GTK msg 1/2 fields possibly incorrect

Message ID	CAOq732J2sTs0fuN3wueO7wrRgXpYPUaiiwixn9AZniHQJVRzMQ@mail.gmail.com
State	Superseded
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> MIME-Version: 1.0 From: Andrew Zaborowski <balrogg@googlemail.com> Date: Tue, 31 Jan 2017 02:20:34 +0100 Message-ID: <CAOq732J2sTs0fuN3wueO7wrRgXpYPUaiiwixn9AZniHQJVRzMQ@mail.gmail.com> Subject: GTK msg 1/2 fields possibly incorrect To: hostap@lists.infradead.org summary: Content analysis details: (-1.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (balrogg[at]googlemail.com) 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Message ID

CAOq732J2sTs0fuN3wueO7wrRgXpYPUaiiwixn9AZniHQJVRzMQ@mail.gmail.com

State

Superseded

Headers

MIME-Version: 1.0
From: Andrew Zaborowski <balrogg@googlemail.com>
Date: Tue, 31 Jan 2017 02:20:34 +0100
Message-ID: <CAOq732J2sTs0fuN3wueO7wrRgXpYPUaiiwixn9AZniHQJVRzMQ@mail.gmail.com>
Subject: GTK msg 1/2 fields possibly incorrect
To: hostap@lists.infradead.org
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Commit Message

Andrew Zaborowski Jan. 31, 2017, 1:20 a.m. UTC

Hi,

i'm receiving a GTK-handshake msg 1/2 after an FT roam which our code
can't validate.  This is confirmed by hostapd code in
SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING) in src/ap/wpa_auth.c.  The
comment says hostap sends the following msg 1/2:

EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN])

I couldn't firgure out what sm->Pair is exactly but with FT it's going
to be false, unlike after an EAPOL 4-Way handshake and the install bit
will be true in effect.  Is there any reason the install bit isn't
just hardcoded to 0, as defined by 11.6.2 and illustrated by the
message sequences in 11.6.7?

Similarly it seems the nonce should just be 0 since it's neither
ANonce or SNonce, and Key Length should be hardcoded to 0 in
__wpa_send_eapol.  Patch for illustration.

Best regards

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 69e3a5d..a5eaeb0 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1409,7 +1409,6 @@  void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
        struct ieee802_1x_hdr *hdr;
        struct wpa_eapol_key *key;
        size_t len, mic_len, keyhdrlen;
-       int alg;
        int key_data_len, pad_len = 0;
        u8 *buf, *pos;
        int version, pairwise;
@@ -1481,9 +1480,9 @@  void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
                key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
        WPA_PUT_BE16(key->key_info, key_info);

-       alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
-       WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
-       if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
+       if (pairwise && !(key_info & WPA_KEY_INFO_SMK_MESSAGE))
+               WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(sm->pairwise));
+       else
                WPA_PUT_BE16(key->key_length, 0);

        /* FIX: STSL: what to use as key_replay_counter? */
@@ -3058,7 +3057,7 @@  SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
        if (sm->wpa == WPA_VERSION_WPA)
                sm->PInitAKeys = FALSE;
        sm->TimeoutEvt = FALSE;
-       /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
+       /* Send EAPOL(1, 1, 1, 0, G, RSC, 0, MIC(PTK), GTK[GN]) */
        os_memset(rsc, 0, WPA_KEY_RSC_LEN);
        if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
                wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
@@ -3097,9 +3096,8 @@  SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
        wpa_send_eapol(sm->wpa_auth, sm,
                       WPA_KEY_INFO_SECURE |
                       (wpa_mic_len(sm->wpa_key_mgmt) ? WPA_KEY_INFO_MIC : 0) |
-                      WPA_KEY_INFO_ACK |
-                      (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
-                      rsc, gsm->GNonce, kde, kde_len, gsm->GN, 1);
+                      WPA_KEY_INFO_ACK,
+                      rsc, NULL, kde, kde_len, gsm->GN, 1);

        os_free(kde_buf);
 }