Differential D2878 Diff 7063 files/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch

Changeset View

Standalone View

files/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch

This file was added.

				From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
				From: Jouni Malinen <j@w1.fi>
				Date: Sun, 1 Oct 2017 12:12:24 +0300
				Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
				Mode cases

				This extends the protection to track last configured GTK/IGTK value
				separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
				corner case where these two different mechanisms may get used when the
				GTK/IGTK has changed and tracking a single value is not sufficient to
				detect a possible key reconfiguration.

				Signed-off-by: Jouni Malinen <j@w1.fi>
				---
				src/rsn_supp/wpa.c \| 53 +++++++++++++++++++++++++++++++++++++---------------
				src/rsn_supp/wpa_i.h \| 2 ++
				2 files changed, 40 insertions(+), 15 deletions(-)

				diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
				index 95bd7be..7a2c68d 100644
				--- a/src/rsn_supp/wpa.c
				+++ b/src/rsn_supp/wpa.c
				@@ -709,14 +709,17 @@ struct wpa_gtk_data {

				static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
				const struct wpa_gtk_data *gd,
				- const u8 *key_rsc)
				+ const u8 *key_rsc, int wnm_sleep)
				{
				const u8 *_gtk = gd->gtk;
				u8 gtk_buf[32];

				/* Detect possible key reinstallation */
				- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
				- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
				+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
				+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) \|\|
				+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
				+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
				+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
				"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
				gd->keyidx, gd->tx, gd->gtk_len);
				@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
				}
				os_memset(gtk_buf, 0, sizeof(gtk_buf));

				- sm->gtk.gtk_len = gd->gtk_len;
				- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
				+ if (wnm_sleep) {
				+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
				+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
				+ sm->gtk_wnm_sleep.gtk_len);
				+ } else {
				+ sm->gtk.gtk_len = gd->gtk_len;
				+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
				+ }

				return 0;
				}
				@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
				(wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
				gtk_len, gtk_len,
				&gd.key_rsc_len, &gd.alg) \|\|
				- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
				+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
				"RSN: Failed to install GTK");
				os_memset(&gd, 0, sizeof(gd));
				@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,

				#ifdef CONFIG_IEEE80211W
				static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
				- const struct wpa_igtk_kde *igtk)
				+ const struct wpa_igtk_kde *igtk,
				+ int wnm_sleep)
				{
				size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
				u16 keyidx = WPA_GET_LE16(igtk->keyid);

				/* Detect possible key reinstallation */
				- if (sm->igtk.igtk_len == len &&
				- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
				+ if ((sm->igtk.igtk_len == len &&
				+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) \|\|
				+ (sm->igtk_wnm_sleep.igtk_len == len &&
				+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
				+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
				wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
				"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
				keyidx);
				@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
				return -1;
				}

				- sm->igtk.igtk_len = len;
				- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
				+ if (wnm_sleep) {
				+ sm->igtk_wnm_sleep.igtk_len = len;
				+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
				+ sm->igtk_wnm_sleep.igtk_len);
				+ } else {
				+ sm->igtk.igtk_len = len;
				+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
				+ }

				return 0;
				}
				@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
				return -1;

				igtk = (const struct wpa_igtk_kde *) ie->igtk;
				- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
				+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
				return -1;
				}

				@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
				if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
				key_rsc = null_rsc;

				- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) \|\|
				+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) \|\|
				wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
				goto failed;
				os_memset(&gd, 0, sizeof(gd));
				@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm sm, const u8 bssid)
				sm->tptk_set = 0;
				os_memset(&sm->tptk, 0, sizeof(sm->tptk));
				os_memset(&sm->gtk, 0, sizeof(sm->gtk));
				+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
				#ifdef CONFIG_IEEE80211W
				os_memset(&sm->igtk, 0, sizeof(sm->igtk));
				+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
				#endif /* CONFIG_IEEE80211W */
				}

				@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
				os_memset(&sm->ptk, 0, sizeof(sm->ptk));
				os_memset(&sm->tptk, 0, sizeof(sm->tptk));
				os_memset(&sm->gtk, 0, sizeof(sm->gtk));
				+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
				#ifdef CONFIG_IEEE80211W
				os_memset(&sm->igtk, 0, sizeof(sm->igtk));
				+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
				#endif /* CONFIG_IEEE80211W */
				#ifdef CONFIG_IEEE80211R
				os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
				@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm sm, u8 subelem_id, u8 buf)

				wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
				gd.gtk, gd.gtk_len);
				- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
				+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
				os_memset(&gd, 0, sizeof(gd));
				wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
				"WNM mode");
				@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm sm, u8 subelem_id, u8 buf)
				const struct wpa_igtk_kde *igtk;

				igtk = (const struct wpa_igtk_kde *) (buf + 2);
				- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
				+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
				return -1;
				#endif /* CONFIG_IEEE80211W */
				} else {
				diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
				index afc9e37..9a54631 100644
				--- a/src/rsn_supp/wpa_i.h
				+++ b/src/rsn_supp/wpa_i.h
				@@ -32,8 +32,10 @@ struct wpa_sm {
				int rx_replay_counter_set;
				u8 request_counter[WPA_REPLAY_COUNTER_LEN];
				struct wpa_gtk gtk;
				+ struct wpa_gtk gtk_wnm_sleep;
				#ifdef CONFIG_IEEE80211W
				struct wpa_igtk igtk;
				+ struct wpa_igtk igtk_wnm_sleep;
				#endif /* CONFIG_IEEE80211W */

				struct eapol_sm eapol; / EAPOL state machine from upper level code */
				--
				2.7.4