wpa_supplicant-2.6-upstream_fixes-1.patch 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677
  1. Submitted By: Tim Tassonis <stuff at decentral.ch>
  2. Date: 2017-10-16
  3. Initial Package Version: 2.6
  4. Upstream Status: Applied
  5. Origin: Upstream
  6. Description: Fixes 'krackattacks' protocol weakness (CVE-2017-13077 to 13088, 13084 is N/A)
  7. diff -ruN wpa_supplicant-2.6/src/ap/ieee802_11.c wpa_supplicant-2.6-krack1/src/ap/ieee802_11.c
  8. --- wpa_supplicant-2.6/src/ap/ieee802_11.c 2016-10-02 20:51:11.000000000 +0200
  9. +++ wpa_supplicant-2.6-krack1/src/ap/ieee802_11.c 2017-10-16 17:54:06.042736097 +0200
  10. @@ -1841,6 +1841,7 @@
  11. {
  12. struct ieee80211_ht_capabilities ht_cap;
  13. struct ieee80211_vht_capabilities vht_cap;
  14. + int set = 1;
  15. /*
  16. * Remove the STA entry to ensure the STA PS state gets cleared and
  17. @@ -1848,9 +1849,18 @@
  18. * FT-over-the-DS, where a station re-associates back to the same AP but
  19. * skips the authentication flow, or if working with a driver that
  20. * does not support full AP client state.
  21. + *
  22. + * Skip this if the STA has already completed FT reassociation and the
  23. + * TK has been configured since the TX/RX PN must not be reset to 0 for
  24. + * the same key.
  25. */
  26. - if (!sta->added_unassoc)
  27. + if (!sta->added_unassoc &&
  28. + (!(sta->flags & WLAN_STA_AUTHORIZED) ||
  29. + !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
  30. hostapd_drv_sta_remove(hapd, sta->addr);
  31. + wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
  32. + set = 0;
  33. + }
  34. #ifdef CONFIG_IEEE80211N
  35. if (sta->flags & WLAN_STA_HT)
  36. @@ -1873,11 +1883,11 @@
  37. sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
  38. sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
  39. sta->vht_opmode, sta->p2p_ie ? 1 : 0,
  40. - sta->added_unassoc)) {
  41. + set)) {
  42. hostapd_logger(hapd, sta->addr,
  43. HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
  44. "Could not %s STA to kernel driver",
  45. - sta->added_unassoc ? "set" : "add");
  46. + set ? "set" : "add");
  47. if (sta->added_unassoc) {
  48. hostapd_drv_sta_remove(hapd, sta->addr);
  49. diff -ruN wpa_supplicant-2.6/src/ap/wpa_auth.c wpa_supplicant-2.6-krack1/src/ap/wpa_auth.c
  50. --- wpa_supplicant-2.6/src/ap/wpa_auth.c 2016-10-02 20:51:11.000000000 +0200
  51. +++ wpa_supplicant-2.6-krack1/src/ap/wpa_auth.c 2017-10-16 17:55:02.289743770 +0200
  52. @@ -1745,6 +1745,9 @@
  53. #else /* CONFIG_IEEE80211R */
  54. break;
  55. #endif /* CONFIG_IEEE80211R */
  56. + case WPA_DRV_STA_REMOVED:
  57. + sm->tk_already_set = FALSE;
  58. + return 0;
  59. }
  60. #ifdef CONFIG_IEEE80211R
  61. @@ -1898,6 +1901,21 @@
  62. }
  63. +static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
  64. +{
  65. + if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
  66. + wpa_printf(MSG_ERROR,
  67. + "WPA: Failed to get random data for ANonce");
  68. + sm->Disconnect = TRUE;
  69. + return -1;
  70. + }
  71. + wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
  72. + WPA_NONCE_LEN);
  73. + sm->TimeoutCtr = 0;
  74. + return 0;
  75. +}
  76. +
  77. +
  78. SM_STATE(WPA_PTK, INITPMK)
  79. {
  80. u8 msk[2 * PMK_LEN];
  81. @@ -2455,9 +2473,12 @@
  82. SM_ENTER(WPA_PTK, AUTHENTICATION);
  83. else if (sm->ReAuthenticationRequest)
  84. SM_ENTER(WPA_PTK, AUTHENTICATION2);
  85. - else if (sm->PTKRequest)
  86. - SM_ENTER(WPA_PTK, PTKSTART);
  87. - else switch (sm->wpa_ptk_state) {
  88. + else if (sm->PTKRequest) {
  89. + if (wpa_auth_sm_ptk_update(sm) < 0)
  90. + SM_ENTER(WPA_PTK, DISCONNECTED);
  91. + else
  92. + SM_ENTER(WPA_PTK, PTKSTART);
  93. + } else switch (sm->wpa_ptk_state) {
  94. case WPA_PTK_INITIALIZE:
  95. break;
  96. case WPA_PTK_DISCONNECT:
  97. @@ -3250,6 +3271,14 @@
  98. }
  99. +int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
  100. +{
  101. + if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
  102. + return 0;
  103. + return sm->tk_already_set;
  104. +}
  105. +
  106. +
  107. int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
  108. struct rsn_pmksa_cache_entry *entry)
  109. {
  110. diff -ruN wpa_supplicant-2.6/src/ap/wpa_auth_ft.c wpa_supplicant-2.6-krack1/src/ap/wpa_auth_ft.c
  111. --- wpa_supplicant-2.6/src/ap/wpa_auth_ft.c 2016-10-02 20:51:11.000000000 +0200
  112. +++ wpa_supplicant-2.6-krack1/src/ap/wpa_auth_ft.c 2017-10-16 17:54:06.043736097 +0200
  113. @@ -780,6 +780,14 @@
  114. return;
  115. }
  116. + if (sm->tk_already_set) {
  117. + /* Must avoid TK reconfiguration to prevent clearing of TX/RX
  118. + * PN in the driver */
  119. + wpa_printf(MSG_DEBUG,
  120. + "FT: Do not re-install same PTK to the driver");
  121. + return;
  122. + }
  123. +
  124. /* FIX: add STA entry to kernel/driver here? The set_key will fail
  125. * most likely without this.. At the moment, STA entry is added only
  126. * after association has been completed. This function will be called
  127. @@ -792,6 +800,7 @@
  128. /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
  129. sm->pairwise_set = TRUE;
  130. + sm->tk_already_set = TRUE;
  131. }
  132. @@ -898,6 +907,7 @@
  133. sm->pairwise = pairwise;
  134. sm->PTK_valid = TRUE;
  135. + sm->tk_already_set = FALSE;
  136. wpa_ft_install_ptk(sm);
  137. buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
  138. diff -ruN wpa_supplicant-2.6/src/ap/wpa_auth.h wpa_supplicant-2.6-krack1/src/ap/wpa_auth.h
  139. --- wpa_supplicant-2.6/src/ap/wpa_auth.h 2016-10-02 20:51:11.000000000 +0200
  140. +++ wpa_supplicant-2.6-krack1/src/ap/wpa_auth.h 2017-10-16 17:54:06.043736097 +0200
  141. @@ -267,7 +267,7 @@
  142. u8 *data, size_t data_len);
  143. enum wpa_event {
  144. WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
  145. - WPA_REAUTH_EAPOL, WPA_ASSOC_FT
  146. + WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
  147. };
  148. void wpa_remove_ptk(struct wpa_state_machine *sm);
  149. int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
  150. @@ -280,6 +280,7 @@
  151. int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
  152. int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
  153. int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
  154. +int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
  155. int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
  156. struct rsn_pmksa_cache_entry *entry);
  157. struct rsn_pmksa_cache_entry *
  158. diff -ruN wpa_supplicant-2.6/src/ap/wpa_auth_i.h wpa_supplicant-2.6-krack1/src/ap/wpa_auth_i.h
  159. --- wpa_supplicant-2.6/src/ap/wpa_auth_i.h 2016-10-02 20:51:11.000000000 +0200
  160. +++ wpa_supplicant-2.6-krack1/src/ap/wpa_auth_i.h 2017-10-16 17:54:06.043736097 +0200
  161. @@ -65,6 +65,7 @@
  162. struct wpa_ptk PTK;
  163. Boolean PTK_valid;
  164. Boolean pairwise_set;
  165. + Boolean tk_already_set;
  166. int keycount;
  167. Boolean Pair;
  168. struct wpa_key_replay_counter {
  169. diff -ruN wpa_supplicant-2.6/src/common/wpa_common.h wpa_supplicant-2.6-krack1/src/common/wpa_common.h
  170. --- wpa_supplicant-2.6/src/common/wpa_common.h 2016-10-02 20:51:11.000000000 +0200
  171. +++ wpa_supplicant-2.6-krack1/src/common/wpa_common.h 2017-10-16 17:54:56.105742922 +0200
  172. @@ -215,8 +215,20 @@
  173. size_t kck_len;
  174. size_t kek_len;
  175. size_t tk_len;
  176. + int installed; /* 1 if key has already been installed to driver */
  177. };
  178. +struct wpa_gtk {
  179. + u8 gtk[WPA_GTK_MAX_LEN];
  180. + size_t gtk_len;
  181. +};
  182. +
  183. +#ifdef CONFIG_IEEE80211W
  184. +struct wpa_igtk {
  185. + u8 igtk[WPA_IGTK_MAX_LEN];
  186. + size_t igtk_len;
  187. +};
  188. +#endif /* CONFIG_IEEE80211W */
  189. /* WPA IE version 1
  190. * 00-50-f2:1 (OUI:OUI type)
  191. diff -ruN wpa_supplicant-2.6/src/rsn_supp/tdls.c wpa_supplicant-2.6-krack1/src/rsn_supp/tdls.c
  192. --- wpa_supplicant-2.6/src/rsn_supp/tdls.c 2016-10-02 20:51:11.000000000 +0200
  193. +++ wpa_supplicant-2.6-krack1/src/rsn_supp/tdls.c 2017-10-16 17:55:11.281744997 +0200
  194. @@ -112,6 +112,7 @@
  195. u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
  196. } tpk;
  197. int tpk_set;
  198. + int tk_set; /* TPK-TK configured to the driver */
  199. int tpk_success;
  200. int tpk_in_progress;
  201. @@ -192,6 +193,20 @@
  202. u8 rsc[6];
  203. enum wpa_alg alg;
  204. + if (peer->tk_set) {
  205. + /*
  206. + * This same TPK-TK has already been configured to the driver
  207. + * and this new configuration attempt (likely due to an
  208. + * unexpected retransmitted frame) would result in clearing
  209. + * the TX/RX sequence number which can break security, so must
  210. + * not allow that to happen.
  211. + */
  212. + wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
  213. + " has already been configured to the driver - do not reconfigure",
  214. + MAC2STR(peer->addr));
  215. + return -1;
  216. + }
  217. +
  218. os_memset(rsc, 0, 6);
  219. switch (peer->cipher) {
  220. @@ -209,12 +224,15 @@
  221. return -1;
  222. }
  223. + wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
  224. + MAC2STR(peer->addr));
  225. if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
  226. rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
  227. wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
  228. "driver");
  229. return -1;
  230. }
  231. + peer->tk_set = 1;
  232. return 0;
  233. }
  234. @@ -696,7 +714,7 @@
  235. peer->cipher = 0;
  236. peer->qos_info = 0;
  237. peer->wmm_capable = 0;
  238. - peer->tpk_set = peer->tpk_success = 0;
  239. + peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
  240. peer->chan_switch_enabled = 0;
  241. os_memset(&peer->tpk, 0, sizeof(peer->tpk));
  242. os_memset(peer->inonce, 0, WPA_NONCE_LEN);
  243. @@ -1159,6 +1177,7 @@
  244. wpa_tdls_peer_free(sm, peer);
  245. return -1;
  246. }
  247. + peer->tk_set = 0; /* A new nonce results in a new TK */
  248. wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
  249. peer->inonce, WPA_NONCE_LEN);
  250. os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
  251. @@ -1751,6 +1770,19 @@
  252. }
  253. +static int tdls_nonce_set(const u8 *nonce)
  254. +{
  255. + int i;
  256. +
  257. + for (i = 0; i < WPA_NONCE_LEN; i++) {
  258. + if (nonce[i])
  259. + return 1;
  260. + }
  261. +
  262. + return 0;
  263. +}
  264. +
  265. +
  266. static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
  267. const u8 *buf, size_t len)
  268. {
  269. @@ -2004,7 +2036,8 @@
  270. peer->rsnie_i_len = kde.rsn_ie_len;
  271. peer->cipher = cipher;
  272. - if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
  273. + if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
  274. + !tdls_nonce_set(peer->inonce)) {
  275. /*
  276. * There is no point in updating the RNonce for every obtained
  277. * TPK M1 frame (e.g., retransmission due to timeout) with the
  278. @@ -2020,6 +2053,7 @@
  279. "TDLS: Failed to get random data for responder nonce");
  280. goto error;
  281. }
  282. + peer->tk_set = 0; /* A new nonce results in a new TK */
  283. }
  284. #if 0
  285. diff -ruN wpa_supplicant-2.6/src/rsn_supp/wpa.c wpa_supplicant-2.6-krack1/src/rsn_supp/wpa.c
  286. --- wpa_supplicant-2.6/src/rsn_supp/wpa.c 2016-10-02 20:51:11.000000000 +0200
  287. +++ wpa_supplicant-2.6-krack1/src/rsn_supp/wpa.c 2017-10-16 17:55:23.280746653 +0200
  288. @@ -510,7 +510,6 @@
  289. os_memset(buf, 0, sizeof(buf));
  290. }
  291. sm->tptk_set = 1;
  292. - sm->tk_to_set = 1;
  293. kde = sm->assoc_wpa_ie;
  294. kde_len = sm->assoc_wpa_ie_len;
  295. @@ -615,7 +614,7 @@
  296. enum wpa_alg alg;
  297. const u8 *key_rsc;
  298. - if (!sm->tk_to_set) {
  299. + if (sm->ptk.installed) {
  300. wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
  301. "WPA: Do not re-install same PTK to the driver");
  302. return 0;
  303. @@ -659,7 +658,7 @@
  304. /* TK is not needed anymore in supplicant */
  305. os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
  306. - sm->tk_to_set = 0;
  307. + sm->ptk.installed = 1;
  308. if (sm->wpa_ptk_rekey) {
  309. eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
  310. @@ -709,11 +708,23 @@
  311. static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
  312. const struct wpa_gtk_data *gd,
  313. - const u8 *key_rsc)
  314. + const u8 *key_rsc, int wnm_sleep)
  315. {
  316. const u8 *_gtk = gd->gtk;
  317. u8 gtk_buf[32];
  318. + /* Detect possible key reinstallation */
  319. + if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
  320. + os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
  321. + (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
  322. + os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
  323. + sm->gtk_wnm_sleep.gtk_len) == 0)) {
  324. + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
  325. + "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
  326. + gd->keyidx, gd->tx, gd->gtk_len);
  327. + return 0;
  328. + }
  329. +
  330. wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
  331. wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
  332. "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
  333. @@ -748,6 +759,15 @@
  334. }
  335. os_memset(gtk_buf, 0, sizeof(gtk_buf));
  336. + if (wnm_sleep) {
  337. + sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
  338. + os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
  339. + sm->gtk_wnm_sleep.gtk_len);
  340. + } else {
  341. + sm->gtk.gtk_len = gd->gtk_len;
  342. + os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
  343. + }
  344. +
  345. return 0;
  346. }
  347. @@ -840,7 +860,7 @@
  348. (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
  349. gtk_len, gtk_len,
  350. &gd.key_rsc_len, &gd.alg) ||
  351. - wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
  352. + wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
  353. wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
  354. "RSN: Failed to install GTK");
  355. os_memset(&gd, 0, sizeof(gd));
  356. @@ -854,6 +874,58 @@
  357. }
  358. +#ifdef CONFIG_IEEE80211W
  359. +static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
  360. + const struct wpa_igtk_kde *igtk,
  361. + int wnm_sleep)
  362. +{
  363. + size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
  364. + u16 keyidx = WPA_GET_LE16(igtk->keyid);
  365. +
  366. + /* Detect possible key reinstallation */
  367. + if ((sm->igtk.igtk_len == len &&
  368. + os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
  369. + (sm->igtk_wnm_sleep.igtk_len == len &&
  370. + os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
  371. + sm->igtk_wnm_sleep.igtk_len) == 0)) {
  372. + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
  373. + "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
  374. + keyidx);
  375. + return 0;
  376. + }
  377. +
  378. + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
  379. + "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
  380. + keyidx, MAC2STR(igtk->pn));
  381. + wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
  382. + if (keyidx > 4095) {
  383. + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
  384. + "WPA: Invalid IGTK KeyID %d", keyidx);
  385. + return -1;
  386. + }
  387. + if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
  388. + broadcast_ether_addr,
  389. + keyidx, 0, igtk->pn, sizeof(igtk->pn),
  390. + igtk->igtk, len) < 0) {
  391. + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
  392. + "WPA: Failed to configure IGTK to the driver");
  393. + return -1;
  394. + }
  395. +
  396. + if (wnm_sleep) {
  397. + sm->igtk_wnm_sleep.igtk_len = len;
  398. + os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
  399. + sm->igtk_wnm_sleep.igtk_len);
  400. + } else {
  401. + sm->igtk.igtk_len = len;
  402. + os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
  403. + }
  404. +
  405. + return 0;
  406. +}
  407. +#endif /* CONFIG_IEEE80211W */
  408. +
  409. +
  410. static int ieee80211w_set_keys(struct wpa_sm *sm,
  411. struct wpa_eapol_ie_parse *ie)
  412. {
  413. @@ -864,30 +936,14 @@
  414. if (ie->igtk) {
  415. size_t len;
  416. const struct wpa_igtk_kde *igtk;
  417. - u16 keyidx;
  418. +
  419. len = wpa_cipher_key_len(sm->mgmt_group_cipher);
  420. if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
  421. return -1;
  422. +
  423. igtk = (const struct wpa_igtk_kde *) ie->igtk;
  424. - keyidx = WPA_GET_LE16(igtk->keyid);
  425. - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
  426. - "pn %02x%02x%02x%02x%02x%02x",
  427. - keyidx, MAC2STR(igtk->pn));
  428. - wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
  429. - igtk->igtk, len);
  430. - if (keyidx > 4095) {
  431. - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
  432. - "WPA: Invalid IGTK KeyID %d", keyidx);
  433. - return -1;
  434. - }
  435. - if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
  436. - broadcast_ether_addr,
  437. - keyidx, 0, igtk->pn, sizeof(igtk->pn),
  438. - igtk->igtk, len) < 0) {
  439. - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
  440. - "WPA: Failed to configure IGTK to the driver");
  441. + if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
  442. return -1;
  443. - }
  444. }
  445. return 0;
  446. @@ -1536,7 +1592,7 @@
  447. if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
  448. key_rsc = null_rsc;
  449. - if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
  450. + if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
  451. wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
  452. goto failed;
  453. os_memset(&gd, 0, sizeof(gd));
  454. @@ -2307,7 +2363,7 @@
  455. */
  456. void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
  457. {
  458. - int clear_ptk = 1;
  459. + int clear_keys = 1;
  460. if (sm == NULL)
  461. return;
  462. @@ -2333,11 +2389,11 @@
  463. /* Prepare for the next transition */
  464. wpa_ft_prepare_auth_request(sm, NULL);
  465. - clear_ptk = 0;
  466. + clear_keys = 0;
  467. }
  468. #endif /* CONFIG_IEEE80211R */
  469. - if (clear_ptk) {
  470. + if (clear_keys) {
  471. /*
  472. * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
  473. * this is not part of a Fast BSS Transition.
  474. @@ -2347,6 +2403,12 @@
  475. os_memset(&sm->ptk, 0, sizeof(sm->ptk));
  476. sm->tptk_set = 0;
  477. os_memset(&sm->tptk, 0, sizeof(sm->tptk));
  478. + os_memset(&sm->gtk, 0, sizeof(sm->gtk));
  479. + os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
  480. +#ifdef CONFIG_IEEE80211W
  481. + os_memset(&sm->igtk, 0, sizeof(sm->igtk));
  482. + os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
  483. +#endif /* CONFIG_IEEE80211W */
  484. }
  485. #ifdef CONFIG_TDLS
  486. @@ -2378,6 +2440,9 @@
  487. #ifdef CONFIG_TDLS
  488. wpa_tdls_disassoc(sm);
  489. #endif /* CONFIG_TDLS */
  490. +#ifdef CONFIG_IEEE80211R
  491. + sm->ft_reassoc_completed = 0;
  492. +#endif /* CONFIG_IEEE80211R */
  493. /* Keys are not needed in the WPA state machine anymore */
  494. wpa_sm_drop_sa(sm);
  495. @@ -2877,6 +2942,12 @@
  496. os_memset(sm->pmk, 0, sizeof(sm->pmk));
  497. os_memset(&sm->ptk, 0, sizeof(sm->ptk));
  498. os_memset(&sm->tptk, 0, sizeof(sm->tptk));
  499. + os_memset(&sm->gtk, 0, sizeof(sm->gtk));
  500. + os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
  501. +#ifdef CONFIG_IEEE80211W
  502. + os_memset(&sm->igtk, 0, sizeof(sm->igtk));
  503. + os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
  504. +#endif /* CONFIG_IEEE80211W */
  505. #ifdef CONFIG_IEEE80211R
  506. os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
  507. os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
  508. @@ -2940,7 +3011,7 @@
  509. wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
  510. gd.gtk, gd.gtk_len);
  511. - if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
  512. + if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
  513. os_memset(&gd, 0, sizeof(gd));
  514. wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
  515. "WNM mode");
  516. @@ -2949,29 +3020,11 @@
  517. os_memset(&gd, 0, sizeof(gd));
  518. #ifdef CONFIG_IEEE80211W
  519. } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
  520. - struct wpa_igtk_kde igd;
  521. - u16 keyidx;
  522. + const struct wpa_igtk_kde *igtk;
  523. - os_memset(&igd, 0, sizeof(igd));
  524. - keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
  525. - os_memcpy(igd.keyid, buf + 2, 2);
  526. - os_memcpy(igd.pn, buf + 4, 6);
  527. -
  528. - keyidx = WPA_GET_LE16(igd.keyid);
  529. - os_memcpy(igd.igtk, buf + 10, keylen);
  530. -
  531. - wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
  532. - igd.igtk, keylen);
  533. - if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
  534. - broadcast_ether_addr,
  535. - keyidx, 0, igd.pn, sizeof(igd.pn),
  536. - igd.igtk, keylen) < 0) {
  537. - wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
  538. - "WNM mode");
  539. - os_memset(&igd, 0, sizeof(igd));
  540. + igtk = (const struct wpa_igtk_kde *) (buf + 2);
  541. + if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
  542. return -1;
  543. - }
  544. - os_memset(&igd, 0, sizeof(igd));
  545. #endif /* CONFIG_IEEE80211W */
  546. } else {
  547. wpa_printf(MSG_DEBUG, "Unknown element id");
  548. diff -ruN wpa_supplicant-2.6/src/rsn_supp/wpa_ft.c wpa_supplicant-2.6-krack1/src/rsn_supp/wpa_ft.c
  549. --- wpa_supplicant-2.6/src/rsn_supp/wpa_ft.c 2016-10-02 20:51:11.000000000 +0200
  550. +++ wpa_supplicant-2.6-krack1/src/rsn_supp/wpa_ft.c 2017-10-16 17:55:23.280746653 +0200
  551. @@ -153,6 +153,7 @@
  552. u16 capab;
  553. sm->ft_completed = 0;
  554. + sm->ft_reassoc_completed = 0;
  555. buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
  556. 2 + sm->r0kh_id_len + ric_ies_len + 100;
  557. @@ -681,6 +682,11 @@
  558. return -1;
  559. }
  560. + if (sm->ft_reassoc_completed) {
  561. + wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
  562. + return 0;
  563. + }
  564. +
  565. if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
  566. wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
  567. return -1;
  568. @@ -781,6 +787,8 @@
  569. return -1;
  570. }
  571. + sm->ft_reassoc_completed = 1;
  572. +
  573. if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
  574. return -1;
  575. diff -ruN wpa_supplicant-2.6/src/rsn_supp/wpa_i.h wpa_supplicant-2.6-krack1/src/rsn_supp/wpa_i.h
  576. --- wpa_supplicant-2.6/src/rsn_supp/wpa_i.h 2016-10-02 20:51:11.000000000 +0200
  577. +++ wpa_supplicant-2.6-krack1/src/rsn_supp/wpa_i.h 2017-10-16 17:55:23.280746653 +0200
  578. @@ -24,13 +24,18 @@
  579. struct wpa_ptk ptk, tptk;
  580. int ptk_set, tptk_set;
  581. unsigned int msg_3_of_4_ok:1;
  582. - unsigned int tk_to_set:1;
  583. u8 snonce[WPA_NONCE_LEN];
  584. u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
  585. int renew_snonce;
  586. u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
  587. int rx_replay_counter_set;
  588. u8 request_counter[WPA_REPLAY_COUNTER_LEN];
  589. + struct wpa_gtk gtk;
  590. + struct wpa_gtk gtk_wnm_sleep;
  591. +#ifdef CONFIG_IEEE80211W
  592. + struct wpa_igtk igtk;
  593. + struct wpa_igtk igtk_wnm_sleep;
  594. +#endif /* CONFIG_IEEE80211W */
  595. struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
  596. @@ -123,6 +128,7 @@
  597. size_t r0kh_id_len;
  598. u8 r1kh_id[FT_R1KH_ID_LEN];
  599. int ft_completed;
  600. + int ft_reassoc_completed;
  601. int over_the_ds_in_progress;
  602. u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
  603. int set_ptk_after_assoc;
  604. diff -ruN wpa_supplicant-2.6/wpa_supplicant/wnm_sta.c wpa_supplicant-2.6-krack1/wpa_supplicant/wnm_sta.c
  605. --- wpa_supplicant-2.6/wpa_supplicant/wnm_sta.c 2016-10-02 20:51:11.000000000 +0200
  606. +++ wpa_supplicant-2.6-krack1/wpa_supplicant/wnm_sta.c 2017-10-16 17:51:00.652711482 +0200
  607. @@ -260,7 +260,7 @@
  608. if (!wpa_s->wnmsleep_used) {
  609. wpa_printf(MSG_DEBUG,
  610. - "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
  611. + "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
  612. return;
  613. }
  614. @@ -299,6 +299,8 @@
  615. return;
  616. }
  617. + wpa_s->wnmsleep_used = 0;
  618. +
  619. if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
  620. wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
  621. wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "