summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta-oe/recipes-connectivity/hostapd/hostapd/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch177
-rw-r--r--meta-oe/recipes-connectivity/hostapd/hostapd/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch253
-rw-r--r--meta-oe/recipes-connectivity/hostapd/hostapd/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch187
-rw-r--r--meta-oe/recipes-connectivity/hostapd/hostapd/0004-Prevent-installation-of-an-all-zero-TK.patch82
-rw-r--r--meta-oe/recipes-connectivity/hostapd/hostapd/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch67
-rw-r--r--meta-oe/recipes-connectivity/hostapd/hostapd/0006-TDLS-Reject-TPK-TK-reconfiguration.patch135
-rw-r--r--meta-oe/recipes-connectivity/hostapd/hostapd/0007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch85
-rw-r--r--meta-oe/recipes-connectivity/hostapd/hostapd/hostapd-CVE-2018-14526.patch44
-rw-r--r--meta-oe/recipes-connectivity/hostapd/hostapd_2.8.bb (renamed from meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb)14
9 files changed, 3 insertions, 1041 deletions
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
deleted file mode 100644
index 5535a3c5a1..0000000000
--- a/meta-oe/recipes-connectivity/hostapd/hostapd/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+++ /dev/null
@@ -1,177 +0,0 @@
1From 044ae35c5694c39a4aca2a33502cc3897e88f79e Mon Sep 17 00:00:00 2001
2From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
3Date: Fri, 14 Jul 2017 15:15:35 +0200
4Subject: [PATCH 1/7] hostapd: Avoid key reinstallation in FT handshake
5
6Do not reinstall TK to the driver during Reassociation Response frame
7processing if the first attempt of setting the TK succeeded. This avoids
8issues related to clearing the TX/RX PN that could result in reusing
9same PN values for transmitted frames (e.g., due to CCM nonce reuse and
10also hitting replay protection on the receiver) and accepting replayed
11frames on RX side.
12
13This issue was introduced by the commit
140e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
15authenticator') which allowed wpa_ft_install_ptk() to be called multiple
16times with the same PTK. While the second configuration attempt is
17needed with some drivers, it must be done only if the first attempt
18failed.
19
20Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
21
22Upstream-Status: Backport
23Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
24---
25 src/ap/ieee802_11.c | 16 +++++++++++++---
26 src/ap/wpa_auth.c | 11 +++++++++++
27 src/ap/wpa_auth.h | 3 ++-
28 src/ap/wpa_auth_ft.c | 10 ++++++++++
29 src/ap/wpa_auth_i.h | 1 +
30 5 files changed, 37 insertions(+), 4 deletions(-)
31
32diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
33index 4e04169..333035f 100644
34--- a/src/ap/ieee802_11.c
35+++ b/src/ap/ieee802_11.c
36@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
37 {
38 struct ieee80211_ht_capabilities ht_cap;
39 struct ieee80211_vht_capabilities vht_cap;
40+ int set = 1;
41
42 /*
43 * Remove the STA entry to ensure the STA PS state gets cleared and
44@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
45 * FT-over-the-DS, where a station re-associates back to the same AP but
46 * skips the authentication flow, or if working with a driver that
47 * does not support full AP client state.
48+ *
49+ * Skip this if the STA has already completed FT reassociation and the
50+ * TK has been configured since the TX/RX PN must not be reset to 0 for
51+ * the same key.
52 */
53- if (!sta->added_unassoc)
54+ if (!sta->added_unassoc &&
55+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
56+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
57 hostapd_drv_sta_remove(hapd, sta->addr);
58+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
59+ set = 0;
60+ }
61
62 #ifdef CONFIG_IEEE80211N
63 if (sta->flags & WLAN_STA_HT)
64@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
65 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
66 sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
67 sta->vht_opmode, sta->p2p_ie ? 1 : 0,
68- sta->added_unassoc)) {
69+ set)) {
70 hostapd_logger(hapd, sta->addr,
71 HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
72 "Could not %s STA to kernel driver",
73- sta->added_unassoc ? "set" : "add");
74+ set ? "set" : "add");
75
76 if (sta->added_unassoc) {
77 hostapd_drv_sta_remove(hapd, sta->addr);
78diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
79index 3587086..707971d 100644
80--- a/src/ap/wpa_auth.c
81+++ b/src/ap/wpa_auth.c
82@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
83 #else /* CONFIG_IEEE80211R */
84 break;
85 #endif /* CONFIG_IEEE80211R */
86+ case WPA_DRV_STA_REMOVED:
87+ sm->tk_already_set = FALSE;
88+ return 0;
89 }
90
91 #ifdef CONFIG_IEEE80211R
92@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
93 }
94
95
96+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
97+{
98+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
99+ return 0;
100+ return sm->tk_already_set;
101+}
102+
103+
104 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
105 struct rsn_pmksa_cache_entry *entry)
106 {
107diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
108index 0de8d97..97461b0 100644
109--- a/src/ap/wpa_auth.h
110+++ b/src/ap/wpa_auth.h
111@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
112 u8 *data, size_t data_len);
113 enum wpa_event {
114 WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
115- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
116+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
117 };
118 void wpa_remove_ptk(struct wpa_state_machine *sm);
119 int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
120@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
121 int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
122 int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
123 int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
124+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
125 int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
126 struct rsn_pmksa_cache_entry *entry);
127 struct rsn_pmksa_cache_entry *
128diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
129index 42242a5..e63b99a 100644
130--- a/src/ap/wpa_auth_ft.c
131+++ b/src/ap/wpa_auth_ft.c
132@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
133 return;
134 }
135
136+ if (sm->tk_already_set) {
137+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
138+ * PN in the driver */
139+ wpa_printf(MSG_DEBUG,
140+ "FT: Do not re-install same PTK to the driver");
141+ return;
142+ }
143+
144 /* FIX: add STA entry to kernel/driver here? The set_key will fail
145 * most likely without this.. At the moment, STA entry is added only
146 * after association has been completed. This function will be called
147@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
148
149 /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
150 sm->pairwise_set = TRUE;
151+ sm->tk_already_set = TRUE;
152 }
153
154
155@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
156
157 sm->pairwise = pairwise;
158 sm->PTK_valid = TRUE;
159+ sm->tk_already_set = FALSE;
160 wpa_ft_install_ptk(sm);
161
162 buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
163diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
164index 72b7eb3..7fd8f05 100644
165--- a/src/ap/wpa_auth_i.h
166+++ b/src/ap/wpa_auth_i.h
167@@ -65,6 +65,7 @@ struct wpa_state_machine {
168 struct wpa_ptk PTK;
169 Boolean PTK_valid;
170 Boolean pairwise_set;
171+ Boolean tk_already_set;
172 int keycount;
173 Boolean Pair;
174 struct wpa_key_replay_counter {
175--
1761.8.3.1
177
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
deleted file mode 100644
index 4e57bcaa5a..0000000000
--- a/meta-oe/recipes-connectivity/hostapd/hostapd/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+++ /dev/null
@@ -1,253 +0,0 @@
1From c623cc973de525f7411dffe438e957ba86ef4733 Mon Sep 17 00:00:00 2001
2From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
3Date: Wed, 12 Jul 2017 16:03:24 +0200
4Subject: [PATCH 2/7] Prevent reinstallation of an already in-use group key
5
6Track the current GTK and IGTK that is in use and when receiving a
7(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
8not install the given key if it is already in use. This prevents an
9attacker from trying to trick the client into resetting or lowering the
10sequence counter associated to the group key.
11
12Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
13
14Upstream-Status: Backport
15Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
16---
17 src/common/wpa_common.h | 11 +++++
18 src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
19 src/rsn_supp/wpa_i.h | 4 ++
20 3 files changed, 87 insertions(+), 44 deletions(-)
21
22diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
23index af1d0f0..d200285 100644
24--- a/src/common/wpa_common.h
25+++ b/src/common/wpa_common.h
26@@ -217,6 +217,17 @@ struct wpa_ptk {
27 size_t tk_len;
28 };
29
30+struct wpa_gtk {
31+ u8 gtk[WPA_GTK_MAX_LEN];
32+ size_t gtk_len;
33+};
34+
35+#ifdef CONFIG_IEEE80211W
36+struct wpa_igtk {
37+ u8 igtk[WPA_IGTK_MAX_LEN];
38+ size_t igtk_len;
39+};
40+#endif /* CONFIG_IEEE80211W */
41
42 /* WPA IE version 1
43 * 00-50-f2:1 (OUI:OUI type)
44diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
45index 3c47879..95bd7be 100644
46--- a/src/rsn_supp/wpa.c
47+++ b/src/rsn_supp/wpa.c
48@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
49 const u8 *_gtk = gd->gtk;
50 u8 gtk_buf[32];
51
52+ /* Detect possible key reinstallation */
53+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
54+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
55+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
56+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
57+ gd->keyidx, gd->tx, gd->gtk_len);
58+ return 0;
59+ }
60+
61 wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
62 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
63 "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
64@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
65 }
66 os_memset(gtk_buf, 0, sizeof(gtk_buf));
67
68+ sm->gtk.gtk_len = gd->gtk_len;
69+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
70+
71 return 0;
72 }
73
74@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
75 }
76
77
78+#ifdef CONFIG_IEEE80211W
79+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
80+ const struct wpa_igtk_kde *igtk)
81+{
82+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
83+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
84+
85+ /* Detect possible key reinstallation */
86+ if (sm->igtk.igtk_len == len &&
87+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
88+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
89+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
90+ keyidx);
91+ return 0;
92+ }
93+
94+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
95+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
96+ keyidx, MAC2STR(igtk->pn));
97+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
98+ if (keyidx > 4095) {
99+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
100+ "WPA: Invalid IGTK KeyID %d", keyidx);
101+ return -1;
102+ }
103+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
104+ broadcast_ether_addr,
105+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
106+ igtk->igtk, len) < 0) {
107+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
108+ "WPA: Failed to configure IGTK to the driver");
109+ return -1;
110+ }
111+
112+ sm->igtk.igtk_len = len;
113+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
114+
115+ return 0;
116+}
117+#endif /* CONFIG_IEEE80211W */
118+
119+
120 static int ieee80211w_set_keys(struct wpa_sm *sm,
121 struct wpa_eapol_ie_parse *ie)
122 {
123@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
124 if (ie->igtk) {
125 size_t len;
126 const struct wpa_igtk_kde *igtk;
127- u16 keyidx;
128+
129 len = wpa_cipher_key_len(sm->mgmt_group_cipher);
130 if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
131 return -1;
132+
133 igtk = (const struct wpa_igtk_kde *) ie->igtk;
134- keyidx = WPA_GET_LE16(igtk->keyid);
135- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
136- "pn %02x%02x%02x%02x%02x%02x",
137- keyidx, MAC2STR(igtk->pn));
138- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
139- igtk->igtk, len);
140- if (keyidx > 4095) {
141- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
142- "WPA: Invalid IGTK KeyID %d", keyidx);
143- return -1;
144- }
145- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
146- broadcast_ether_addr,
147- keyidx, 0, igtk->pn, sizeof(igtk->pn),
148- igtk->igtk, len) < 0) {
149- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
150- "WPA: Failed to configure IGTK to the driver");
151+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
152 return -1;
153- }
154 }
155
156 return 0;
157@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
158 */
159 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
160 {
161- int clear_ptk = 1;
162+ int clear_keys = 1;
163
164 if (sm == NULL)
165 return;
166@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
167 /* Prepare for the next transition */
168 wpa_ft_prepare_auth_request(sm, NULL);
169
170- clear_ptk = 0;
171+ clear_keys = 0;
172 }
173 #endif /* CONFIG_IEEE80211R */
174
175- if (clear_ptk) {
176+ if (clear_keys) {
177 /*
178 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
179 * this is not part of a Fast BSS Transition.
180@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
181 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
182 sm->tptk_set = 0;
183 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
184+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
185+#ifdef CONFIG_IEEE80211W
186+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
187+#endif /* CONFIG_IEEE80211W */
188 }
189
190 #ifdef CONFIG_TDLS
191@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
192 os_memset(sm->pmk, 0, sizeof(sm->pmk));
193 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
194 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
195+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
196+#ifdef CONFIG_IEEE80211W
197+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
198+#endif /* CONFIG_IEEE80211W */
199 #ifdef CONFIG_IEEE80211R
200 os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
201 os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
202@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
203 os_memset(&gd, 0, sizeof(gd));
204 #ifdef CONFIG_IEEE80211W
205 } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
206- struct wpa_igtk_kde igd;
207- u16 keyidx;
208-
209- os_memset(&igd, 0, sizeof(igd));
210- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
211- os_memcpy(igd.keyid, buf + 2, 2);
212- os_memcpy(igd.pn, buf + 4, 6);
213-
214- keyidx = WPA_GET_LE16(igd.keyid);
215- os_memcpy(igd.igtk, buf + 10, keylen);
216-
217- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
218- igd.igtk, keylen);
219- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
220- broadcast_ether_addr,
221- keyidx, 0, igd.pn, sizeof(igd.pn),
222- igd.igtk, keylen) < 0) {
223- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
224- "WNM mode");
225- os_memset(&igd, 0, sizeof(igd));
226+ const struct wpa_igtk_kde *igtk;
227+
228+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
229+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
230 return -1;
231- }
232- os_memset(&igd, 0, sizeof(igd));
233 #endif /* CONFIG_IEEE80211W */
234 } else {
235 wpa_printf(MSG_DEBUG, "Unknown element id");
236diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
237index f653ba6..afc9e37 100644
238--- a/src/rsn_supp/wpa_i.h
239+++ b/src/rsn_supp/wpa_i.h
240@@ -31,6 +31,10 @@ struct wpa_sm {
241 u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
242 int rx_replay_counter_set;
243 u8 request_counter[WPA_REPLAY_COUNTER_LEN];
244+ struct wpa_gtk gtk;
245+#ifdef CONFIG_IEEE80211W
246+ struct wpa_igtk igtk;
247+#endif /* CONFIG_IEEE80211W */
248
249 struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
250
251--
2521.8.3.1
253
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
deleted file mode 100644
index e39bbf63d5..0000000000
--- a/meta-oe/recipes-connectivity/hostapd/hostapd/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+++ /dev/null
@@ -1,187 +0,0 @@
1From a6caab8060ab60876e233306f5c586451169eba1 Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <j@w1.fi>
3Date: Sun, 1 Oct 2017 12:12:24 +0300
4Subject: [PATCH 3/7] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
5 Mode cases
6
7This extends the protection to track last configured GTK/IGTK value
8separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
9corner case where these two different mechanisms may get used when the
10GTK/IGTK has changed and tracking a single value is not sufficient to
11detect a possible key reconfiguration.
12
13Signed-off-by: Jouni Malinen <j@w1.fi>
14
15Upstream-Status: Backport
16Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
17---
18 src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
19 src/rsn_supp/wpa_i.h | 2 ++
20 2 files changed, 40 insertions(+), 15 deletions(-)
21
22diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
23index 95bd7be..7a2c68d 100644
24--- a/src/rsn_supp/wpa.c
25+++ b/src/rsn_supp/wpa.c
26@@ -709,14 +709,17 @@ struct wpa_gtk_data {
27
28 static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
29 const struct wpa_gtk_data *gd,
30- const u8 *key_rsc)
31+ const u8 *key_rsc, int wnm_sleep)
32 {
33 const u8 *_gtk = gd->gtk;
34 u8 gtk_buf[32];
35
36 /* Detect possible key reinstallation */
37- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
38- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
39+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
40+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
41+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
42+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
43+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
44 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
45 "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
46 gd->keyidx, gd->tx, gd->gtk_len);
47@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
48 }
49 os_memset(gtk_buf, 0, sizeof(gtk_buf));
50
51- sm->gtk.gtk_len = gd->gtk_len;
52- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
53+ if (wnm_sleep) {
54+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
55+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
56+ sm->gtk_wnm_sleep.gtk_len);
57+ } else {
58+ sm->gtk.gtk_len = gd->gtk_len;
59+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
60+ }
61
62 return 0;
63 }
64@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
65 (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
66 gtk_len, gtk_len,
67 &gd.key_rsc_len, &gd.alg) ||
68- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
69+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
70 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
71 "RSN: Failed to install GTK");
72 os_memset(&gd, 0, sizeof(gd));
73@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
74
75 #ifdef CONFIG_IEEE80211W
76 static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
77- const struct wpa_igtk_kde *igtk)
78+ const struct wpa_igtk_kde *igtk,
79+ int wnm_sleep)
80 {
81 size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
82 u16 keyidx = WPA_GET_LE16(igtk->keyid);
83
84 /* Detect possible key reinstallation */
85- if (sm->igtk.igtk_len == len &&
86- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
87+ if ((sm->igtk.igtk_len == len &&
88+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
89+ (sm->igtk_wnm_sleep.igtk_len == len &&
90+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
91+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
92 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
93 "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
94 keyidx);
95@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
96 return -1;
97 }
98
99- sm->igtk.igtk_len = len;
100- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
101+ if (wnm_sleep) {
102+ sm->igtk_wnm_sleep.igtk_len = len;
103+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
104+ sm->igtk_wnm_sleep.igtk_len);
105+ } else {
106+ sm->igtk.igtk_len = len;
107+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
108+ }
109
110 return 0;
111 }
112@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
113 return -1;
114
115 igtk = (const struct wpa_igtk_kde *) ie->igtk;
116- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
117+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
118 return -1;
119 }
120
121@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
122 if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
123 key_rsc = null_rsc;
124
125- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
126+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
127 wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
128 goto failed;
129 os_memset(&gd, 0, sizeof(gd));
130@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
131 sm->tptk_set = 0;
132 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
133 os_memset(&sm->gtk, 0, sizeof(sm->gtk));
134+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
135 #ifdef CONFIG_IEEE80211W
136 os_memset(&sm->igtk, 0, sizeof(sm->igtk));
137+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
138 #endif /* CONFIG_IEEE80211W */
139 }
140
141@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
142 os_memset(&sm->ptk, 0, sizeof(sm->ptk));
143 os_memset(&sm->tptk, 0, sizeof(sm->tptk));
144 os_memset(&sm->gtk, 0, sizeof(sm->gtk));
145+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
146 #ifdef CONFIG_IEEE80211W
147 os_memset(&sm->igtk, 0, sizeof(sm->igtk));
148+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
149 #endif /* CONFIG_IEEE80211W */
150 #ifdef CONFIG_IEEE80211R
151 os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
152@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
153
154 wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
155 gd.gtk, gd.gtk_len);
156- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
157+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
158 os_memset(&gd, 0, sizeof(gd));
159 wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
160 "WNM mode");
161@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
162 const struct wpa_igtk_kde *igtk;
163
164 igtk = (const struct wpa_igtk_kde *) (buf + 2);
165- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
166+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
167 return -1;
168 #endif /* CONFIG_IEEE80211W */
169 } else {
170diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
171index afc9e37..9a54631 100644
172--- a/src/rsn_supp/wpa_i.h
173+++ b/src/rsn_supp/wpa_i.h
174@@ -32,8 +32,10 @@ struct wpa_sm {
175 int rx_replay_counter_set;
176 u8 request_counter[WPA_REPLAY_COUNTER_LEN];
177 struct wpa_gtk gtk;
178+ struct wpa_gtk gtk_wnm_sleep;
179 #ifdef CONFIG_IEEE80211W
180 struct wpa_igtk igtk;
181+ struct wpa_igtk igtk_wnm_sleep;
182 #endif /* CONFIG_IEEE80211W */
183
184 struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
185--
1861.8.3.1
187
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/0004-Prevent-installation-of-an-all-zero-TK.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/0004-Prevent-installation-of-an-all-zero-TK.patch
deleted file mode 100644
index 510362510e..0000000000
--- a/meta-oe/recipes-connectivity/hostapd/hostapd/0004-Prevent-installation-of-an-all-zero-TK.patch
+++ /dev/null
@@ -1,82 +0,0 @@
1From abf941647f2dc33b0b59612f525e1b292331cc9f Mon Sep 17 00:00:00 2001
2From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
3Date: Fri, 29 Sep 2017 04:22:51 +0200
4Subject: [PATCH 4/7] Prevent installation of an all-zero TK
5
6Properly track whether a PTK has already been installed to the driver
7and the TK part cleared from memory. This prevents an attacker from
8trying to trick the client into installing an all-zero TK.
9
10This fixes the earlier fix in commit
11ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
12driver in EAPOL-Key 3/4 retry case') which did not take into account
13possibility of an extra message 1/4 showing up between retries of
14message 3/4.
15
16Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
17
18Upstream-Status: Backport
19Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
20---
21 src/common/wpa_common.h | 1 +
22 src/rsn_supp/wpa.c | 5 ++---
23 src/rsn_supp/wpa_i.h | 1 -
24 3 files changed, 3 insertions(+), 4 deletions(-)
25
26diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
27index d200285..1021ccb 100644
28--- a/src/common/wpa_common.h
29+++ b/src/common/wpa_common.h
30@@ -215,6 +215,7 @@ struct wpa_ptk {
31 size_t kck_len;
32 size_t kek_len;
33 size_t tk_len;
34+ int installed; /* 1 if key has already been installed to driver */
35 };
36
37 struct wpa_gtk {
38diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
39index 7a2c68d..0550a41 100644
40--- a/src/rsn_supp/wpa.c
41+++ b/src/rsn_supp/wpa.c
42@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
43 os_memset(buf, 0, sizeof(buf));
44 }
45 sm->tptk_set = 1;
46- sm->tk_to_set = 1;
47
48 kde = sm->assoc_wpa_ie;
49 kde_len = sm->assoc_wpa_ie_len;
50@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
51 enum wpa_alg alg;
52 const u8 *key_rsc;
53
54- if (!sm->tk_to_set) {
55+ if (sm->ptk.installed) {
56 wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
57 "WPA: Do not re-install same PTK to the driver");
58 return 0;
59@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
60
61 /* TK is not needed anymore in supplicant */
62 os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
63- sm->tk_to_set = 0;
64+ sm->ptk.installed = 1;
65
66 if (sm->wpa_ptk_rekey) {
67 eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
68diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
69index 9a54631..41f371f 100644
70--- a/src/rsn_supp/wpa_i.h
71+++ b/src/rsn_supp/wpa_i.h
72@@ -24,7 +24,6 @@ struct wpa_sm {
73 struct wpa_ptk ptk, tptk;
74 int ptk_set, tptk_set;
75 unsigned int msg_3_of_4_ok:1;
76- unsigned int tk_to_set:1;
77 u8 snonce[WPA_NONCE_LEN];
78 u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
79 int renew_snonce;
80--
811.8.3.1
82
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
deleted file mode 100644
index b0e1df3140..0000000000
--- a/meta-oe/recipes-connectivity/hostapd/hostapd/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
+++ /dev/null
@@ -1,67 +0,0 @@
1From 804b9d72808cddd822e7dcec4d60f40c1aceda82 Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <j@w1.fi>
3Date: Sun, 1 Oct 2017 12:32:57 +0300
4Subject: [PATCH 5/7] Fix PTK rekeying to generate a new ANonce
5
6The Authenticator state machine path for PTK rekeying ended up bypassing
7the AUTHENTICATION2 state where a new ANonce is generated when going
8directly to the PTKSTART state since there is no need to try to
9determine the PMK again in such a case. This is far from ideal since the
10new PTK would depend on a new nonce only from the supplicant.
11
12Fix this by generating a new ANonce when moving to the PTKSTART state
13for the purpose of starting new 4-way handshake to rekey PTK.
14
15Signed-off-by: Jouni Malinen <j@w1.fi>
16
17Upstream-Status: Backport
18Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
19---
20 src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
21 1 file changed, 21 insertions(+), 3 deletions(-)
22
23diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
24index 707971d..bf10cc1 100644
25--- a/src/ap/wpa_auth.c
26+++ b/src/ap/wpa_auth.c
27@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
28 }
29
30
31+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
32+{
33+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
34+ wpa_printf(MSG_ERROR,
35+ "WPA: Failed to get random data for ANonce");
36+ sm->Disconnect = TRUE;
37+ return -1;
38+ }
39+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
40+ WPA_NONCE_LEN);
41+ sm->TimeoutCtr = 0;
42+ return 0;
43+}
44+
45+
46 SM_STATE(WPA_PTK, INITPMK)
47 {
48 u8 msk[2 * PMK_LEN];
49@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
50 SM_ENTER(WPA_PTK, AUTHENTICATION);
51 else if (sm->ReAuthenticationRequest)
52 SM_ENTER(WPA_PTK, AUTHENTICATION2);
53- else if (sm->PTKRequest)
54- SM_ENTER(WPA_PTK, PTKSTART);
55- else switch (sm->wpa_ptk_state) {
56+ else if (sm->PTKRequest) {
57+ if (wpa_auth_sm_ptk_update(sm) < 0)
58+ SM_ENTER(WPA_PTK, DISCONNECTED);
59+ else
60+ SM_ENTER(WPA_PTK, PTKSTART);
61+ } else switch (sm->wpa_ptk_state) {
62 case WPA_PTK_INITIALIZE:
63 break;
64 case WPA_PTK_DISCONNECT:
65--
661.8.3.1
67
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/0006-TDLS-Reject-TPK-TK-reconfiguration.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/0006-TDLS-Reject-TPK-TK-reconfiguration.patch
deleted file mode 100644
index 72c7d51e10..0000000000
--- a/meta-oe/recipes-connectivity/hostapd/hostapd/0006-TDLS-Reject-TPK-TK-reconfiguration.patch
+++ /dev/null
@@ -1,135 +0,0 @@
1From 7fd26db2d8147ed662db192c41d7bc15752a601d Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <j@w1.fi>
3Date: Fri, 22 Sep 2017 11:03:15 +0300
4Subject: [PATCH 6/7] TDLS: Reject TPK-TK reconfiguration
5
6Do not try to reconfigure the same TPK-TK to the driver after it has
7been successfully configured. This is an explicit check to avoid issues
8related to resetting the TX/RX packet number. There was already a check
9for this for TPK M2 (retries of that message are ignored completely), so
10that behavior does not get modified.
11
12For TPK M3, the TPK-TK could have been reconfigured, but that was
13followed by immediate teardown of the link due to an issue in updating
14the STA entry. Furthermore, for TDLS with any real security (i.e.,
15ignoring open/WEP), the TPK message exchange is protected on the AP path
16and simple replay attacks are not feasible.
17
18As an additional corner case, make sure the local nonce gets updated if
19the peer uses a very unlikely "random nonce" of all zeros.
20
21Signed-off-by: Jouni Malinen <j@w1.fi>
22
23Upstream-Status: Backport
24Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
25---
26 src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
27 1 file changed, 36 insertions(+), 2 deletions(-)
28
29diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
30index e424168..9eb9738 100644
31--- a/src/rsn_supp/tdls.c
32+++ b/src/rsn_supp/tdls.c
33@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
34 u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
35 } tpk;
36 int tpk_set;
37+ int tk_set; /* TPK-TK configured to the driver */
38 int tpk_success;
39 int tpk_in_progress;
40
41@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
42 u8 rsc[6];
43 enum wpa_alg alg;
44
45+ if (peer->tk_set) {
46+ /*
47+ * This same TPK-TK has already been configured to the driver
48+ * and this new configuration attempt (likely due to an
49+ * unexpected retransmitted frame) would result in clearing
50+ * the TX/RX sequence number which can break security, so must
51+ * not allow that to happen.
52+ */
53+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
54+ " has already been configured to the driver - do not reconfigure",
55+ MAC2STR(peer->addr));
56+ return -1;
57+ }
58+
59 os_memset(rsc, 0, 6);
60
61 switch (peer->cipher) {
62@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
63 return -1;
64 }
65
66+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
67+ MAC2STR(peer->addr));
68 if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
69 rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
70 wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
71 "driver");
72 return -1;
73 }
74+ peer->tk_set = 1;
75 return 0;
76 }
77
78@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
79 peer->cipher = 0;
80 peer->qos_info = 0;
81 peer->wmm_capable = 0;
82- peer->tpk_set = peer->tpk_success = 0;
83+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
84 peer->chan_switch_enabled = 0;
85 os_memset(&peer->tpk, 0, sizeof(peer->tpk));
86 os_memset(peer->inonce, 0, WPA_NONCE_LEN);
87@@ -1159,6 +1177,7 @@ skip_rsnie:
88 wpa_tdls_peer_free(sm, peer);
89 return -1;
90 }
91+ peer->tk_set = 0; /* A new nonce results in a new TK */
92 wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
93 peer->inonce, WPA_NONCE_LEN);
94 os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
95@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
96 }
97
98
99+static int tdls_nonce_set(const u8 *nonce)
100+{
101+ int i;
102+
103+ for (i = 0; i < WPA_NONCE_LEN; i++) {
104+ if (nonce[i])
105+ return 1;
106+ }
107+
108+ return 0;
109+}
110+
111+
112 static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
113 const u8 *buf, size_t len)
114 {
115@@ -2004,7 +2036,8 @@ skip_rsn:
116 peer->rsnie_i_len = kde.rsn_ie_len;
117 peer->cipher = cipher;
118
119- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
120+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
121+ !tdls_nonce_set(peer->inonce)) {
122 /*
123 * There is no point in updating the RNonce for every obtained
124 * TPK M1 frame (e.g., retransmission due to timeout) with the
125@@ -2020,6 +2053,7 @@ skip_rsn:
126 "TDLS: Failed to get random data for responder nonce");
127 goto error;
128 }
129+ peer->tk_set = 0; /* A new nonce results in a new TK */
130 }
131
132 #if 0
133--
1341.8.3.1
135
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/0007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/0007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
deleted file mode 100644
index d0978c7978..0000000000
--- a/meta-oe/recipes-connectivity/hostapd/hostapd/0007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+++ /dev/null
@@ -1,85 +0,0 @@
1From a42eb67c42f845faf266b0633d52e17f2a82f511 Mon Sep 17 00:00:00 2001
2From: Jouni Malinen <j@w1.fi>
3Date: Fri, 22 Sep 2017 12:06:37 +0300
4Subject: [PATCH 7/7] FT: Do not allow multiple Reassociation Response frames
5
6The driver is expected to not report a second association event without
7the station having explicitly request a new association. As such, this
8case should not be reachable. However, since reconfiguring the same
9pairwise or group keys to the driver could result in nonce reuse issues,
10be extra careful here and do an additional state check to avoid this
11even if the local driver ends up somehow accepting an unexpected
12Reassociation Response frame.
13
14Signed-off-by: Jouni Malinen <j@w1.fi>
15
16Upstream-Status: Backport
17Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
18---
19 src/rsn_supp/wpa.c | 3 +++
20 src/rsn_supp/wpa_ft.c | 8 ++++++++
21 src/rsn_supp/wpa_i.h | 1 +
22 3 files changed, 12 insertions(+)
23
24diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
25index 0550a41..2a53c6f 100644
26--- a/src/rsn_supp/wpa.c
27+++ b/src/rsn_supp/wpa.c
28@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
29 #ifdef CONFIG_TDLS
30 wpa_tdls_disassoc(sm);
31 #endif /* CONFIG_TDLS */
32+#ifdef CONFIG_IEEE80211R
33+ sm->ft_reassoc_completed = 0;
34+#endif /* CONFIG_IEEE80211R */
35
36 /* Keys are not needed in the WPA state machine anymore */
37 wpa_sm_drop_sa(sm);
38diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
39index 205793e..d45bb45 100644
40--- a/src/rsn_supp/wpa_ft.c
41+++ b/src/rsn_supp/wpa_ft.c
42@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
43 u16 capab;
44
45 sm->ft_completed = 0;
46+ sm->ft_reassoc_completed = 0;
47
48 buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
49 2 + sm->r0kh_id_len + ric_ies_len + 100;
50@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
51 return -1;
52 }
53
54+ if (sm->ft_reassoc_completed) {
55+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
56+ return 0;
57+ }
58+
59 if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
60 wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
61 return -1;
62@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
63 return -1;
64 }
65
66+ sm->ft_reassoc_completed = 1;
67+
68 if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
69 return -1;
70
71diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
72index 41f371f..56f88dc 100644
73--- a/src/rsn_supp/wpa_i.h
74+++ b/src/rsn_supp/wpa_i.h
75@@ -128,6 +128,7 @@ struct wpa_sm {
76 size_t r0kh_id_len;
77 u8 r1kh_id[FT_R1KH_ID_LEN];
78 int ft_completed;
79+ int ft_reassoc_completed;
80 int over_the_ds_in_progress;
81 u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
82 int set_ptk_after_assoc;
83--
841.8.3.1
85
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd/hostapd-CVE-2018-14526.patch b/meta-oe/recipes-connectivity/hostapd/hostapd/hostapd-CVE-2018-14526.patch
deleted file mode 100644
index 522fc394b3..0000000000
--- a/meta-oe/recipes-connectivity/hostapd/hostapd/hostapd-CVE-2018-14526.patch
+++ /dev/null
@@ -1,44 +0,0 @@
1hostapd-2.6: Fix CVE-2018-14526
2
3[No upstream tracking] -- https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
4
5wpa: Ignore unauthenticated encrypted EAPOL-Key data
6
7Ignore unauthenticated encrypted EAPOL-Key data in supplicant
8processing. When using WPA2, these are frames that have the Encrypted
9flag set, but not the MIC flag.
10
11When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
12not the MIC flag, had their data field decrypted without first verifying
13the MIC. In case the data field was encrypted using RC4 (i.e., when
14negotiating TKIP as the pairwise cipher), this meant that
15unauthenticated but decrypted data would then be processed. An adversary
16could abuse this as a decryption oracle to recover sensitive information
17in the data field of EAPOL-Key messages (e.g., the group key).
18
19Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/src/rsn_supp/wpa.c?id=3e34cfdff6b192fe337c6fb3f487f73e96582961]
20CVE: CVE-2018-14526
21Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
22
23diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
24index 3c47879..6bdf923 100644
25--- a/src/rsn_supp/wpa.c
26+++ b/src/rsn_supp/wpa.c
27@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
28
29 if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
30 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
31+ /*
32+ * Only decrypt the Key Data field if the frame's authenticity
33+ * was verified. When using AES-SIV (FILS), the MIC flag is not
34+ * set, so this check should only be performed if mic_len != 0
35+ * which is the case in this code branch.
36+ */
37+ if (!(key_info & WPA_KEY_INFO_MIC)) {
38+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
39+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
40+ goto out;
41+ }
42 if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
43 &key_data_len))
44 goto out;
diff --git a/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb b/meta-oe/recipes-connectivity/hostapd/hostapd_2.8.bb
index 42aae4279c..15884d0d09 100644
--- a/meta-oe/recipes-connectivity/hostapd/hostapd_2.6.bb
+++ b/meta-oe/recipes-connectivity/hostapd/hostapd_2.8.bb
@@ -2,7 +2,7 @@ SUMMARY = "User space daemon for extended IEEE 802.11 management"
2HOMEPAGE = "http://w1.fi/hostapd/" 2HOMEPAGE = "http://w1.fi/hostapd/"
3SECTION = "kernel/userland" 3SECTION = "kernel/userland"
4LICENSE = "BSD-3-Clause" 4LICENSE = "BSD-3-Clause"
5LIC_FILES_CHKSUM = "file://hostapd/README;md5=8aa4e8c78b59b12016c4cb2d0a8db350" 5LIC_FILES_CHKSUM = "file://hostapd/README;md5=1ec986bec88070e2a59c68c95d763f89"
6 6
7DEPENDS = "libnl openssl" 7DEPENDS = "libnl openssl"
8 8
@@ -11,18 +11,10 @@ SRC_URI = " \
11 file://defconfig \ 11 file://defconfig \
12 file://init \ 12 file://init \
13 file://hostapd.service \ 13 file://hostapd.service \
14 file://0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch \
15 file://0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch \
16 file://0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch \
17 file://0004-Prevent-installation-of-an-all-zero-TK.patch \
18 file://0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch \
19 file://0006-TDLS-Reject-TPK-TK-reconfiguration.patch \
20 file://0007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch \
21 file://hostapd-CVE-2018-14526.patch \
22" 14"
23 15
24SRC_URI[md5sum] = "eaa56dce9bd8f1d195eb62596eab34c7" 16SRC_URI[md5sum] = "ed2c254e5f400838cb9d8e7b6e43b86c"
25SRC_URI[sha256sum] = "01526b90c1d23bec4b0f052039cc4456c2fd19347b4d830d1d58a0a6aea7117d" 17SRC_URI[sha256sum] = "929f522be6eeec38c53147e7bc084df028f65f148a3f7e4fa6c4c3f955cee4b0"
26 18
27S = "${WORKDIR}/hostapd-${PV}" 19S = "${WORKDIR}/hostapd-${PV}"
28B = "${WORKDIR}/hostapd-${PV}/hostapd" 20B = "${WORKDIR}/hostapd-${PV}/hostapd"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-05-19 23:31:04 +0000