diff options
author | Sunil Ravi <sunilravi@google.com> | 2019-04-12 19:26:13 +0000 |
---|---|---|
committer | Sunil Ravi <sunilravi@google.com> | 2019-04-12 19:35:40 +0000 |
commit | 966366044e9cd47c3b574c6eb69d2c11c79171c1 (patch) | |
tree | ba84f2d21f5a6c740dea67fc81e96c4ef30deb99 | |
parent | b740edeae2b531e61c930127d8e85a021fd50082 (diff) | |
download | qcacld-966366044e9cd47c3b574c6eb69d2c11c79171c1.tar.gz |
Revert "Revert "qcacld-3.0: Clear PTK, GTK and IGTK keys on sta disconnection""
This reverts commit b740edeae2b531e61c930127d8e85a021fd50082.
Reason for revert: June MPR security changes are in. Got approval to check-in this NIAP changes.
Change-Id: I635d65bdc15f8a1ad68ace51fd0b9c76a7e93cb0
Signed-off-by: Sunil Ravi <sunilravi@google.com>
-rw-r--r-- | core/hdd/src/wlan_hdd_assoc.c | 7 | ||||
-rw-r--r-- | core/hdd/src/wlan_hdd_cfg80211.c | 9 | ||||
-rw-r--r-- | core/hdd/src/wlan_hdd_wext.c | 5 | ||||
-rw-r--r-- | core/mac/src/pe/lim/lim_process_mlm_req_messages.c | 7 | ||||
-rw-r--r-- | core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c | 5 | ||||
-rw-r--r-- | core/mac/src/pe/lim/lim_process_sme_req_messages.c | 6 | ||||
-rw-r--r-- | core/mac/src/pe/lim/lim_security_utils.c | 2 | ||||
-rw-r--r-- | core/mac/src/pe/lim/lim_session.c | 5 | ||||
-rw-r--r-- | core/sme/inc/sme_ft_api.h | 11 | ||||
-rw-r--r-- | core/sme/src/common/sme_ft_api.c | 20 | ||||
-rw-r--r-- | core/sme/src/csr/csr_api_roam.c | 19 | ||||
-rw-r--r-- | core/wma/src/wma_dev_if.c | 25 |
12 files changed, 112 insertions, 9 deletions
diff --git a/core/hdd/src/wlan_hdd_assoc.c b/core/hdd/src/wlan_hdd_assoc.c index 6f4f35b15e..a739fcee98 100644 --- a/core/hdd/src/wlan_hdd_assoc.c +++ b/core/hdd/src/wlan_hdd_assoc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -883,6 +883,8 @@ static void hdd_save_bss_info(hdd_adapter_t *adapter, } else { hdd_sta_ctx->conn_info.conn_flag.vht_op_present = false; } + qdf_mem_zero(&hdd_sta_ctx->ibss_enc_key, + sizeof(hdd_sta_ctx->ibss_enc_key)); } /** @@ -1688,6 +1690,7 @@ static QDF_STATUS hdd_dis_connect_handler(hdd_adapter_t *pAdapter, hdd_wmm_adapter_clear(pAdapter); sme_ft_reset(WLAN_HDD_GET_HAL_CTX(pAdapter), pAdapter->sessionId); + sme_reset_key(WLAN_HDD_GET_HAL_CTX(pAdapter), pAdapter->sessionId); if (hdd_remove_beacon_filter(pAdapter) != 0) hdd_err("hdd_remove_beacon_filter() failed"); @@ -3164,6 +3167,8 @@ static QDF_STATUS hdd_association_completion_handler(hdd_adapter_t *pAdapter, timeout_reason); } hdd_clear_roam_profile_ie(pAdapter); + sme_reset_key(WLAN_HDD_GET_HAL_CTX(pAdapter), + pAdapter->sessionId); } else if ((eCSR_ROAM_CANCELLED == roamStatus && !hddDisconInProgress)) { hdd_connect_result(dev, diff --git a/core/hdd/src/wlan_hdd_cfg80211.c b/core/hdd/src/wlan_hdd_cfg80211.c index 0788917994..b65af3eef3 100644 --- a/core/hdd/src/wlan_hdd_cfg80211.c +++ b/core/hdd/src/wlan_hdd_cfg80211.c @@ -15344,6 +15344,7 @@ static int __wlan_hdd_cfg80211_add_key(struct wiphy *wiphy, default: hdd_err("Unsupported cipher type: %u", params->cipher); + qdf_mem_zero(&setKey, sizeof(tCsrRoamSetKey)); return -EOPNOTSUPP; } @@ -15364,6 +15365,7 @@ static int __wlan_hdd_cfg80211_add_key(struct wiphy *wiphy, /* if a key is already installed, block all subsequent ones */ if (pAdapter->sessionCtx.station.ibss_enc_key_installed) { hdd_debug("IBSS key installed already"); + qdf_mem_zero(&setKey, sizeof(tCsrRoamSetKey)); return 0; } @@ -15374,6 +15376,7 @@ static int __wlan_hdd_cfg80211_add_key(struct wiphy *wiphy, if (0 != status) { hdd_err("sme_roam_set_key failed, status: %d", status); + qdf_mem_zero(&setKey, sizeof(tCsrRoamSetKey)); return -EINVAL; } /*Save the keys here and call sme_roam_set_key for setting @@ -15382,6 +15385,7 @@ static int __wlan_hdd_cfg80211_add_key(struct wiphy *wiphy, &setKey, sizeof(tCsrRoamSetKey)); pAdapter->sessionCtx.station.ibss_enc_key_installed = 1; + qdf_mem_zero(&setKey, sizeof(tCsrRoamSetKey)); return status; } if ((pAdapter->device_mode == QDF_SAP_MODE) || @@ -15444,9 +15448,11 @@ static int __wlan_hdd_cfg80211_add_key(struct wiphy *wiphy, pAdapter->sessionId, &setKey); if (qdf_ret_status == QDF_STATUS_FT_PREAUTH_KEY_SUCCESS) { hdd_debug("Update PreAuth Key success"); + qdf_mem_zero(&setKey, sizeof(tCsrRoamSetKey)); return 0; } else if (qdf_ret_status == QDF_STATUS_FT_PREAUTH_KEY_FAILED) { hdd_err("Update PreAuth Key failed"); + qdf_mem_zero(&setKey, sizeof(tCsrRoamSetKey)); return -EINVAL; } @@ -15458,6 +15464,7 @@ static int __wlan_hdd_cfg80211_add_key(struct wiphy *wiphy, hdd_err("sme_roam_set_key failed, status: %d", status); pHddStaCtx->roam_info.roamingState = HDD_ROAM_STATE_NONE; + qdf_mem_zero(&setKey, sizeof(tCsrRoamSetKey)); return -EINVAL; } @@ -15491,10 +15498,12 @@ static int __wlan_hdd_cfg80211_add_key(struct wiphy *wiphy, hdd_err("sme_roam_set_key failed for group key (IBSS), returned %d", status); pHddStaCtx->roam_info.roamingState = HDD_ROAM_STATE_NONE; + qdf_mem_zero(&setKey, sizeof(tCsrRoamSetKey)); return -EINVAL; } } } + qdf_mem_zero(&setKey, sizeof(tCsrRoamSetKey)); EXIT(); return 0; } diff --git a/core/hdd/src/wlan_hdd_wext.c b/core/hdd/src/wlan_hdd_wext.c index 98aef5d2e7..f134b0ef64 100644 --- a/core/hdd/src/wlan_hdd_wext.c +++ b/core/hdd/src/wlan_hdd_wext.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2011-2019 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -4050,6 +4050,9 @@ void hdd_clear_roam_profile_ie(hdd_adapter_t *pAdapter) qdf_mem_zero(pWextState->roamProfile.Keys.KeyLength, CSR_MAX_NUM_KEY); + qdf_mem_zero(pWextState->roamProfile.Keys.KeyMaterial, + sizeof(pWextState->roamProfile.Keys.KeyMaterial)); + #ifdef FEATURE_WLAN_WAPI pAdapter->wapi_info.wapiAuthMode = WAPI_AUTH_MODE_OPEN; pAdapter->wapi_info.nWapiMode = 0; diff --git a/core/mac/src/pe/lim/lim_process_mlm_req_messages.c b/core/mac/src/pe/lim/lim_process_mlm_req_messages.c index 4cfb0c3b53..f5c01c8583 100644 --- a/core/mac/src/pe/lim/lim_process_mlm_req_messages.c +++ b/core/mac/src/pe/lim/lim_process_mlm_req_messages.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2011-2019 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -1947,6 +1947,7 @@ lim_process_mlm_set_keys_req(tpAniSirGlobal mac_ctx, uint32_t *msg_buf) mlm_set_keys_req->sessionId); if (NULL == session) { pe_err("session does not exist for given sessionId"); + qdf_mem_zero(mlm_set_keys_req, sizeof(tLimMlmSetKeysReq)); qdf_mem_free(mlm_set_keys_req); mac_ctx->lim.gpLimMlmSetKeysReq = NULL; return; @@ -2082,6 +2083,8 @@ lim_process_mlm_set_keys_req(tpAniSirGlobal mac_ctx, uint32_t *msg_buf) session->peSessionId); /* Package WMA_SET_BSSKEY_REQ message parameters */ lim_send_set_bss_key_req(mac_ctx, mlm_set_keys_req, session); + + qdf_mem_zero(mlm_set_keys_req, sizeof(tLimMlmSetKeysReq)); return; } else { /* @@ -2091,11 +2094,13 @@ lim_process_mlm_set_keys_req(tpAniSirGlobal mac_ctx, uint32_t *msg_buf) lim_send_set_sta_key_req(mac_ctx, mlm_set_keys_req, sta_idx, (uint8_t) default_key_id, session, true); + qdf_mem_zero(mlm_set_keys_req, sizeof(tLimMlmSetKeysReq)); return; } end: mlm_set_keys_cnf.sessionId = mlm_set_keys_req->sessionId; lim_post_sme_set_keys_cnf(mac_ctx, mlm_set_keys_req, &mlm_set_keys_cnf); + qdf_mem_zero(mlm_set_keys_req, sizeof(tLimMlmSetKeysReq)); } /** diff --git a/core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c b/core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c index e17e4d90e3..36c3fd9c24 100644 --- a/core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c +++ b/core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -2721,6 +2721,7 @@ void lim_process_mlm_set_sta_key_rsp(tpAniSirGlobal mac_ctx, session_entry = pe_find_session_by_session_id(mac_ctx, session_id); if (session_entry == NULL) { pe_err("session does not exist for given session_id"); + qdf_mem_zero(msg->bodyptr, sizeof(tSetBssKeyParams)); qdf_mem_free(msg->bodyptr); msg->bodyptr = NULL; lim_send_sme_set_context_rsp(mac_ctx, @@ -2746,6 +2747,7 @@ void lim_process_mlm_set_sta_key_rsp(tpAniSirGlobal mac_ctx, else mlm_set_key_cnf.key_len_nonzero = false; + qdf_mem_zero(msg->bodyptr, sizeof(tSetBssKeyParams)); qdf_mem_free(msg->bodyptr); msg->bodyptr = NULL; @@ -2843,6 +2845,7 @@ void lim_process_mlm_set_bss_key_rsp(tpAniSirGlobal mac_ctx, set_key_cnf.resultCode = result_status; } + qdf_mem_zero(msg->bodyptr, sizeof(tSetBssKeyParams)); qdf_mem_free(msg->bodyptr); msg->bodyptr = NULL; /* Restore MLME state */ diff --git a/core/mac/src/pe/lim/lim_process_sme_req_messages.c b/core/mac/src/pe/lim/lim_process_sme_req_messages.c index 79aaa3bad0..69cb2a03c1 100644 --- a/core/mac/src/pe/lim/lim_process_sme_req_messages.c +++ b/core/mac/src/pe/lim/lim_process_sme_req_messages.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -2931,6 +2931,9 @@ __lim_process_sme_set_context_req(tpAniSirGlobal mac_ctx, uint32_t *msg_buf) } qdf_mem_copy(set_context_req, msg_buf, sizeof(struct sSirSmeSetContextReq)); + + qdf_mem_zero(msg_buf, sizeof(tSirSmeSetContextReq)); + sme_session_id = set_context_req->sessionId; sme_transaction_id = set_context_req->transactionId; @@ -3038,6 +3041,7 @@ __lim_process_sme_set_context_req(tpAniSirGlobal mac_ctx, uint32_t *msg_buf) sme_transaction_id); } end: + qdf_mem_zero(set_context_req, sizeof(tSirSmeSetContextReq)); qdf_mem_free(set_context_req); return; } diff --git a/core/mac/src/pe/lim/lim_security_utils.c b/core/mac/src/pe/lim/lim_security_utils.c index ccf02014e6..51b6adf3c5 100644 --- a/core/mac/src/pe/lim/lim_security_utils.c +++ b/core/mac/src/pe/lim/lim_security_utils.c @@ -752,6 +752,7 @@ void lim_post_sme_set_keys_cnf(tpAniSirGlobal pMac, &pMlmSetKeysReq->peer_macaddr); /* Free up buffer allocated for mlmSetKeysReq */ + qdf_mem_zero(pMlmSetKeysReq, sizeof(tLimMlmSetKeysReq)); qdf_mem_free(pMlmSetKeysReq); pMac->lim.gpLimMlmSetKeysReq = NULL; @@ -1028,6 +1029,7 @@ void lim_send_set_sta_key_req(tpAniSirGlobal pMac, return; /* Continue after WMA_SET_STAKEY_RSP... */ free_sta_key: + qdf_mem_zero(pSetStaKeyParams, sizeof(tSetStaKeyParams)); qdf_mem_free(pSetStaKeyParams); fail: /* Respond to SME with LIM_MLM_SETKEYS_CNF */ diff --git a/core/mac/src/pe/lim/lim_session.c b/core/mac/src/pe/lim/lim_session.c index 70865f2fa5..97748c81bb 100644 --- a/core/mac/src/pe/lim/lim_session.c +++ b/core/mac/src/pe/lim/lim_session.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2011-2019 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -839,6 +839,9 @@ void pe_delete_session(tpAniSirGlobal mac_ctx, tpPESession session) pe_delete_fils_info(session); session->valid = false; + qdf_mem_zero(session->WEPKeyMaterial, + sizeof(session->WEPKeyMaterial)); + if (session->access_policy_vendor_ie) qdf_mem_free(session->access_policy_vendor_ie); diff --git a/core/sme/inc/sme_ft_api.h b/core/sme/inc/sme_ft_api.h index 3b0ff3aaf1..09ba3357a7 100644 --- a/core/sme/inc/sme_ft_api.h +++ b/core/sme/inc/sme_ft_api.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2016 The Linux Foundation. All rights reserved. + * Copyright (c) 2013-2016,2019 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -94,6 +94,15 @@ void sme_get_ft_pre_auth_response(tHalHandle hHal, uint32_t sessionId, uint16_t *ft_ies_length); void sme_get_rici_es(tHalHandle hHal, uint32_t sessionId, uint8_t *ric_ies, uint32_t ric_ies_ip_len, uint32_t *ric_ies_length); +/** + * sme_reset_key() -Reset key information + * @mac_handle: MAC handle + * @vdev_id: vdev identifier + * + * Return: None + */ +void sme_reset_key(tHalHandle mac_handle, uint32_t vdev_id); + void sme_preauth_reassoc_intvl_timer_callback(void *context); void sme_set_ft_pre_auth_state(tHalHandle hHal, uint32_t sessionId, bool state); bool sme_get_ft_pre_auth_state(tHalHandle hHal, uint32_t sessionId); diff --git a/core/sme/src/common/sme_ft_api.c b/core/sme/src/common/sme_ft_api.c index bbfcaf1b1b..325dad5e39 100644 --- a/core/sme/src/common/sme_ft_api.c +++ b/core/sme/src/common/sme_ft_api.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2017 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2017,2019 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -480,6 +480,24 @@ void sme_preauth_reassoc_intvl_timer_callback(void *context) pUsrCtx->sessionId); } +void sme_reset_key(tHalHandle mac_handle, uint32_t vdev_id) +{ + tpAniSirGlobal mac = PMAC_STRUCT(mac_handle); + tCsrRoamSession *session = NULL; + + if (!mac) { + sme_err("mac is NULL"); + return; + } + + session = CSR_GET_SESSION(mac, vdev_id); + if (!session) + return; + qdf_mem_zero(&session->psk_pmk, sizeof(session->psk_pmk)); + session->pmk_len = 0; + qdf_mem_zero(&session->eseCckmInfo, sizeof(session->eseCckmInfo)); +} + /* Reset the FT context. */ void sme_ft_reset(tHalHandle hHal, uint32_t sessionId) { diff --git a/core/sme/src/csr/csr_api_roam.c b/core/sme/src/csr/csr_api_roam.c index 1f65172931..9cb31ce12c 100644 --- a/core/sme/src/csr/csr_api_roam.c +++ b/core/sme/src/csr/csr_api_roam.c @@ -4639,6 +4639,23 @@ static QDF_STATUS csr_roam_get_qos_info_from_bss(tpAniSirGlobal pMac, return status; } +static void csr_reset_cfg_privacy(tpAniSirGlobal pMac) +{ + uint8_t Key0[WNI_CFG_WEP_DEFAULT_KEY_1_LEN] = {0}; + uint8_t Key1[WNI_CFG_WEP_DEFAULT_KEY_2_LEN] = {0}; + uint8_t Key2[WNI_CFG_WEP_DEFAULT_KEY_3_LEN] = {0}; + uint8_t Key3[WNI_CFG_WEP_DEFAULT_KEY_4_LEN] = {0}; + + cfg_set_int(pMac, WNI_CFG_PRIVACY_ENABLED, 0); + cfg_set_int(pMac, WNI_CFG_RSN_ENABLED, 0); + cfg_set_str(pMac, WNI_CFG_WEP_DEFAULT_KEY_1, Key0, 0); + cfg_set_str(pMac, WNI_CFG_WEP_DEFAULT_KEY_2, Key1, 0); + cfg_set_str(pMac, WNI_CFG_WEP_DEFAULT_KEY_3, Key2, 0); + cfg_set_str(pMac, WNI_CFG_WEP_DEFAULT_KEY_4, Key3, 0); + cfg_set_int(pMac, WNI_CFG_WEP_KEY_LENGTH, 0); + cfg_set_int(pMac, WNI_CFG_WEP_DEFAULT_KEYID, 0); +} + void csr_set_cfg_privacy(tpAniSirGlobal pMac, tCsrRoamProfile *pProfile, bool fPrivacy) { @@ -17158,6 +17175,8 @@ void csr_cleanup_session(tpAniSirGlobal pMac, uint32_t sessionId) /* Clean up FT related data structures */ sme_ft_close(pMac, sessionId); + sme_reset_key((tHalHandle)pMac, sessionId); + csr_reset_cfg_privacy(pMac); csr_free_connect_bss_desc(pMac, sessionId); csr_roam_free_connect_profile(&pSession->connectedProfile); csr_roam_free_connected_info(pMac, &pSession->connectedInfo); diff --git a/core/wma/src/wma_dev_if.c b/core/wma/src/wma_dev_if.c index 8a20774f08..ee9064e9e5 100644 --- a/core/wma/src/wma_dev_if.c +++ b/core/wma/src/wma_dev_if.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2013-2019 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -1881,6 +1881,17 @@ wma_remove_peer_by_reference(ol_txrx_pdev_handle pdev, return status; } +#ifdef WLAN_FEATURE_11W +static void wma_clear_iface_key(struct wma_txrx_node *iface) +{ + qdf_mem_zero(&iface->key, sizeof(iface->key)); +} +#else +static void wma_clear_iface_key(struct wma_txrx_node *iface) +{ +} +#endif + /** * wma_vdev_stop_resp_handler() - vdev stop response handler * @handle: wma handle @@ -1922,6 +1933,18 @@ int wma_vdev_stop_resp_handler(void *handle, uint8_t *cmd_param_info, /* vdev in stopped state, no more waiting for key */ iface->is_waiting_for_key = false; + /* + * Reset the rmfEnabled as there might be MGMT action frames + * sent on this vdev before the next session is established. + */ + if (iface->rmfEnabled) { + iface->rmfEnabled = 0; + WMA_LOGD(FL("Reset rmfEnabled for vdev %d"), + resp_event->vdev_id); + } + + /* Clear key information */ + wma_clear_iface_key(iface); wma_release_wakelock(&iface->vdev_stop_wakelock); req_msg = wma_find_vdev_req(wma, resp_event->vdev_id, |