2
0

003-RSN-IBSS-Fix-TK-clearing-on-Authentication-frame-RX.patch 1.6 KB

12345678910111213141516171819202122232425262728293031323334353637383940
  1. From: Jouni Malinen <j@w1.fi>
  2. Date: Sat, 14 Jan 2017 13:56:18 +0200
  3. Subject: [PATCH] RSN IBSS: Fix TK clearing on Authentication frame RX
  4. When wpa_supplicant was processing a received Authentication frame (seq
  5. 1) from a peer STA for which there was already a TK configured to the
  6. driver, debug log claimed that the PTK gets cleared, but the actual
  7. call to clear the key was actually dropped due to AUTH vs. SUPP set_key
  8. selection. Fix this by explicitly clearing the TK in case it was set
  9. and an Authentication frame (seq 1) is received.
  10. This fixes some cases where EAPOL-Key frames were sent encrypted using
  11. the old key when a peer STA restarted itself and lost the key and had to
  12. re-join the IBSS. Previously, that state required timing out the 4-way
  13. handshake and Deauthentication frame exchange to recover.
  14. Signed-off-by: Jouni Malinen <j@w1.fi>
  15. ---
  16. --- a/wpa_supplicant/ibss_rsn.c
  17. +++ b/wpa_supplicant/ibss_rsn.c
  18. @@ -838,6 +838,18 @@ static void ibss_rsn_handle_auth_1_of_2(
  19. MAC2STR(addr));
  20. if (peer &&
  21. + peer->authentication_status & (IBSS_RSN_SET_PTK_SUPP |
  22. + IBSS_RSN_SET_PTK_AUTH)) {
  23. + /* Clear the TK for this pair to allow recovery from the case
  24. + * where the peer STA has restarted and lost its key while we
  25. + * still have a pairwise key configured. */
  26. + wpa_printf(MSG_DEBUG, "RSN: Clear pairwise key for peer "
  27. + MACSTR, MAC2STR(addr));
  28. + wpa_drv_set_key(ibss_rsn->wpa_s, WPA_ALG_NONE, addr, 0, 0,
  29. + NULL, 0, NULL, 0);
  30. + }
  31. +
  32. + if (peer &&
  33. peer->authentication_status & IBSS_RSN_AUTH_EAPOL_BY_PEER) {
  34. if (peer->own_auth_tx.sec) {
  35. struct os_reltime now, diff;