From patchwork Mon Feb  6 17:39:02 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nicolas Cavallari <Nicolas.Cavallari@lri.fr>
X-Patchwork-Id: 139777
Return-Path: <hostap-bounces@lists.shmoo.com>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "maxx.shmoo.com",
	Issuer "CA Cert Signing Authority" (not verified))
	by ozlabs.org (Postfix) with ESMTPS id 5D8631007D1
	for <patchwork-incoming@ozlabs.org>;
	Tue,  7 Feb 2012 04:39:23 +1100 (EST)
Received: from localhost (localhost [127.0.0.1])
	by maxx.maxx.shmoo.com (Postfix) with ESMTP id 47F0E9C186;
	Mon,  6 Feb 2012 12:39:19 -0500 (EST)
X-Virus-Scanned: amavisd-new at maxx.shmoo.com
Received: from maxx.maxx.shmoo.com ([127.0.0.1])
	by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 7uaC4NDoZ5zz; Mon,  6 Feb 2012 12:39:19 -0500 (EST)
Received: from maxx.shmoo.com (localhost [127.0.0.1])
	by maxx.maxx.shmoo.com (Postfix) with ESMTP id 096989C188;
	Mon,  6 Feb 2012 12:39:15 -0500 (EST)
X-Original-To: mailman-post+hostap@maxx.shmoo.com
Delivered-To: mailman-post+hostap@maxx.shmoo.com
Received: from localhost (localhost [127.0.0.1])
	by maxx.maxx.shmoo.com (Postfix) with ESMTP id 042979C188
	for <mailman-post+hostap@maxx.shmoo.com>;
	Mon,  6 Feb 2012 12:39:14 -0500 (EST)
X-Virus-Scanned: amavisd-new at maxx.shmoo.com
Received: from maxx.maxx.shmoo.com ([127.0.0.1])
	by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id e07Xn3dfAsAS for <mailman-post+hostap@maxx.shmoo.com>;
	Mon,  6 Feb 2012 12:39:08 -0500 (EST)
Received: from smtp1.u-psud.fr (smtp1.u-psud.fr [129.175.33.41])
	by maxx.maxx.shmoo.com (Postfix) with ESMTP id D1EAF9C186
	for <hostap@lists.shmoo.com>; Mon,  6 Feb 2012 12:39:08 -0500 (EST)
Received: from smtp1.u-psud.fr (localhost [127.0.0.1])
	by localhost (MTA) with SMTP id E8BC925454C
	for <hostap@lists.shmoo.com>; Mon,  6 Feb 2012 18:39:07 +0100 (CET)
Received: from ext.lri.fr (ext.lri.fr [129.175.15.4])
	by smtp1.u-psud.fr (MTA) with ESMTP id CD1D7254545
	for <hostap@lists.shmoo.com>; Mon,  6 Feb 2012 18:39:07 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by ext.lri.fr (Postfix) with ESMTP id C513B408BE
	for <hostap@lists.shmoo.com>; Mon,  6 Feb 2012 18:39:07 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at lri.fr
Received: from ext.lri.fr ([127.0.0.1])
	by localhost (ext.lri.fr [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id z7kGNhkT6SWw for <hostap@lists.shmoo.com>;
	Mon,  6 Feb 2012 18:39:07 +0100 (CET)
Received: from smtp-ng.lri.fr (smtp [129.175.3.73])
	by ext.lri.fr (Postfix) with ESMTP id A451140619
	for <hostap@lists.shmoo.com>; Mon,  6 Feb 2012 18:39:07 +0100 (CET)
Received: from lowerbit.lri.fr (lri25-36 [129.175.25.36])
	by smtp-ng.lri.fr (Postfix) with ESMTP id 9F30260CCC;
	Mon,  6 Feb 2012 18:39:07 +0100 (CET)
From: Nicolas Cavallari <Nicolas.Cavallari@lri.fr>
To: hostap@lists.shmoo.com
Subject: [PATCH] rsn_supp: Don't encrypt EAPOL-Key 4/4.
Date: Mon,  6 Feb 2012 18:39:02 +0100
Message-Id: <1328549942-10112-1-git-send-email-cavallar@lri.fr>
X-Mailer: git-send-email 1.7.9
X-BeenThere: hostap@lists.shmoo.com
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HostAP Project <hostap.lists.shmoo.com>
List-Unsubscribe: <http://lists.shmoo.com/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.shmoo.com?subject=unsubscribe>
List-Archive: <http://lists.shmoo.com/pipermail/hostap>
List-Post: <mailto:hostap@lists.shmoo.com>
List-Help: <mailto:hostap-request@lists.shmoo.com?subject=help>
List-Subscribe: <http://lists.shmoo.com/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.shmoo.com?subject=subscribe>
MIME-Version: 1.0
Sender: hostap-bounces@lists.shmoo.com
Errors-To: hostap-bounces@lists.shmoo.com

When the 4/4 pairwise handshake is lost, the authenticator
will retry 3/4 and we would resent 4/4, but encrypted.

802.11 spec implies that EAPOL 4/4 should not be encrypted, but
because setprotection is not implemented by any (non-testing) driver,
clear the key before sending EAPOL-Key 4/4 and reset the key
just after.

Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
---
This is just a proposed solution to a problem that i'm having.  I don't
think it is the best nor it does not break something else, so i'm asking
what would be the right approach here.  I was also thinking about
reusing hostapd's eapol_send.

I'm currently experimenting with a IBSS RSN network of 4 station, but
while testing, there are always two or more handshakes that fails,
because of a lost EAPOL-Key 4/4 frame.  In IBSS mode, the two station
will not retry association, so the network will not recover and will
eventually split.

Also, between the time where 3/4 was received by the supplicant and 4/4
was received by the authenticator, the opposite four way handshake is
stalled for the same reason.

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 225489e..b24cc53 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1141,6 +1141,9 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
 		break;
 	}
 
+	// Reset the PTK just before sending, so we don't sent 4/4 encrypted.
+	wpa_sm_set_key(sm, WPA_ALG_NONE, sm->bssid, 0, 0, NULL, 0, NULL, 0);
+
 	if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
 				       NULL, 0, &sm->ptk)) {
 		goto failed;