mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
FT: Do not add PMKID to the driver for FT-EAP if caching is disabled
wpa_supplicant disables PMKSA caching with FT-EAP by default due to known interoperability issues with APs. This is allowed only if the network profile is explicitly enabling caching with ft_eap_pmksa_caching=1. However, the PMKID for such PMKSA cache entries was still being configured to the driver and it was possible for the driver to build an RSNE with the PMKID for SME-in-driver cases. This could result in hitting the interop issue with some APs. Fix this by skipping PMKID configuration to the driver fot FT-EAP AKM if ft_eap_pmksa_caching=1 is not used in the network profile so that the driver and wpa_supplicant behavior are in sync for this. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
5cf91afeeb
commit
215b4d8a72
@ -269,7 +269,8 @@ pmksa_cache_add_entry(struct rsn_pmksa_cache *pmksa,
|
||||
entry->fils_cache_id_set ? entry->fils_cache_id : NULL,
|
||||
entry->pmk, entry->pmk_len,
|
||||
pmksa->sm->dot11RSNAConfigPMKLifetime,
|
||||
pmksa->sm->dot11RSNAConfigPMKReauthThreshold);
|
||||
pmksa->sm->dot11RSNAConfigPMKReauthThreshold,
|
||||
entry->akmp);
|
||||
|
||||
return entry;
|
||||
}
|
||||
|
@ -349,7 +349,8 @@ void rsn_preauth_candidate_process(struct wpa_sm *sm)
|
||||
* PMKIDs again, so report the existing data now. */
|
||||
if (p) {
|
||||
wpa_sm_add_pmkid(sm, NULL, candidate->bssid, p->pmkid,
|
||||
NULL, p->pmk, p->pmk_len, 0, 0);
|
||||
NULL, p->pmk, p->pmk_len, 0, 0,
|
||||
p->akmp);
|
||||
}
|
||||
|
||||
dl_list_del(&candidate->list);
|
||||
|
@ -43,7 +43,7 @@ struct wpa_sm_ctx {
|
||||
int (*add_pmkid)(void *ctx, void *network_ctx, const u8 *bssid,
|
||||
const u8 *pmkid, const u8 *fils_cache_id,
|
||||
const u8 *pmk, size_t pmk_len, u32 pmk_lifetime,
|
||||
u8 pmk_reauth_threshold);
|
||||
u8 pmk_reauth_threshold, int akmp);
|
||||
int (*remove_pmkid)(void *ctx, void *network_ctx, const u8 *bssid,
|
||||
const u8 *pmkid, const u8 *fils_cache_id);
|
||||
void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob);
|
||||
|
@ -268,12 +268,12 @@ static inline int wpa_sm_add_pmkid(struct wpa_sm *sm, void *network_ctx,
|
||||
const u8 *bssid, const u8 *pmkid,
|
||||
const u8 *cache_id, const u8 *pmk,
|
||||
size_t pmk_len, u32 pmk_lifetime,
|
||||
u8 pmk_reauth_threshold)
|
||||
u8 pmk_reauth_threshold, int akmp)
|
||||
{
|
||||
WPA_ASSERT(sm->ctx->add_pmkid);
|
||||
return sm->ctx->add_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid,
|
||||
cache_id, pmk, pmk_len, pmk_lifetime,
|
||||
pmk_reauth_threshold);
|
||||
pmk_reauth_threshold, akmp);
|
||||
}
|
||||
|
||||
static inline int wpa_sm_remove_pmkid(struct wpa_sm *sm, void *network_ctx,
|
||||
|
@ -154,7 +154,8 @@ static int wpa_supplicant_add_pmkid(void *wpa_s, void *network_ctx,
|
||||
const u8 *bssid, const u8 *pmkid,
|
||||
const u8 *fils_cache_id,
|
||||
const u8 *pmk, size_t pmk_len,
|
||||
u32 pmk_lifetime, u8 pmk_reauth_threshold)
|
||||
u32 pmk_lifetime, u8 pmk_reauth_threshold,
|
||||
int akmp)
|
||||
{
|
||||
printf("%s - not implemented\n", __func__);
|
||||
return -1;
|
||||
|
@ -575,7 +575,8 @@ static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx,
|
||||
const u8 *bssid, const u8 *pmkid,
|
||||
const u8 *fils_cache_id,
|
||||
const u8 *pmk, size_t pmk_len,
|
||||
u32 pmk_lifetime, u8 pmk_reauth_threshold)
|
||||
u32 pmk_lifetime, u8 pmk_reauth_threshold,
|
||||
int akmp)
|
||||
{
|
||||
struct wpa_supplicant *wpa_s = _wpa_s;
|
||||
struct wpa_ssid *ssid;
|
||||
@ -583,9 +584,22 @@ static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx,
|
||||
|
||||
os_memset(¶ms, 0, sizeof(params));
|
||||
ssid = wpas_get_network_ctx(wpa_s, network_ctx);
|
||||
if (ssid)
|
||||
if (ssid) {
|
||||
wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_ADDED MACSTR " %d",
|
||||
MAC2STR(bssid), ssid->id);
|
||||
if ((akmp == WPA_KEY_MGMT_FT_IEEE8021X ||
|
||||
akmp == WPA_KEY_MGMT_FT_IEEE8021X_SHA384) &&
|
||||
!ssid->ft_eap_pmksa_caching) {
|
||||
/* Since we will not be using PMKSA caching for FT-EAP
|
||||
* within wpa_supplicant to avoid known interop issues
|
||||
* with APs, do not add this PMKID to the driver either
|
||||
* so that we won't be hitting those interop issues
|
||||
* with driver-based RSNE generation. */
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"FT: Do not add PMKID entry to the driver since FT-EAP PMKSA caching is not enabled in configuration");
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if (ssid && fils_cache_id) {
|
||||
params.ssid = ssid->ssid;
|
||||
params.ssid_len = ssid->ssid_len;
|
||||
|
Loading…
Reference in New Issue
Block a user