Update to new version 0.8.22 from BRCM
- Based on 0c01d65 : Ignore TX status for Data frames from not associated
STA
Change-Id: I2776ff8e292593f407bf5b9177640c512e06bf0d
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index adc69e2..d1b9b4d 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2,14 +2,8 @@
* IEEE 802.11 RSN / WPA Authenticator
* Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
*/
#include "utils/includes.h"
@@ -647,14 +641,14 @@
}
-static int wpa_replay_counter_valid(struct wpa_state_machine *sm,
+static int wpa_replay_counter_valid(struct wpa_key_replay_counter *ctr,
const u8 *replay_counter)
{
int i;
for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
- if (!sm->key_replay[i].valid)
+ if (!ctr[i].valid)
break;
- if (os_memcmp(replay_counter, sm->key_replay[i].counter,
+ if (os_memcmp(replay_counter, ctr[i].counter,
WPA_REPLAY_COUNTER_LEN) == 0)
return 1;
}
@@ -662,6 +656,20 @@
}
+static void wpa_replay_counter_mark_invalid(struct wpa_key_replay_counter *ctr,
+ const u8 *replay_counter)
+{
+ int i;
+ for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
+ if (ctr[i].valid &&
+ (replay_counter == NULL ||
+ os_memcmp(replay_counter, ctr[i].counter,
+ WPA_REPLAY_COUNTER_LEN) == 0))
+ ctr[i].valid = FALSE;
+ }
+}
+
+
#ifdef CONFIG_IEEE80211R
static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
struct wpa_state_machine *sm,
@@ -781,7 +789,14 @@
}
if (sm->wpa == WPA_VERSION_WPA2) {
- if (key->type != EAPOL_KEY_TYPE_RSN) {
+ if (key->type == EAPOL_KEY_TYPE_WPA) {
+ /*
+ * Some deployed station implementations seem to send
+ * msg 4/4 with incorrect type value in WPA2 mode.
+ */
+ wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
+ "with unexpected WPA type in RSN mode");
+ } else if (key->type != EAPOL_KEY_TYPE_RSN) {
wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
"unexpected type %d in RSN mode",
key->type);
@@ -868,11 +883,44 @@
}
if (!(key_info & WPA_KEY_INFO_REQUEST) &&
- !wpa_replay_counter_valid(sm, key->replay_counter)) {
+ !wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
int i;
- wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
- "received EAPOL-Key %s with unexpected "
- "replay counter", msgtxt);
+
+ if (msg == PAIRWISE_2 &&
+ wpa_replay_counter_valid(sm->prev_key_replay,
+ key->replay_counter) &&
+ sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
+ os_memcmp(sm->SNonce, key->key_nonce, WPA_NONCE_LEN) != 0)
+ {
+ /*
+ * Some supplicant implementations (e.g., Windows XP
+ * WZC) update SNonce for each EAPOL-Key 2/4. This
+ * breaks the workaround on accepting any of the
+ * pending requests, so allow the SNonce to be updated
+ * even if we have already sent out EAPOL-Key 3/4.
+ */
+ wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
+ "Process SNonce update from STA "
+ "based on retransmitted EAPOL-Key "
+ "1/4");
+ sm->update_snonce = 1;
+ wpa_replay_counter_mark_invalid(sm->prev_key_replay,
+ key->replay_counter);
+ goto continue_processing;
+ }
+
+ if (msg == PAIRWISE_2 &&
+ wpa_replay_counter_valid(sm->prev_key_replay,
+ key->replay_counter) &&
+ sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
+ wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
+ "ignore retransmitted EAPOL-Key %s - "
+ "SNonce did not change", msgtxt);
+ } else {
+ wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
+ "received EAPOL-Key %s with "
+ "unexpected replay counter", msgtxt);
+ }
for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
if (!sm->key_replay[i].valid)
break;
@@ -885,10 +933,13 @@
return;
}
+continue_processing:
switch (msg) {
case PAIRWISE_2:
if (sm->wpa_ptk_state != WPA_PTK_PTKSTART &&
- sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) {
+ sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
+ (!sm->update_snonce ||
+ sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
"received EAPOL-Key msg 2/4 in "
"invalid state (%d) - dropped",
@@ -909,9 +960,7 @@
wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
"collect more entropy for random number "
"generation");
- sm->group->reject_4way_hs_for_entropy = FALSE;
random_mark_pool_ready();
- sm->group->first_sta_seen = FALSE;
wpa_sta_disconnect(wpa_auth, sm->addr);
return;
}
@@ -1017,7 +1066,7 @@
}
sm->MICVerified = FALSE;
- if (sm->PTK_valid) {
+ if (sm->PTK_valid && !sm->update_snonce) {
if (wpa_verify_key_mic(&sm->PTK, data, data_len)) {
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
"received EAPOL-Key with invalid MIC");
@@ -1075,12 +1124,30 @@
wpa_rekey_gtk(wpa_auth, NULL);
}
} else {
- /* Do not allow the same key replay counter to be reused. This
- * does also invalidate all other pending replay counters if
- * retransmissions were used, i.e., we will only process one of
- * the pending replies and ignore rest if more than one is
- * received. */
- sm->key_replay[0].valid = FALSE;
+ /* Do not allow the same key replay counter to be reused. */
+ wpa_replay_counter_mark_invalid(sm->key_replay,
+ key->replay_counter);
+
+ if (msg == PAIRWISE_2) {
+ /*
+ * Maintain a copy of the pending EAPOL-Key frames in
+ * case the EAPOL-Key frame was retransmitted. This is
+ * needed to allow EAPOL-Key msg 2/4 reply to another
+ * pending msg 1/4 to update the SNonce to work around
+ * unexpected supplicant behavior.
+ */
+ os_memcpy(sm->prev_key_replay, sm->key_replay,
+ sizeof(sm->key_replay));
+ } else {
+ os_memset(sm->prev_key_replay, 0,
+ sizeof(sm->prev_key_replay));
+ }
+
+ /*
+ * Make sure old valid counters are not accepted anymore and
+ * do not get copied again.
+ */
+ wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
}
#ifdef CONFIG_PEERKEY
@@ -1539,9 +1606,11 @@
}
-static void wpa_group_first_station(struct wpa_authenticator *wpa_auth,
- struct wpa_group *group)
+static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
+ struct wpa_group *group)
{
+ if (group->first_sta_seen)
+ return;
/*
* System has run bit further than at the time hostapd was started
* potentially very early during boot up. This provides better chances
@@ -1555,7 +1624,11 @@
wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
"to proceed - reject first 4-way handshake");
group->reject_4way_hs_for_entropy = TRUE;
+ } else {
+ group->first_sta_seen = TRUE;
+ group->reject_4way_hs_for_entropy = FALSE;
}
+
wpa_group_init_gmk_and_counter(wpa_auth, group);
wpa_gtk_update(wpa_auth, group);
wpa_group_config_group_keys(wpa_auth, group);
@@ -1566,10 +1639,7 @@
{
SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
- if (!sm->group->first_sta_seen) {
- wpa_group_first_station(sm->wpa_auth, sm->group);
- sm->group->first_sta_seen = TRUE;
- }
+ wpa_group_ensure_init(sm->wpa_auth, sm->group);
os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
@@ -1713,6 +1783,7 @@
SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
sm->EAPOLKeyReceived = FALSE;
+ sm->update_snonce = FALSE;
/* WPA with IEEE 802.1X: use the derived PMK from EAP
* WPA-PSK: iterate through possible PSKs and select the one matching
@@ -2132,8 +2203,10 @@
SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
break;
case WPA_PTK_PTKINITNEGOTIATING:
- if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
- sm->EAPOLKeyPairwise && sm->MICVerified)
+ if (sm->update_snonce)
+ SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
+ else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest &&
+ sm->EAPOLKeyPairwise && sm->MICVerified)
SM_ENTER(WPA_PTK, PTKINITDONE);
else if (sm->TimeoutCtr >
(int) dot11RSNAConfigPairwiseUpdateCount) {