_daemonize_terminate(const char *
int os_get_random(unsigned char *buf, size_t len)
{
@@ -257,6 +261,10 @@ int os_get_random(unsigned char *buf, si
buf[i] = i & 0xff;
return 0;
#else /* TEST_FUZZ */
+#ifdef SYS_getrandom
+ int gr = TEMP_FAILURE_RETRY(syscall(SYS_getrandom, buf, len, 0));
+ return (gr != -1 && gr == len) ? 0 : -1;
+#else
+#else /* SYS_getrandom */
FILE *f;
size_t rc;
@@ -232,10 +240,13 @@ int os_get_random(unsigned char *buf, si
@@ -269,10 +277,13 @@ int os_get_random(unsigned char *buf, si
return -1;
}
+ setbuf(f, NULL);
+ setbuf(f, NULL);
+
rc = fread(buf, 1, len, f);
fclose(f);
return rc != len ? -1 : 0;
+#endif
+#endif /* SYS_getrandom */
#endif /* TEST_FUZZ */
}

33
wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch
View File

@@ -1,33 +0,0 @@
commit f5b74b966c942feb95a8ddbb7d130540b15b796d
Author: Beniamino Galvani <bgalvani@redhat.com>
Date: Mon Oct 30 11:14:40 2017 +0100
common: Avoid conflict with __bitwise macro from linux/types.h
Undefine the __bitwise macro before defining it to avoid conflicts
with the one from linux/types.h; the same is done some lines above
when __CHECKER__ is defined. Fixes the following warning:
In file included from ../src/l2_packet/l2_packet_linux.c:15:0:
hostap/src/utils/common.h:438:0: warning: "__bitwise" redefined
#define __bitwise
In file included from /usr/include/linux/filter.h:9:0,
from ../src/l2_packet/l2_packet_linux.c:13:
/usr/include/linux/types.h:21:0: note: this is the location of the previous definition
#define __bitwise __bitwise__
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
diff --git a/src/utils/common.h b/src/utils/common.h
index 46e96a65b..fec7f6013 100644
--- a/src/utils/common.h
+++ b/src/utils/common.h
@@ -435,6 +435,7 @@ void perror(const char *s);
#define __bitwise __attribute__((bitwise))
#else
#define __force
+#undef __bitwise
#define __bitwise
#endif

39
wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch
View File

@@ -1,39 +0,0 @@
commit fa67debf4c6ddbc881a212b175faa6d5d0d90c8c
Author: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Sat Jan 14 01:04:31 2017 +0200
Fix duplicate Reassociation Request frame dropping
Relational operators (==) have higher precedence than the ternary
conditional in C. The last_subtype check for association/reassociation
was broken due to incorrect assumption about the precedence. Fix this by
adding parenthesis around the ternary conditional.
The previous implementation worked for Association Request frames by
accident since WLAN_FC_STYPE_ASSOC_REQ happens to have value 0 and when
the last receive frame was an Association Request frame, the
sta->last_subtype == reassoc check was true and non-zero
WLAN_FC_STYPE_REASSOC_REQ was interpreted as true. However, this was
broken for Reassociation Request frame. reassoc == 1 in that case could
have matched received Association Response frame (subtype == 1), but
those are not received in AP mode and as such, this did not break other
behavior apart from not being able to drop duplicated Reassociation
Request frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 060b63517..92a7ec6db 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2527,8 +2527,8 @@ static void handle_assoc(struct hostapd_data *hapd,
if ((fc & WLAN_FC_RETRY) &&
sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
sta->last_seq_ctrl == seq_ctrl &&
- sta->last_subtype == reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
- WLAN_FC_STYPE_ASSOC_REQ) {
+ sta->last_subtype == (reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
+ WLAN_FC_STYPE_ASSOC_REQ)) {
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG,
"Drop repeated association frame seq_ctrl=0x%x",

47
wpa_supplicant-log-file-cloexec.patch
View File

@@ -1,47 +0,0 @@
From a386bc4950e02975ba9a21a5be82e91a53ec9281 Mon Sep 17 00:00:00 2001
From: Karol Babioch <karol@babioch.de>
Date: Thu, 11 Oct 2018 21:22:03 +0200
Subject: [PATCH v3 2/2] Enable the close-on-exec flag for the debug log file
descriptor
On Linux this flag will make sure that no file descriptor is accidentally
leaked into potential child processes. While this is not a problem right now,
it is considered to be good practice these days when dealing with file
descriptors on the Linux.
Signed-off-by: Karol Babioch <karol@babioch.de>
---
src/utils/wpa_debug.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c
index 5d2f7becb..12873737c 100644
--- a/src/utils/wpa_debug.c
+++ b/src/utils/wpa_debug.c
@@ -60,6 +60,9 @@ static int wpa_to_android_level(int level)
#ifdef CONFIG_DEBUG_FILE
#include <sys/types.h>
#include <sys/stat.h>
+#ifdef __linux__
+#include <fcntl.h>
+#endif /* __linux__ */
static FILE *out_file = NULL;
#endif /* CONFIG_DEBUG_FILE */
@@ -566,6 +569,13 @@ int wpa_debug_open_file(const char *path)
close(out_fd);
return -1;
}
+
+#ifdef __linux__
+ if (fcntl(out_fd, F_SETFD, FD_CLOEXEC) == -1) {
+ wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to set O_CLOEXEC "
+ "on output file descriptor, using standard output");
+ }
+#endif /* __linux__ */
#ifndef _WIN32
setvbuf(out_file, NULL, _IOLBF, 0);
#endif /* _WIN32 */
--
2.19.1

69
wpa_supplicant-log-file-permission.patch
View File

@@ -1,69 +0,0 @@
From 2fb45cd0370f1bc6d452df15dc1f7bf6575ed55c Mon Sep 17 00:00:00 2001
From: Karol Babioch <karol@babioch.de>
Date: Thu, 11 Oct 2018 21:21:30 +0200
Subject: [PATCH v3 1/2] Create debug log file with more sane file permissions
Previously the file permissions for the debug log file were not explicitly set.
Instead it was implicitly relying on a secure umask, which in most cases would
result in a file that is world-readable. This is a violation of good
practices, since not very user of a file should have access to sensitive
information that might be contained in the debug log file.
This commit will explicitly set sane default file permissions in case
the file is newly created.
Unfortunately the fopen(3) function does not provide such a facility, so the
approach needs to be changed in the following way:
1.) The file descriptor needs to be created manually using the open(3)
function with the correct flags and the desired mode set.
2.) fdopen(3) can then be used on the file descriptor to associate a
file stream with it.
Note: This modification will not change the file permissions of any already
existing debug log files, and only applies to newly created ones.
Signed-off-by: Karol Babioch <karol@babioch.de>
---
src/utils/wpa_debug.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c
index 62758d864..5d2f7becb 100644
--- a/src/utils/wpa_debug.c
+++ b/src/utils/wpa_debug.c
@@ -58,6 +58,9 @@ static int wpa_to_android_level(int level)
#ifndef CONFIG_NO_STDOUT_DEBUG
#ifdef CONFIG_DEBUG_FILE
+#include <sys/types.h>
+#include <sys/stat.h>
+
static FILE *out_file = NULL;
#endif /* CONFIG_DEBUG_FILE */
@@ -548,10 +551,19 @@ int wpa_debug_open_file(const char *path)
last_path = os_strdup(path);
}
- out_file = fopen(path, "a");
+ int out_fd = -1;
+ out_fd = open(path, O_CREAT | O_WRONLY | O_APPEND, S_IRUSR | S_IWUSR | S_IRGRP);
+ if (out_fd < 0) {
+ wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open "
+ "output file descriptor, using standard output");
+ return -1;
+ }
+
+ out_file = fdopen(out_fd, "a");
if (out_file == NULL) {
wpa_printf(MSG_ERROR, "wpa_debug_open_file: Failed to open "
"output file, using standard output");
+ close(out_fd);
return -1;
}
#ifndef _WIN32
--
2.19.1

185
wpa_supplicant.changes
View File

@@ -1,3 +1,188 @@
-------------------------------------------------------------------
Mon Nov 4 10:57:57 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 2.9 release:
* SAE changes
- disable use of groups using Brainpool curves
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* EAP-pwd changes
- disable use of groups using Brainpool curves
- allow the set of groups to be configured (eap_pwd_groups)
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
(disabled by default for backwards compatibility; can be enabled
with ft_eap_pmksa_caching=1)
* fixed a regression in OpenSSL 1.1+ engine loading
* added validation of RSNE in (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
* extended ca_cert_blob to support PEM format
* improved robustness of P2P Action frame scheduling
* added support for EAP-SIM/AKA using anonymous@realm identity
* fixed Hotspot 2.0 credential selection based on roaming consortium
to ignore credentials without a specific EAP method
* added experimental support for EAP-TEAP peer (RFC 7170)
* added experimental support for EAP-TLS peer with TLS v1.3
* fixed a regression in WMM parameter configuration for a TDLS peer
* fixed a regression in operation with drivers that offload 802.1X
4-way handshake
* fixed an ECDH operation corner case with OpenSSL
* SAE changes
- added support for SAE Password Identifier
- changed default configuration to enable only groups 19, 20, 21
(i.e., disable groups 25 and 26) and disable all unsuitable groups
completely based on REVmd changes
- do not regenerate PWE unnecessarily when the AP uses the
anti-clogging token mechanisms
- fixed some association cases where both SAE and FT-SAE were enabled
on both the station and the selected AP
- started to prefer FT-SAE over SAE AKM if both are enabled
- started to prefer FT-SAE over FT-PSK if both are enabled
- fixed FT-SAE when SAE PMKSA caching is used
- reject use of unsuitable groups based on new implementation guidance
in REVmd (allow only FFC groups with prime >= 3072 bits and ECC
groups with prime >= 256)
- minimize timing and memory use differences in PWE derivation
[https://w1.fi/security/2019-1/] (CVE-2019-9494)
* EAP-pwd changes
- minimize timing and memory use differences in PWE derivation
[https://w1.fi/security/2019-2/] (CVE-2019-9495)
- verify server scalar/element
[https://w1.fi/security/2019-4/] (CVE-2019-9499)
- fix message reassembly issue with unexpected fragment
[https://w1.fi/security/2019-5/]
- enforce rand,mask generation rules more strictly
- fix a memory leak in PWE derivation
- disallow ECC groups with a prime under 256 bits (groups 25, 26, and
27)
* fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y
* Hotspot 2.0 changes
- do not indicate release number that is higher than the one
AP supports
- added support for release number 3
- enable PMF automatically for network profiles created from
credentials
* fixed OWE network profile saving
* fixed DPP network profile saving
* added support for RSN operating channel validation
(CONFIG_OCV=y and network profile parameter ocv=1)
* added Multi-AP backhaul STA support
* fixed build with LibreSSL
* number of MKA/MACsec fixes and extensions
* extended domain_match and domain_suffix_match to allow list of values
* fixed dNSName matching in domain_match and domain_suffix_match when
using wolfSSL
* started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both
are enabled
* extended nl80211 Connect and external authentication to support
SAE, FT-SAE, FT-EAP-SHA384
* fixed KEK2 derivation for FILS+FT
* extended client_cert file to allow loading of a chain of PEM
encoded certificates
* extended beacon reporting functionality
* extended D-Bus interface with number of new properties
* fixed a regression in FT-over-DS with mac80211-based drivers
* OpenSSL: allow systemwide policies to be overridden
* extended driver flags indication for separate 802.1X and PSK
4-way handshake offload capability
* added support for random P2P Device/Interface Address use
* extended PEAP to derive EMSK to enable use with ERP/FILS
* extended WPS to allow SAE configuration to be added automatically
for PSK (wps_cred_add_sae=1)
* removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)
* extended domain_match and domain_suffix_match to allow list of values
* added a RSN workaround for misbehaving PMF APs that advertise
IGTK/BIP KeyID using incorrect byte order
* fixed PTK rekeying with FILS and FT
* fixed WPA packet number reuse with replayed messages and key
reinstallation
[https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
* fixed unauthenticated EAPOL-Key decryption in wpa_supplicant
[https://w1.fi/security/2018-1/] (CVE-2018-14526)
* added support for FILS (IEEE 802.11ai) shared key authentication
* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
and transition mode defined by WFA)
* added support for DPP (Wi-Fi Device Provisioning Protocol)
* added support for RSA 3k key case with Suite B 192-bit level
* fixed Suite B PMKSA caching not to update PMKID during each 4-way
handshake
* fixed EAP-pwd pre-processing with PasswordHashHash
* added EAP-pwd client support for salted passwords
* fixed a regression in TDLS prohibited bit validation
* started to use estimated throughput to avoid undesired signal
strength based roaming decision
* MACsec/MKA:
- new macsec_linux driver interface support for the Linux
kernel macsec module
- number of fixes and extensions
* added support for external persistent storage of PMKSA cache
(PMKSA_GET/PMKSA_ADD control interface commands; and
MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)
* fixed mesh channel configuration pri/sec switch case
* added support for beacon report
* large number of other fixes, cleanup, and extensions
* added support for randomizing local address for GAS queries
(gas_rand_mac_addr parameter)
* fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
* added option for using random WPS UUID (auto_uuid=1)
* added SHA256-hash support for OCSP certificate matching
* fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
* fixed a regression in RSN pre-authentication candidate selection
* added option to configure allowed group management cipher suites
(group_mgmt network profile parameter)
* removed all PeerKey functionality
* fixed nl80211 AP and mesh mode configuration regression with
Linux 4.15 and newer
* added ap_isolate configuration option for AP mode
* added support for nl80211 to offload 4-way handshake into the driver
* added support for using wolfSSL cryptographic library
* SAE
- added support for configuring SAE password separately of the
WPA2 PSK/passphrase
- fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
for SAE;
note: this is not backwards compatible, i.e., both the AP and
station side implementations will need to be update at the same
time to maintain interoperability
- added support for Password Identifier
- fixed FT-SAE PMKID matching
* Hotspot 2.0
- added support for fetching of Operator Icon Metadata ANQP-element
- added support for Roaming Consortium Selection element
- added support for Terms and Conditions
- added support for OSEN connection in a shared RSN BSS
- added support for fetching Venue URL information
* added support for using OpenSSL 1.1.1
* FT
- disabled PMKSA caching with FT since it is not fully functional
- added support for SHA384 based AKM
- added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,
BIP-GMAC-256 in addition to previously supported BIP-CMAC-128
- fixed additional IE inclusion in Reassociation Request frame when
using FT protocol
- Drop merged patches:
* rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
* rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
* rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
* rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
* rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
* rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
* rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
* rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
* rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
* wpa_supplicant-bnc-1099835-fix-private-key-password.patch
* wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch
* wpa_supplicant-log-file-permission.patch
* wpa_supplicant-log-file-cloexec.patch
* wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch
* wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch
- Rebase patches:
* wpa_supplicant-getrandom.patch
-------------------------------------------------------------------
Mon Jul 29 12:08:59 UTC 2019 - Илья Индиго <ilya@ilya.pp.ua>

21
wpa_supplicant.spec
View File

@@ -17,11 +17,10 @@
Name: wpa_supplicant
Version: 2.6
Version: 2.9
Release: 0
Summary: WPA supplicant implementation
License: BSD-3-Clause AND GPL-2.0-or-later
Group: Productivity/Networking/Other
URL: https://w1.fi/wpa_supplicant
Source0: https://w1.fi/releases/%{name}-%{version}.tar.gz
Source1: config
@@ -40,22 +39,6 @@ Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch
Patch3: wpa_supplicant-alloc_size.patch
Patch4: wpa_supplicant-getrandom.patch
Patch5: wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff
Patch10: rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
Patch11: rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
Patch12: rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
Patch13: rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
Patch14: rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
Patch15: rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
Patch16: rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
Patch17: rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
Patch18: wpa_supplicant-bnc-1099835-fix-private-key-password.patch
Patch19: wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch
Patch20: rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
Patch21: wpa_supplicant-log-file-permission.patch
Patch22: wpa_supplicant-log-file-cloexec.patch
Patch23: wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch
Patch24: wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch
BuildRequires: openssl-devel
BuildRequires: pkgconfig
BuildRequires: readline-devel
BuildRequires: systemd-rpm-macros
@@ -64,6 +47,7 @@ BuildRequires: pkgconfig(Qt5Gui)
BuildRequires: pkgconfig(Qt5Widgets)
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(libnl-3.0)
BuildRequires: pkgconfig(openssl)
Requires: logrotate
%description
@@ -74,7 +58,6 @@ IEEE 802.11 authentication/association of the wlan driver.
%package gui
Summary: WPA supplicant graphical front-end
Group: System/Monitoring
Requires: wpa_supplicant
%description gui