From patchwork Wed Jan 25 17:21:53 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Cavallari X-Patchwork-Id: 137799 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "maxx.shmoo.com", Issuer "CA Cert Signing Authority" (not verified)) by ozlabs.org (Postfix) with ESMTPS id A9B24B6F99 for ; Thu, 26 Jan 2012 04:22:54 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id A53B817C01D; Wed, 25 Jan 2012 12:22:50 -0500 (EST) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ks7bu4Ko3uxO; Wed, 25 Jan 2012 12:22:50 -0500 (EST) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 4E0559C17E; Wed, 25 Jan 2012 12:22:46 -0500 (EST) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 06FB617C02E for ; Wed, 25 Jan 2012 12:22:45 -0500 (EST) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ScTgBDVa9Rxd for ; Wed, 25 Jan 2012 12:22:39 -0500 (EST) Received: from smtp1.u-psud.fr (smtp1.u-psud.fr [129.175.33.41]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id C88379C17C for ; Wed, 25 Jan 2012 12:22:39 -0500 (EST) Received: from smtp1.u-psud.fr (localhost [127.0.0.1]) by localhost (MTA) with SMTP id A000D25540B for ; Wed, 25 Jan 2012 18:22:38 +0100 (CET) Received: from ext.lri.fr (ext.lri.fr [129.175.15.4]) by smtp1.u-psud.fr (MTA) with ESMTP id 6E31F2553B3 for ; Wed, 25 Jan 2012 18:22:38 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by ext.lri.fr (Postfix) with ESMTP id 6544B40617 for ; Wed, 25 Jan 2012 18:22:38 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at lri.fr Received: from ext.lri.fr ([127.0.0.1]) by localhost (ext.lri.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tokqVqyqlp6j for ; Wed, 25 Jan 2012 18:22:38 +0100 (CET) Received: from smtp-ng.lri.fr (smtp [129.175.3.73]) by ext.lri.fr (Postfix) with ESMTP id 4781140166 for ; Wed, 25 Jan 2012 18:22:38 +0100 (CET) Received: from lowerbit.lri.fr (lri25-36 [129.175.25.36]) by smtp-ng.lri.fr (Postfix) with ESMTP id 3931260758; Wed, 25 Jan 2012 18:22:38 +0100 (CET) From: Nicolas Cavallari To: hostap@lists.shmoo.com Subject: [PATCH] wpa_auth: Fix race in rejecting 4way handshake for entropy Date: Wed, 25 Jan 2012 18:21:53 +0100 Message-Id: <1327512113-9827-1-git-send-email-cavallar@lri.fr> X-Mailer: git-send-email 1.7.8.3 Cc: Nicolas Cavallari X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com When there is not enough entropy and they are two station associating at the same time, then one of the station will be rejected, but during that rejection, it will clear the "reject_4way_hs_for_entropy" flag, so the second one will not be rejected, so it may complete a 4 Way Handshake with a GTK that will be cleared as soon as more entropy are available and another station connects. This rework the logic to ban all 4way handshake until enough entropy is available. Signed-hostap: Nicolas Cavallari --- src/ap/wpa_auth.c | 17 +++++++++-------- 1 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index c4d77bf..34e3664 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -966,9 +966,7 @@ continue_processing: wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to " "collect more entropy for random number " "generation"); - sm->group->reject_4way_hs_for_entropy = FALSE; random_mark_pool_ready(); - sm->group->first_sta_seen = FALSE; wpa_sta_disconnect(wpa_auth, sm->addr); return; } @@ -1614,9 +1612,11 @@ SM_STATE(WPA_PTK, AUTHENTICATION) } -static void wpa_group_first_station(struct wpa_authenticator *wpa_auth, - struct wpa_group *group) +static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth, + struct wpa_group *group) { + if (group->first_sta_seen) + return; /* * System has run bit further than at the time hostapd was started * potentially very early during boot up. This provides better chances @@ -1630,7 +1630,11 @@ static void wpa_group_first_station(struct wpa_authenticator *wpa_auth, wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool " "to proceed - reject first 4-way handshake"); group->reject_4way_hs_for_entropy = TRUE; + } else { + group->first_sta_seen = TRUE; + group->reject_4way_hs_for_entropy = FALSE; } + wpa_group_init_gmk_and_counter(wpa_auth, group); wpa_gtk_update(wpa_auth, group); wpa_group_config_group_keys(wpa_auth, group); @@ -1641,10 +1645,7 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) { SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk); - if (!sm->group->first_sta_seen) { - wpa_group_first_station(sm->wpa_auth, sm->group); - sm->group->first_sta_seen = TRUE; - } + wpa_group_ensure_init(sm->wpa_auth, sm->group); os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN); wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,