[arch-commits] Commit in wpa_supplicant/repos (13 files)
Date: Thursday, January 10, 2019 @ 15:25:22 Author: foutrelis Revision: 343489 archrelease: copy trunk to staging-x86_64 Added: wpa_supplicant/repos/staging-x86_64/ wpa_supplicant/repos/staging-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch (from rev 343488, wpa_supplicant/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) wpa_supplicant/repos/staging-x86_64/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch (from rev 343488, wpa_supplicant/trunk/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) wpa_supplicant/repos/staging-x86_64/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch (from rev 343488, wpa_supplicant/trunk/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) wpa_supplicant/repos/staging-x86_64/0004-Prevent-installation-of-an-all-zero-TK.patch (from rev 343488, wpa_supplicant/trunk/0004-Prevent-installation-of-an-all-zero-TK.patch) wpa_supplicant/repos/staging-x86_64/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch (from rev 343488, wpa_supplicant/trunk/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) wpa_supplicant/repos/staging-x86_64/0006-TDLS-Reject-TPK-TK-reconfiguration.patch (from rev 343488, wpa_supplicant/trunk/0006-TDLS-Reject-TPK-TK-reconfiguration.patch) wpa_supplicant/repos/staging-x86_64/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch (from rev 343488, wpa_supplicant/trunk/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) wpa_supplicant/repos/staging-x86_64/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch (from rev 343488, wpa_supplicant/trunk/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) wpa_supplicant/repos/staging-x86_64/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch (from rev 343488, wpa_supplicant/trunk/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch) wpa_supplicant/repos/staging-x86_64/PKGBUILD (from rev 343488, wpa_supplicant/trunk/PKGBUILD) wpa_supplicant/repos/staging-x86_64/config (from rev 343488, wpa_supplicant/trunk/config) wpa_supplicant/repos/staging-x86_64/wpa_supplicant.install (from rev 343488, wpa_supplicant/trunk/wpa_supplicant.install) -+ 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch | 174 ++ 0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch | 250 ++ 0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 +++ 0004-Prevent-installation-of-an-all-zero-TK.patch | 79 +++ 0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch| 64 ++ 0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 + 0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch | 43 + 0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch | 82 +++ 0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch | 44 + PKGBUILD| 90 +++ config | 46 + wpa_supplicant.install |7 12 files changed, 1195 insertions(+) Copied: wpa_supplicant/repos/staging-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch (from rev 343488, wpa_supplicant/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) === --- staging-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch (rev 0) +++ staging-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 2019-01-10 15:25:22 UTC (rev 343489) @@ -0,0 +1,174 @@ +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef +--- + src/ap/ieee802_11.c | 16 +--- + src/ap/wpa_auth.c| 11 +++ + src/ap/wpa_auth.h| 3 ++- + src/ap/wpa_auth_ft.c | 10 ++ +
[arch-commits] Commit in wpa_supplicant/repos (13 files)
Date: Thursday, January 3, 2019 @ 14:39:54 Author: bpiotrowski Revision: 342900 archrelease: copy trunk to testing-x86_64 Added: wpa_supplicant/repos/testing-x86_64/ wpa_supplicant/repos/testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch (from rev 342899, wpa_supplicant/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) wpa_supplicant/repos/testing-x86_64/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch (from rev 342899, wpa_supplicant/trunk/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) wpa_supplicant/repos/testing-x86_64/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch (from rev 342899, wpa_supplicant/trunk/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) wpa_supplicant/repos/testing-x86_64/0004-Prevent-installation-of-an-all-zero-TK.patch (from rev 342899, wpa_supplicant/trunk/0004-Prevent-installation-of-an-all-zero-TK.patch) wpa_supplicant/repos/testing-x86_64/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch (from rev 342899, wpa_supplicant/trunk/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) wpa_supplicant/repos/testing-x86_64/0006-TDLS-Reject-TPK-TK-reconfiguration.patch (from rev 342899, wpa_supplicant/trunk/0006-TDLS-Reject-TPK-TK-reconfiguration.patch) wpa_supplicant/repos/testing-x86_64/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch (from rev 342899, wpa_supplicant/trunk/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) wpa_supplicant/repos/testing-x86_64/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch (from rev 342899, wpa_supplicant/trunk/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) wpa_supplicant/repos/testing-x86_64/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch (from rev 342899, wpa_supplicant/trunk/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch) wpa_supplicant/repos/testing-x86_64/PKGBUILD (from rev 342899, wpa_supplicant/trunk/PKGBUILD) wpa_supplicant/repos/testing-x86_64/config (from rev 342899, wpa_supplicant/trunk/config) wpa_supplicant/repos/testing-x86_64/wpa_supplicant.install (from rev 342899, wpa_supplicant/trunk/wpa_supplicant.install) -+ 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch | 174 ++ 0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch | 250 ++ 0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 +++ 0004-Prevent-installation-of-an-all-zero-TK.patch | 79 +++ 0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch| 64 ++ 0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 + 0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch | 43 + 0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch | 82 +++ 0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch | 44 + PKGBUILD| 90 +++ config | 46 + wpa_supplicant.install |7 12 files changed, 1195 insertions(+) Copied: wpa_supplicant/repos/testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch (from rev 342899, wpa_supplicant/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) === --- testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch (rev 0) +++ testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 2019-01-03 14:39:54 UTC (rev 342900) @@ -0,0 +1,174 @@ +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef +--- + src/ap/ieee802_11.c | 16 +--- + src/ap/wpa_auth.c| 11 +++ + src/ap/wpa_auth.h| 3 ++- + src/ap/wpa_auth_ft.c | 10 ++ +
[arch-commits] Commit in wpa_supplicant/repos (13 files)
Date: Friday, August 10, 2018 @ 14:22:45 Author: bpiotrowski Revision: 331338 archrelease: copy trunk to testing-x86_64 Added: wpa_supplicant/repos/testing-x86_64/ wpa_supplicant/repos/testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch (from rev 331337, wpa_supplicant/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) wpa_supplicant/repos/testing-x86_64/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch (from rev 331337, wpa_supplicant/trunk/0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) wpa_supplicant/repos/testing-x86_64/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch (from rev 331337, wpa_supplicant/trunk/0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) wpa_supplicant/repos/testing-x86_64/0004-Prevent-installation-of-an-all-zero-TK.patch (from rev 331337, wpa_supplicant/trunk/0004-Prevent-installation-of-an-all-zero-TK.patch) wpa_supplicant/repos/testing-x86_64/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch (from rev 331337, wpa_supplicant/trunk/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) wpa_supplicant/repos/testing-x86_64/0006-TDLS-Reject-TPK-TK-reconfiguration.patch (from rev 331337, wpa_supplicant/trunk/0006-TDLS-Reject-TPK-TK-reconfiguration.patch) wpa_supplicant/repos/testing-x86_64/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch (from rev 331337, wpa_supplicant/trunk/0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) wpa_supplicant/repos/testing-x86_64/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch (from rev 331337, wpa_supplicant/trunk/0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) wpa_supplicant/repos/testing-x86_64/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch (from rev 331337, wpa_supplicant/trunk/0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch) wpa_supplicant/repos/testing-x86_64/PKGBUILD (from rev 331337, wpa_supplicant/trunk/PKGBUILD) wpa_supplicant/repos/testing-x86_64/config (from rev 331337, wpa_supplicant/trunk/config) wpa_supplicant/repos/testing-x86_64/wpa_supplicant.install (from rev 331337, wpa_supplicant/trunk/wpa_supplicant.install) -+ 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch | 174 ++ 0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch | 250 ++ 0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 +++ 0004-Prevent-installation-of-an-all-zero-TK.patch | 79 +++ 0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch| 64 ++ 0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 + 0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch | 43 + 0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch | 82 +++ 0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch | 44 + PKGBUILD| 91 +++ config | 46 + wpa_supplicant.install |7 12 files changed, 1196 insertions(+) Copied: wpa_supplicant/repos/testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch (from rev 331337, wpa_supplicant/trunk/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) === --- testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch (rev 0) +++ testing-x86_64/0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 2018-08-10 14:22:45 UTC (rev 331338) @@ -0,0 +1,174 @@ +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef +--- + src/ap/ieee802_11.c | 16 +--- + src/ap/wpa_auth.c| 11 +++ + src/ap/wpa_auth.h| 3 ++- + src/ap/wpa_auth_ft.c | 10 ++ + src/ap/wpa_auth_i.h