Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/793941/?format=api
{ "id": 793941, "url": "http://patchwork.ozlabs.org/api/patches/793941/?format=api", "web_url": "http://patchwork.ozlabs.org/project/hostap/patch/1500953151-5022-1-git-send-email-tomoharu.hatano@sony.com/", "project": { "id": 22, "url": "http://patchwork.ozlabs.org/api/projects/22/?format=api", "name": "HostAP Development", "link_name": "hostap", "list_id": "hostap.lists.infradead.org", "list_email": "hostap@lists.infradead.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1500953151-5022-1-git-send-email-tomoharu.hatano@sony.com>", "list_archive_url": null, "date": "2017-07-25T03:25:51", "name": "Send Client-Error when AT_KDF attributes from the server are incorrect", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "670c1b12b1466dc018f30fecc240535ad97006dd", "submitter": { "id": 72046, "url": "http://patchwork.ozlabs.org/api/people/72046/?format=api", "name": "Hatano, Tomoharu (Sony Mobile)", "email": "tomoharu.hatano@sony.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/hostap/patch/1500953151-5022-1-git-send-email-tomoharu.hatano@sony.com/mbox/", "series": [], "comments": "http://patchwork.ozlabs.org/api/patches/793941/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/793941/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org", "Authentication-Results": [ "ozlabs.org; spf=none (mailfrom)\n\tsmtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133;\n\thelo=bombadil.infradead.org;\n\tenvelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n\treceiver=<UNKNOWN>)", "ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=lists.infradead.org\n\theader.i=@lists.infradead.org header.b=\"KfNJzYNM\"; \n\tdkim-atps=neutral" ], "Received": [ "from bombadil.infradead.org (bombadil.infradead.org\n\t[65.50.211.133])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xHcWV4KzNz9s7g\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu, 27 Jul 2017 00:12:38 +1000 (AEST)", "from localhost ([127.0.0.1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1daN31-0001Lf-7K; Wed, 26 Jul 2017 14:12:23 +0000", "from jptosegrel01.sonyericsson.com ([124.215.201.71])\n\tby bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))\n\tid 1dZqY0-0006YT-BC\n\tfor hostap@lists.infradead.org; Tue, 25 Jul 2017 03:30:14 +0000" ], "DKIM-Signature": "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20170209; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:To\n\t:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:\n\tResent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:\n\tList-Owner; bh=Hjtj7hCdYsMLHcfLyo+gtB1EYifbpN2OJZCYyGoAboU=;\n\tb=KfNJzYNMaGmTb6\n\t9WnDYzXumFjzyjwFpFp4pbco0HHaThX8+AjFac10D7S1tUKmqb0GO+3JbqoTELgSpKJdRu8LEIWzV\n\tTXEPO4ZMzEjzQfGSbk/USJReRcjnR4AiHaHd9cfTM64HDmND2k/jnAkIywFmo99q8e4g39yJhTaV/\n\t5cwVJLf0fqzGBtxwq4MK2ImMRmIexYseQmIxRjacE42HUlocneoE85VHuN3RESIJfolY+bPTpcKrG\n\t5JzPf5n/2DsoWdEvGf6dhwiQk/lAtxlfU0JesNfEsNm0X7i112do6T6fAq4YkcX34pRvaQEfsu6AY\n\t0ai5IRzZlilQo/xxnAWg==;", "From": "Tomoharu Hatano <tomoharu.hatano@sony.com>", "To": "<hostap@lists.infradead.org>", "Subject": "[PATCH] Send Client-Error when AT_KDF attributes from the server are\n\tincorrect", "Date": "Tue, 25 Jul 2017 12:25:51 +0900", "Message-ID": "<1500953151-5022-1-git-send-email-tomoharu.hatano@sony.com>", "X-Mailer": "git-send-email 2.7.4", "MIME-Version": "1.0", "X-CRM114-Version": "20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ", "X-CRM114-CacheID": "sfid-20170724_203012_555265_2EB96B02 ", "X-CRM114-Status": "GOOD ( 17.70 )", "X-Spam-Score": "-1.9 (-)", "X-Spam-Report": "SpamAssassin version 3.4.1 on bombadil.infradead.org summary:\n\tContent analysis details: (-1.9 points)\n\tpts rule name description\n\t---- ----------------------\n\t--------------------------------------------------\n\t0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)\n\t-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n\t[score: 0.0000]", "X-Mailman-Approved-At": "Wed, 26 Jul 2017 07:11:52 -0700", "X-BeenThere": "hostap@lists.infradead.org", "X-Mailman-Version": "2.1.21", "Precedence": "list", "List-Id": "<hostap.lists.infradead.org>", "List-Unsubscribe": "<http://lists.infradead.org/mailman/options/hostap>,\n\t<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>", "List-Archive": "<http://lists.infradead.org/pipermail/hostap/>", "List-Post": "<mailto:hostap@lists.infradead.org>", "List-Help": "<mailto:hostap-request@lists.infradead.org?subject=help>", "List-Subscribe": "<http://lists.infradead.org/mailman/listinfo/hostap>,\n\t<mailto:hostap-request@lists.infradead.org?subject=subscribe>", "Cc": "Tomoharu Hatano <tomoharu.hatano@sony.com>,\n\tAkihiro Onodera <akihiro.onodera@sony.com>, Tomonori.Nanbu@sony.com, \n\tShinji.Sogo@sony.com", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Sender": "\"Hostap\" <hostap-bounces@lists.infradead.org>", "Errors-To": "hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org" }, "content": "From: Akihiro Onodera <akihiro.onodera@sony.com>\n\nAfter KDF negotiation, must check only requested change occurred in the\nlist of AT_KDF attributes. If there are any other changes, the peer must\nbehave like the case that AT_MAC had been incorrect and authentication\nis failed. These are defined in EAP-AKA' specification RFC5448.\n\nAdds a complete check of AT_KDF attributes and sends Client-Error if a\nchange which is not requested is included in it.\n\nChange-Id: Ic8ac504a7ff01992e2632d35c243f53bdd27df74\nSigned-off-by: Tomoharu Hatano <tomoharu.hatano@sony.com>\n---\n src/eap_peer/eap_aka.c | 42 +++++++++++++++++++++++++++---------------\n 1 file changed, 27 insertions(+), 15 deletions(-)", "diff": "diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c\nindex 0bac62d..9a09184 100644\n--- a/src/eap_peer/eap_aka.c\n+++ b/src/eap_peer/eap_aka.c\n@@ -53,6 +53,8 @@ struct eap_aka_data {\n \tsize_t network_name_len;\n \tu16 kdf;\n \tint kdf_negotiation;\n+\tu16 last_kdf_attrs[EAP_AKA_PRIME_KDF_MAX];\n+\tsize_t last_kdf_count;\n };\n \n \n@@ -817,9 +819,12 @@ static struct wpabuf * eap_aka_prime_kdf_neg(struct eap_aka_data *data,\n \tsize_t i;\n \n \tfor (i = 0; i < attr->kdf_count; i++) {\n-\t\tif (attr->kdf[i] == EAP_AKA_PRIME_KDF)\n+\t\tif (attr->kdf[i] == EAP_AKA_PRIME_KDF) {\n+\t\t\tos_memcpy(data->last_kdf_attrs, attr->kdf, sizeof(u16) * attr->kdf_count);\n+\t\t\tdata->last_kdf_count = attr->kdf_count;\n \t\t\treturn eap_aka_prime_kdf_select(data, id,\n \t\t\t\t\t\t\tEAP_AKA_PRIME_KDF);\n+\t\t}\n \t}\n \n \t/* No matching KDF found - fail authentication as if AUTN had been\n@@ -840,26 +845,30 @@ static int eap_aka_prime_kdf_valid(struct eap_aka_data *data,\n \t * of the selected KDF into the beginning of the list. */\n \n \tif (data->kdf_negotiation) {\n+\t\t/* When the peer receives the new EAP-Request/AKA'-Challenge message, must check\n+\t\t * only requested change occurred in the list of AT_KDF attributes. If there are any\n+\t\t * other changes, the peer must behave like the case that AT_MAC had been incorrect\n+\t\t * and authentication is failed. These are defined in EAP-AKA' specification\n+\t\t * RFC5448. */\n \t\tif (attr->kdf[0] != data->kdf) {\n \t\t\twpa_printf(MSG_WARNING, \"EAP-AKA': The server did not \"\n \t\t\t\t \"accept the selected KDF\");\n-\t\t\treturn 0;\n+\t\t\treturn -1;\n \t\t}\n \n-\t\tfor (i = 1; i < attr->kdf_count; i++) {\n-\t\t\tif (attr->kdf[i] == data->kdf)\n-\t\t\t\tbreak;\n-\t\t}\n-\t\tif (i == attr->kdf_count &&\n-\t\t attr->kdf_count < EAP_AKA_PRIME_KDF_MAX) {\n-\t\t\twpa_printf(MSG_WARNING, \"EAP-AKA': The server did not \"\n-\t\t\t\t \"duplicate the selected KDF\");\n-\t\t\treturn 0;\n+\t\tif (attr->kdf_count > EAP_AKA_PRIME_KDF_MAX ||\n+\t\t attr->kdf_count != (data->last_kdf_count + 1)) {\n+\t\t\twpa_printf(MSG_WARNING, \"EAP-AKA': The length of KDF attributes is wrong\");\n+\t\t\treturn -1;\n \t\t}\n \n-\t\t/* TODO: should check that the list is identical to the one\n-\t\t * used in the previous Challenge message apart from the added\n-\t\t * entry in the beginning. */\n+\t\tfor (i = 1; i < attr->kdf_count; i++) {\n+\t\t\tif (attr->kdf[i] != data->last_kdf_attrs[i - 1]) {\n+\t\t\t\twpa_printf(MSG_WARNING, \"EAP-AKA': The KDF attributes except \"\n+\t\t\t\t\t \"selected KDF are not same as original one.\");\n+\t\t\t\treturn -1;\n+\t\t\t}\n+\t\t}\n \t}\n \n \tfor (i = data->kdf ? 1 : 0; i < attr->kdf_count; i++) {\n@@ -922,8 +931,11 @@ static struct wpabuf * eap_aka_process_challenge(struct eap_sm *sm,\n \t\t\t\t data->network_name, data->network_name_len);\n \t\t/* TODO: check Network Name per 3GPP.33.402 */\n \n-\t\tif (!eap_aka_prime_kdf_valid(data, attr))\n+\t\tres = eap_aka_prime_kdf_valid(data, attr);\n+\t\tif (res == 0)\n \t\t\treturn eap_aka_authentication_reject(data, id);\n+\t\telse if (res == -1)\n+\t\t\treturn eap_aka_client_error(data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET);\n \n \t\tif (attr->kdf[0] != EAP_AKA_PRIME_KDF)\n \t\t\treturn eap_aka_prime_kdf_neg(data, id, attr);\n", "prefixes": [] }