| Message ID | 20200323184228.10798-3-alexander@wetzel-home.de |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/3] AP: Fix Extended Key ID parameter check | expand |
On Mon, Mar 23, 2020 at 07:42:28PM +0100, Alexander Wetzel wrote: > We have to delete PTK keys when either BIT(0) or BIT(15) are zero and > not only when both are zero. Thanks, applied. > I think that is a regression for "normal" cases which keep keys > installed in HW we wanted to remove. (I've not tried that with tests.) This should not really have any impact with nl80211 since cfg80211 is removing the keys automatically, but yes, this could be a regression with some other driver interfaces. > By using ~wpa_s->keys_cleared we basically get "wpa_s->keys_set" and we > can then check if either PTK ID 0 or PTK ID 1 are installed. > > Maybe a sample: > 1111 1111 1111 1110 = only PTK ID 0 installed > wpa_s->keys_cleared & (BIT(0) | BIT(15)) == TRUE > !(wpa_s->keys_cleared & (BIT(0) | BIT(15)) == FALSE > > With the logic from the patch: > 0000 0000 0000 0001 = only PTK ID 0 installed after reverting the bits > ~wpa_s->keys_cleared & (BIT(0) | BIT(15)) == TRUE > > And we enter the block which will check both bits and remove the keys > when necessary. Yeah.. This looked too strange to me and I change it to something that seemed to make more sense, but did not really do what it needed to do.
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index f11bac017..a01a3e748 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -749,7 +749,7 @@ void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr) NULL, 0, KEY_FLAG_GROUP); } /* Pairwise Key ID 1 for Extended Key ID is tracked in bit 15 */ - if (!(wpa_s->keys_cleared & (BIT(0) | BIT(15))) && addr && + if (~wpa_s->keys_cleared & (BIT(0) | BIT(15)) && addr && !is_zero_ether_addr(addr)) { if (!(wpa_s->keys_cleared & BIT(0))) wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL,
We have to delete PTK keys when either BIT(0) or BIT(15) are zero and not only when both are zero. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de> --- I think that is a regression for "normal" cases which keep keys installed in HW we wanted to remove. (I've not tried that with tests.) By using ~wpa_s->keys_cleared we basically get "wpa_s->keys_set" and we can then check if either PTK ID 0 or PTK ID 1 are installed. Maybe a sample: 1111 1111 1111 1110 = only PTK ID 0 installed wpa_s->keys_cleared & (BIT(0) | BIT(15)) == TRUE !(wpa_s->keys_cleared & (BIT(0) | BIT(15)) == FALSE With the logic from the patch: 0000 0000 0000 0001 = only PTK ID 0 installed after reverting the bits ~wpa_s->keys_cleared & (BIT(0) | BIT(15)) == TRUE And we enter the block which will check both bits and remove the keys when necessary. wpa_supplicant/wpa_supplicant.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)