Added changes to handle Legacy FT test cases.

1. Current checks included only SAE_FT AKM for state machine handling.Added additional checks for legacy FT AKM's. 2. As part of GTK rekey, the keys generated in the DHD post FT roam should be updated to the supplicant. Added support for private command to fetch these keys Bug: 187705876 Test: Validated on Android S slider Signed-off-by: Mir Ali <mir-khizer.ali@broadcom.com> Change-Id: I84499c1692538593b50b15cd53a7a9fd770f4f0c
author: Mir Ali <mir-khizer.ali@broadcom.com> 2021-06-07 12:17:29 +0530
committer: Ahmed ElArabawy <arabawy@google.com> 2021-06-22 09:27:43 -0700
commit: eaaf04ea4ffcfebfba5a187e27a77d2d8a3c8057 (patch)
tree: 4ec1fb6d59cd75b18b6a7f6f3d01026363424291
parent: ca924c1648fca4dbd211b7afc6315137f766fe90 (diff)
download: wpa_supplicant_8-eaaf04ea4ffcfebfba5a187e27a77d2d8a3c8057.tar.gz
5 files changed, 82 insertions, 7 deletions
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 64a6ccb5..ede782cb 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -32,7 +32,8 @@
 #include "pmksa_cache.h"
 #include "wpa_i.h"
 #include "wpa_ie.h"
-
+#include "wpa_supplicant_i.h"
+#include "driver_i.h"
 
 static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
 
@@ -3877,6 +3878,32 @@ void wpa_sm_install_pmk(struct wpa_sm *sm)
 			"WPA: Failed to set PMK to the driver");
 	}
 }
+
+void wpa_sm_notify_brcm_ft_reassoc(struct wpa_sm *sm, const u8 *bssid)
+{
+	u8 buf[256];
+	struct wpa_supplicant *wpa_s = sm->ctx->ctx;
+
+	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+		"WPA: BRCM FT Reassociation event - clear replay counter");
+	os_memcpy(sm->bssid, bssid, ETH_ALEN);
+	os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
+	sm->rx_replay_counter_set = 0;
+
+	if (wpa_drv_driver_cmd(wpa_s, "GET_FTKEY", (char *)buf, sizeof(buf)) < 0) {
+		wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
+			"WPA: Failed to get FT KEY information");
+		wpa_supplicant_deauthenticate(
+			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
+
+	} else {
+		/* update kck and kek */
+		os_memcpy(sm->ptk.kck, buf, 16);
+		os_memcpy(sm->ptk.kek, buf + 16, 16);
+		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
+			"WPA: Updated KCK and KEK after FT reassoc");
+	}
+}
 #endif /* CONFIG_DRIVER_NL80211_BRCM */
 
 #ifdef CONFIG_WNM
diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index 541ef5af..95c58f63 100644
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -208,6 +208,7 @@ int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf);
 
 #ifdef CONFIG_DRIVER_NL80211_BRCM
 void wpa_sm_install_pmk(struct wpa_sm *sm);
+void wpa_sm_notify_brcm_ft_reassoc(struct wpa_sm *sm, const u8 *bssid);
 #endif /* CONFIG_DRIVER_NL80211_BRCM */
 
 void wpa_sm_set_rx_replay_ctr(struct wpa_sm *sm, const u8 *rx_replay_counter);
@@ -434,7 +435,9 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
 				 size_t ies_len, const u8 *src_addr);
 int wpa_ft_start_over_ds(struct wpa_sm *sm, const u8 *target_ap,
 			 const u8 *mdie);
-
+#ifdef CONFIG_DRIVER_NL80211_BRCM
+int wpa_ft_is_ft_protocol(struct wpa_sm *sm);
+#endif /* CONFIG_DRIVER_NL80211_BRCM */
 #ifdef CONFIG_PASN
 
 int wpa_pasn_ft_derive_pmk_r1(struct wpa_sm *sm, int akmp, const u8 *r1kh_id,
@@ -474,6 +477,13 @@ static inline int wpa_ft_is_completed(struct wpa_sm *sm)
 	return 0;
 }
 
+#ifdef CONFIG_DRIVER_NL80211_BRCM
+static inline int wpa_ft_is_ft_protocol(struct wpa_sm *sm)
+{
+	return 0;
+}
+#endif /* CONFIG_DRIVER_NL80211_BRCM */
+
 static inline void wpa_reset_ft_completed(struct wpa_sm *sm)
 {
 }
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index c517c411..caad7608 100644
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -743,6 +743,18 @@ int wpa_ft_is_completed(struct wpa_sm *sm)
 	return sm->ft_completed;
 }
 
+#ifdef CONFIG_DRIVER_NL80211_BRCM
+int wpa_ft_is_ft_protocol(struct wpa_sm *sm)
+{
+	if (sm == NULL)
+		return 0;
+
+	if (!wpa_key_mgmt_ft(sm->key_mgmt))
+		return 0;
+
+	return sm->ft_protocol;
+}
+#endif /* CONFIG_DRIVER_NL80211_BRCM */
 
 void wpa_reset_ft_completed(struct wpa_sm *sm)
 {
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 9c4f9f51..01bbde6d 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -2929,7 +2929,10 @@ no_pfs:
 	}
 #endif /* CONFIG_SME */
 #ifdef CONFIG_DRIVER_NL80211_BRCM
-	if ((wpa_s->key_mgmt == WPA_KEY_MGMT_FT_SAE) &&
+	if (((wpa_s->key_mgmt == WPA_KEY_MGMT_FT_PSK) ||
+		(wpa_s->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) ||
+		(wpa_s->key_mgmt == WPA_KEY_MGMT_FT_SAE) ||
+		(wpa_s->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X_SHA384)) &&
 		wpa_ft_is_completed(wpa_s->wpa)) {
 		return 0;
 	}
@@ -3119,7 +3122,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
 		/* Check for FT reassociation is done by the driver */
 #ifdef CONFIG_IEEE80211R
 		int use_sha384 = wpa_key_mgmt_sha384(wpa_s->wpa->key_mgmt);
-		if ((wpa_s->key_mgmt == WPA_KEY_MGMT_FT_SAE) && (wpa_s->key_mgmt == ie.key_mgmt)) {
+		if (wpa_key_mgmt_ft(wpa_s->key_mgmt) && (wpa_s->key_mgmt == ie.key_mgmt)) {
 			if (wpa_ft_parse_ies(data->assoc_info.resp_ies,
 				data->assoc_info.resp_ies_len, &parse, use_sha384) < 0) {
 				wpa_printf(MSG_DEBUG, "Failed to parse FT IEs");
@@ -3293,7 +3296,20 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
 		 */
 		eapol_sm_notify_portValid(wpa_s->eapol, true);
 	}
-
+#ifdef CONFIG_DRIVER_NL80211_BRCM
+	if (ft_completed && wpa_key_mgmt_ft(wpa_s->key_mgmt)) {
+		if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
+			wpa_dbg(wpa_s, MSG_ERROR, "Failed to get BSSID, key_mgmt: 0x%0x",
+				wpa_s->key_mgmt);
+			wpa_supplicant_deauthenticate(
+				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
+			return;
+		}
+		os_memcpy(wpa_s->bssid, bssid, ETH_ALEN);
+		wpa_s->assoc_freq = data->assoc_info.freq;
+		wpa_sm_notify_brcm_ft_reassoc(wpa_s->wpa, bssid);
+	}
+#endif /* CONFIG_DRIVER_NL80211_BRCM */
 	wpa_s->last_eapol_matches_bssid = 0;
 
 #ifdef CONFIG_TESTING_OPTIONS
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index b1c606f7..95dad95b 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -308,9 +308,19 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
 		ieee802_1x_notify_create_actor(wpa_s, wpa_s->last_eapol_src);
 	}
 
-	if (result != EAPOL_SUPP_RESULT_SUCCESS ||
-	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X))
+#ifdef CONFIG_DRIVER_NL80211_BRCM                                                            
+	if (result != EAPOL_SUPP_RESULT_SUCCESS)                          
+#else                                                                     
+	if (result != EAPOL_SUPP_RESULT_SUCCESS ||                        
+		!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X))  
+#endif /* CONFIG_DRIVER_NL80211_BRCM */                                                      
+		return;                                                   
+
+#ifdef CONFIG_DRIVER_NL80211_BRCM
+	if (wpa_ft_is_ft_protocol(wpa_s->wpa)) {
 		return;
+	}
+#endif /* CONFIG_DRIVER_NL80211_BRCM */
 
 	if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt))
 		return;
author	Mir Ali <mir-khizer.ali@broadcom.com>	2021-06-07 12:17:29 +0530
committer	Ahmed ElArabawy <arabawy@google.com>	2021-06-22 09:27:43 -0700
commit	eaaf04ea4ffcfebfba5a187e27a77d2d8a3c8057 (patch)
tree	4ec1fb6d59cd75b18b6a7f6f3d01026363424291
parent	ca924c1648fca4dbd211b7afc6315137f766fe90 (diff)
download	wpa_supplicant_8-eaaf04ea4ffcfebfba5a187e27a77d2d8a3c8057.tar.gz