Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 37df134b3b1ffc2f8013aae5bc22fa4e51c250a2^! / . / src / ap / wpa_auth.h
commit37df134b3b1ffc2f8013aae5bc22fa4e51c250a2[log] [tgz]
authorMathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>Fri Jul 14 15:15:35 2017 +0200
committerGlen Kuhne <kuh@google.com>Thu Oct 12 11:34:59 2017 -0700
treeb4cbbb5ca068f9f29b68db7dac615900f772743b
parent480c21c67806af61aa94b3e49b6a18daf8d428d6 [diff] [blame]
hostapd: Avoid key reinstallation in FT handshake

Do not reinstall TK to the driver during Reassociation Response frame
processing if the first attempt of setting the TK succeeded. This avoids
issues related to clearing the TX/RX PN that could result in reusing
same PN values for transmitted frames (e.g., due to CCM nonce reuse and
also hitting replay protection on the receiver) and accepting replayed
frames on RX side.

This issue was introduced by the commit
0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
authenticator') which allowed wpa_ft_install_ptk() to be called multiple
times with the same PTK. While the second configuration attempt is
needed with some drivers, it must be done only if the first attempt
failed.

Change-Id: I53725b7ad80653cccb4556e51185b0be9b2fe080
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Signed-off-by: Glen Kuhne <kuh@google.com>
Merged-In: I9d60b25a655eeb2dc19694e49d2f34d537849a13
Bug: 65245581
Test: WiFi integration tests

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 0de8d97..e66f08b 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h

@@ -246,7 +246,7 @@
 	WPA_MGMT_FRAME_PROTECTION_VIOLATION, WPA_INVALID_MGMT_GROUP_CIPHER,
 	WPA_INVALID_MDIE, WPA_INVALID_PROTO
 };
-	
+
 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 			struct wpa_state_machine *sm,
 			const u8 *wpa_ie, size_t wpa_ie_len,
@@ -267,7 +267,7 @@
 		 u8 *data, size_t data_len);
 enum wpa_event {
 	WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
-	WPA_REAUTH_EAPOL, WPA_ASSOC_FT
+	WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
 };
 void wpa_remove_ptk(struct wpa_state_machine *sm);
 int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
@@ -280,6 +280,7 @@
 int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
 			     struct rsn_pmksa_cache_entry *entry);
 struct rsn_pmksa_cache_entry *