Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 3843d1babeeba5b183c4564574464eee4a395621^! / .
commit3843d1babeeba5b183c4564574464eee4a395621[log] [tgz]
authorJouni Malinen <jouni@qca.qualcomm.com>Thu Oct 01 18:51:04 2015 +0300
committerGlen Kuhne <kuh@google.com>Fri Sep 29 12:50:51 2017 -0700
tree0a1700432fa30706c7a19b33d89c6a9897a9bdf3
parentcf3d32697462903daaaa0e11bc9031e0366ffa46 [diff]
Fix TK configuration to the driver in EAPOL-Key 3/4 retry case

Commit 7d711541dced759b34313477d5d163e65c5b0131 ('Clear TK part of PTK
after driver key configuration') started clearing TK from memory
immediately after having configured it to the driver when processing
EAPOL-Key message 3/4. While this covered the most common case, it did
not take into account the possibility of the authenticator having to
retry EAPOL-Key message 3/4 in case the first EAPOL-Key message 4/4
response is lost. That case ended up trying to reinstall the same TK to
the driver, but the key was not available anymore.

Fix the EAPOL-Key message 3/4 retry case by configuring TK to the driver
only once. There was no need to try to set the same key after each
EAPOL-Key message 3/4 since TK could not change. If actual PTK rekeying
is used, the new TK will be configured once when processing the new
EAPOL-Key message 3/4 for the first time.

Change-Id: I25ee11313f9059895ae5cf8f26f7f92fba39fbf0
Merged-In: I4ae5e929b3f442d6eaf77bf6b1d594c1feafdfdb
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Glen Kuhne <kuh@google.com>
Bug: 65245581

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 92e2cab..f54e522 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c

@@ -445,6 +445,7 @@
 		os_memset(buf, 0, sizeof(buf));
 	}
 	sm->tptk_set = 1;
+	sm->tk_to_set = 1;
 
 	kde = sm->assoc_wpa_ie;
 	kde_len = sm->assoc_wpa_ie_len;
@@ -550,6 +551,12 @@
 	const u8 *key_rsc;
 	u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
 
+	if (!sm->tk_to_set) {
+		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+			"WPA: Do not re-install same PTK to the driver");
+		return 0;
+	}
+
 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
 		"WPA: Installing PTK to the driver");
 
@@ -585,6 +592,7 @@
 			alg, keylen, MAC2STR(sm->bssid));
 		return -1;
 	}
+	sm->tk_to_set = 0;
 
 	if (sm->wpa_ptk_rekey) {
 		eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);

diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index 0f2083d..b0cd861 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h

@@ -23,6 +23,7 @@
 	size_t pmk_len;
 	struct wpa_ptk ptk, tptk;
 	int ptk_set, tptk_set;
+	unsigned int tk_to_set:1;
 	u8 snonce[WPA_NONCE_LEN];
 	u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
 	int renew_snonce;