MFV: r336485
Address: hostapd: Avoid key reinstallation in FT handshake Obtained from: https://w1.fi/security/2017-1/\ rebased-v2.6-0001-hostapd-Avoid-key-\ reinstallation-in-FT-handshake.patch X-MFC-with: r336203
This commit is contained in:
parent
16aa04d663
commit
9f36f4327e
@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
|
||||
{
|
||||
struct ieee80211_ht_capabilities ht_cap;
|
||||
struct ieee80211_vht_capabilities vht_cap;
|
||||
int set = 1;
|
||||
|
||||
/*
|
||||
* Remove the STA entry to ensure the STA PS state gets cleared and
|
||||
@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
|
||||
* FT-over-the-DS, where a station re-associates back to the same AP but
|
||||
* skips the authentication flow, or if working with a driver that
|
||||
* does not support full AP client state.
|
||||
*
|
||||
* Skip this if the STA has already completed FT reassociation and the
|
||||
* TK has been configured since the TX/RX PN must not be reset to 0 for
|
||||
* the same key.
|
||||
*/
|
||||
if (!sta->added_unassoc)
|
||||
if (!sta->added_unassoc &&
|
||||
(!(sta->flags & WLAN_STA_AUTHORIZED) ||
|
||||
!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
|
||||
hostapd_drv_sta_remove(hapd, sta->addr);
|
||||
wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
|
||||
set = 0;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_IEEE80211N
|
||||
if (sta->flags & WLAN_STA_HT)
|
||||
@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
|
||||
sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
|
||||
sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
|
||||
sta->vht_opmode, sta->p2p_ie ? 1 : 0,
|
||||
sta->added_unassoc)) {
|
||||
set)) {
|
||||
hostapd_logger(hapd, sta->addr,
|
||||
HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
|
||||
"Could not %s STA to kernel driver",
|
||||
sta->added_unassoc ? "set" : "add");
|
||||
set ? "set" : "add");
|
||||
|
||||
if (sta->added_unassoc) {
|
||||
hostapd_drv_sta_remove(hapd, sta->addr);
|
||||
|
@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
|
||||
#else /* CONFIG_IEEE80211R */
|
||||
break;
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
case WPA_DRV_STA_REMOVED:
|
||||
sm->tk_already_set = FALSE;
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
|
@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||
u8 *data, size_t data_len);
|
||||
enum wpa_event {
|
||||
WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
|
||||
WPA_REAUTH_EAPOL, WPA_ASSOC_FT
|
||||
WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
|
||||
};
|
||||
void wpa_remove_ptk(struct wpa_state_machine *sm);
|
||||
int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
|
||||
|
Loading…
Reference in New Issue
Block a user