mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 10:18:21 -05:00
Skip network disabling on expected EAP failure
Some EAP methods can go through a step that is expected to fail and as such, should not trigger temporary network disabling when processing EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as a special case, but similar behavior is needed for EAP-FAST with unauthenticated provisioning. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
7185e16a91
commit
c60ba9f7ab
@ -179,6 +179,7 @@ SM_STATE(EAP, INITIALIZE)
|
||||
eapol_set_bool(sm, EAPOL_eapNoResp, FALSE);
|
||||
sm->num_rounds = 0;
|
||||
sm->prev_failure = 0;
|
||||
sm->expected_failure = 0;
|
||||
}
|
||||
|
||||
|
||||
@ -2417,3 +2418,9 @@ void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len)
|
||||
if (sm->eapol_cb->set_anon_id)
|
||||
sm->eapol_cb->set_anon_id(sm->eapol_ctx, id, len);
|
||||
}
|
||||
|
||||
|
||||
int eap_peer_was_failure_expected(struct eap_sm *sm)
|
||||
{
|
||||
return sm->expected_failure;
|
||||
}
|
||||
|
@ -320,6 +320,7 @@ int eap_is_wps_pin_enrollee(struct eap_peer_config *conf);
|
||||
struct ext_password_data;
|
||||
void eap_sm_set_ext_pw_ctx(struct eap_sm *sm, struct ext_password_data *ext);
|
||||
void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len);
|
||||
int eap_peer_was_failure_expected(struct eap_sm *sm);
|
||||
|
||||
#endif /* IEEE8021X_EAPOL */
|
||||
|
||||
|
@ -1055,6 +1055,7 @@ static struct wpabuf * eap_fast_process_pac(struct eap_sm *sm,
|
||||
}
|
||||
wpa_printf(MSG_DEBUG, "EAP-FAST: Send PAC-Acknowledgement TLV "
|
||||
"- Provisioning completed successfully");
|
||||
sm->expected_failure = 1;
|
||||
} else {
|
||||
/*
|
||||
* This is PAC refreshing, i.e., normal authentication that is
|
||||
@ -1252,6 +1253,7 @@ static int eap_fast_process_decrypted(struct eap_sm *sm,
|
||||
"provisioning completed successfully.");
|
||||
ret->methodState = METHOD_DONE;
|
||||
ret->decision = DECISION_FAIL;
|
||||
sm->expected_failure = 1;
|
||||
} else {
|
||||
wpa_printf(MSG_DEBUG, "EAP-FAST: Authentication "
|
||||
"completed successfully.");
|
||||
|
@ -350,6 +350,8 @@ struct eap_sm {
|
||||
struct wpabuf *ext_pw_buf;
|
||||
|
||||
int external_sim;
|
||||
|
||||
unsigned int expected_failure:1;
|
||||
};
|
||||
|
||||
const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);
|
||||
|
@ -940,9 +940,15 @@ void eapol_sm_step(struct eapol_sm *sm)
|
||||
}
|
||||
|
||||
if (sm->ctx->cb && sm->cb_status != EAPOL_CB_IN_PROGRESS) {
|
||||
int success = sm->cb_status == EAPOL_CB_SUCCESS ? 1 : 0;
|
||||
enum eapol_supp_result result;
|
||||
if (sm->cb_status == EAPOL_CB_SUCCESS)
|
||||
result = EAPOL_SUPP_RESULT_SUCCESS;
|
||||
else if (eap_peer_was_failure_expected(sm->eap))
|
||||
result = EAPOL_SUPP_RESULT_EXPECTED_FAILURE;
|
||||
else
|
||||
result = EAPOL_SUPP_RESULT_FAILURE;
|
||||
sm->cb_status = EAPOL_CB_IN_PROGRESS;
|
||||
sm->ctx->cb(sm, success, sm->ctx->cb_ctx);
|
||||
sm->ctx->cb(sm, result, sm->ctx->cb_ctx);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -63,6 +63,12 @@ struct eapol_config {
|
||||
struct eapol_sm;
|
||||
struct wpa_config_blob;
|
||||
|
||||
enum eapol_supp_result {
|
||||
EAPOL_SUPP_RESULT_FAILURE,
|
||||
EAPOL_SUPP_RESULT_SUCCESS,
|
||||
EAPOL_SUPP_RESULT_EXPECTED_FAILURE
|
||||
};
|
||||
|
||||
/**
|
||||
* struct eapol_ctx - Global (for all networks) EAPOL state machine context
|
||||
*/
|
||||
@ -83,7 +89,7 @@ struct eapol_ctx {
|
||||
/**
|
||||
* cb - Function to be called when EAPOL negotiation has been completed
|
||||
* @eapol: Pointer to EAPOL state machine data
|
||||
* @success: Whether the authentication was completed successfully
|
||||
* @result: Whether the authentication was completed successfully
|
||||
* @ctx: Pointer to context data (cb_ctx)
|
||||
*
|
||||
* This optional callback function will be called when the EAPOL
|
||||
@ -91,7 +97,8 @@ struct eapol_ctx {
|
||||
* EAPOL state machine to process the key and terminate the EAPOL state
|
||||
* machine. Currently, this is used only in RSN pre-authentication.
|
||||
*/
|
||||
void (*cb)(struct eapol_sm *eapol, int success, void *ctx);
|
||||
void (*cb)(struct eapol_sm *eapol, enum eapol_supp_result result,
|
||||
void *ctx);
|
||||
|
||||
/**
|
||||
* cb_ctx - Callback context for cb()
|
||||
|
@ -70,13 +70,14 @@ static void rsn_preauth_receive(void *ctx, const u8 *src_addr,
|
||||
}
|
||||
|
||||
|
||||
static void rsn_preauth_eapol_cb(struct eapol_sm *eapol, int success,
|
||||
static void rsn_preauth_eapol_cb(struct eapol_sm *eapol,
|
||||
enum eapol_supp_result result,
|
||||
void *ctx)
|
||||
{
|
||||
struct wpa_sm *sm = ctx;
|
||||
u8 pmk[PMK_LEN];
|
||||
|
||||
if (success) {
|
||||
if (result == EAPOL_SUPP_RESULT_SUCCESS) {
|
||||
int res, pmk_len;
|
||||
pmk_len = PMK_LEN;
|
||||
res = eapol_sm_get_key(eapol, pmk, PMK_LEN);
|
||||
@ -100,13 +101,14 @@ static void rsn_preauth_eapol_cb(struct eapol_sm *eapol, int success,
|
||||
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
|
||||
"RSN: failed to get master session key from "
|
||||
"pre-auth EAPOL state machines");
|
||||
success = 0;
|
||||
result = EAPOL_SUPP_RESULT_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "RSN: pre-authentication with "
|
||||
MACSTR " %s", MAC2STR(sm->preauth_bssid),
|
||||
success ? "completed successfully" : "failed");
|
||||
result == EAPOL_SUPP_RESULT_SUCCESS ? "completed successfully" :
|
||||
"failed");
|
||||
|
||||
rsn_preauth_deinit(sm);
|
||||
rsn_preauth_candidate_process(sm);
|
||||
|
@ -365,10 +365,11 @@ static int eapol_test_compare_pmk(struct eapol_test_data *e)
|
||||
}
|
||||
|
||||
|
||||
static void eapol_sm_cb(struct eapol_sm *eapol, int success, void *ctx)
|
||||
static void eapol_sm_cb(struct eapol_sm *eapol, enum eapol_supp_result result,
|
||||
void *ctx)
|
||||
{
|
||||
struct eapol_test_data *e = ctx;
|
||||
printf("eapol_sm_cb: success=%d\n", success);
|
||||
printf("eapol_sm_cb: result=%d\n", result);
|
||||
e->eapol_test_num_reauths--;
|
||||
if (e->eapol_test_num_reauths < 0)
|
||||
eloop_terminate();
|
||||
|
@ -2547,10 +2547,11 @@ static void wpas_event_disconnect(struct wpa_supplicant *wpa_s, const u8 *addr,
|
||||
|
||||
wpa_supplicant_event_disassoc(wpa_s, reason_code, locally_generated);
|
||||
|
||||
if (reason_code == WLAN_REASON_IEEE_802_1X_AUTH_FAILED ||
|
||||
((wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
|
||||
(wpa_s->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) &&
|
||||
eapol_sm_failed(wpa_s->eapol)))
|
||||
if (((reason_code == WLAN_REASON_IEEE_802_1X_AUTH_FAILED ||
|
||||
((wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
|
||||
(wpa_s->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) &&
|
||||
eapol_sm_failed(wpa_s->eapol))) &&
|
||||
!wpa_s->eap_expected_failure))
|
||||
wpas_auth_failed(wpa_s);
|
||||
|
||||
#ifdef CONFIG_P2P
|
||||
|
@ -1410,6 +1410,7 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
|
||||
|
||||
os_memset(¶ms, 0, sizeof(params));
|
||||
wpa_s->reassociate = 0;
|
||||
wpa_s->eap_expected_failure = 0;
|
||||
if (bss && !wpas_driver_bss_selection(wpa_s)) {
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
const u8 *ie, *md = NULL;
|
||||
|
@ -571,6 +571,7 @@ struct wpa_supplicant {
|
||||
struct os_reltime pending_eapol_rx_time;
|
||||
u8 pending_eapol_rx_src[ETH_ALEN];
|
||||
unsigned int last_eapol_matches_bssid:1;
|
||||
unsigned int eap_expected_failure:1;
|
||||
|
||||
struct ibss_rsn *ibss_rsn;
|
||||
|
||||
|
@ -216,20 +216,38 @@ static void wpa_supplicant_aborted_cached(void *ctx)
|
||||
}
|
||||
|
||||
|
||||
static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, int success,
|
||||
static const char * result_str(enum eapol_supp_result result)
|
||||
{
|
||||
switch (result) {
|
||||
case EAPOL_SUPP_RESULT_FAILURE:
|
||||
return "FAILURE";
|
||||
case EAPOL_SUPP_RESULT_SUCCESS:
|
||||
return "SUCCESS";
|
||||
case EAPOL_SUPP_RESULT_EXPECTED_FAILURE:
|
||||
return "EXPECTED_FAILURE";
|
||||
}
|
||||
return "?";
|
||||
}
|
||||
|
||||
|
||||
static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
|
||||
enum eapol_supp_result result,
|
||||
void *ctx)
|
||||
{
|
||||
struct wpa_supplicant *wpa_s = ctx;
|
||||
int res, pmk_len;
|
||||
u8 pmk[PMK_LEN];
|
||||
|
||||
wpa_printf(MSG_DEBUG, "EAPOL authentication completed %ssuccessfully",
|
||||
success ? "" : "un");
|
||||
wpa_printf(MSG_DEBUG, "EAPOL authentication completed - result=%s",
|
||||
result_str(result));
|
||||
|
||||
if (wpas_wps_eapol_cb(wpa_s) > 0)
|
||||
return;
|
||||
|
||||
if (!success) {
|
||||
wpa_s->eap_expected_failure = result ==
|
||||
EAPOL_SUPP_RESULT_EXPECTED_FAILURE;
|
||||
|
||||
if (result != EAPOL_SUPP_RESULT_SUCCESS) {
|
||||
/*
|
||||
* Make sure we do not get stuck here waiting for long EAPOL
|
||||
* timeout if the AP does not disconnect in case of
|
||||
@ -238,7 +256,8 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, int success,
|
||||
wpa_supplicant_req_auth_timeout(wpa_s, 2, 0);
|
||||
}
|
||||
|
||||
if (!success || !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
|
||||
if (result != EAPOL_SUPP_RESULT_SUCCESS ||
|
||||
!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
|
||||
return;
|
||||
|
||||
if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt))
|
||||
|
Loading…
Reference in New Issue
Block a user